Hello,
I have not been able to renew the certificate of this server:
My domain is: mail.stage-gate.la
I ran this command: sudo certbot --apache --agree-tos --redirect --hsts --email german.garcia@stage-gate.com --renew-by-default -d mail.stage-gate.la
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.stage-gate.la
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. mail.stage-gate.la (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.stage-gate.la/.well-known/acme-challenge/fz0hlMLuWOzrU8a8Os_-vXj2d8kfiNS7Og1Vvsk2OS0 [18.207.54.221]: “\n\n404 Not Found\n\n
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): apache
The operating system my web server runs on is (include version): ubuntu 16.04
Hello,
I removed the redirect from apache at /etc/apache2/sites-available/mail.stage-gate.la.conf :
RewriteEngine on
RewriteCond %{SERVER_NAME} =mail.stage-gate.la
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
–
Also at /etc/apache2/sites-available/000-default.conf:
I commented the line
enableSSL on
Then I ran
sudo certbot run -a webroot -i apache -w /var/www/mail.stage-gate.la -d mail.stage-gate.la
Output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer apache
Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.stage-gate.la
Using the webroot path /var/www/mail.stage-gate.la for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/mail.stage-gate.la-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/mail.stage-gate.la-le-ss
l.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/mail.stage-gate.la.conf to ssl vhost in /e
tc/apache2/sites-available/mail.stage-gate.la-le-ssl.conf
Your existing certificate has been successfully renewed, and the new certificate
has been installed.
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/mail.stage-gate.la/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/mail.stage-gate.la/privkey.pem
Your cert will expire on 2019-08-08. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the “certonly” option. To non-interactively renew all of
your certificates, run “certbot renew”