Renouvellement de certificat Raspberry Pi 4 - Erreur Augeas.insert()

Help Aide (en français)
1

Bonjour,

J'ai essayé sans succès de renouveler mon certificat toute la journée sans trouver d'information sur internet pour régler mon problème.

D'avance merci de toute l'aide que vous pourrez m'apporter.

Je peux lire des réponses en Anglais : Yes

Mon nom de domaine est : sokev.ovh

J’ai exécuté cette commande : sudo certbot renew

Elle a produit cette sortie :

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/sokev.ovh.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate for sokev.ovh
Performing the following challenges:
http-01 challenge for sokev.ovh
Cleaning up challenges
Failed to renew certificate sokev.ovh with error: Augeas.insert() failed: No match for path expression

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/sokev.ovh/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

Mon serveur Web est (inclure la version) : Apache

Le système d’exploitation sur lequel mon serveur Web s’exécute est (version incluse) :
Linux raspberrypi 5.10.20-v7l+ #1404 SMP Thu Mar 4 19:44:07 GMT 2021 armv7l GNU/Linux

Je peux me connecter à un shell root sur ma machine (oui ou non, ou je ne sais pas) : Oui

J’utilise un panneau de configuration pour gérer mon site (non, ou fournit le nom et la version du panneau de configuration) : Non

Contenu du fichier /var/log/letsencrypt/letsencrypt.log :

pi@raspberrypi:~ $ sudo cat /var/log/letsencrypt/letsencrypt.log
2021-03-09 16:43:36,784:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2021-03-09 16:43:37,652:DEBUG:certbot._internal.main:certbot version: 1.13.0
2021-03-09 16:43:37,653:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1044/bin/certbot
2021-03-09 16:43:37,653:DEBUG:certbot._internal.main:Arguments: ['--preconfigured-renewal']
2021-03-09 16:43:37,654:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-03-09 16:43:37,722:DEBUG:certbot._internal.log:Root logging level set at 20
2021-03-09 16:43:37,723:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-03-09 16:43:37,726:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/sokev.ovh.conf
2021-03-09 16:43:37,789:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0xb5445040> and installer <certbot._internal.cli.cli_utils._Default object at 0xb5445040>
2021-03-09 16:43:37,850:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2021-03-09 16:43:38,036:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2021-03-09 16:43:38,038:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/sokev.ovh/cert2.pem is signed by the certificate's issuer.
2021-03-09 16:43:38,049:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/sokev.ovh/cert2.pem is: OCSPCertStatus.GOOD
2021-03-09 16:43:38,056:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2021-03-16 09:29:29 UTC.
2021-03-09 16:43:38,056:INFO:certbot._internal.renewal:Cert is due for renewal, auto-renewing...
2021-03-09 16:43:38,057:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2021-03-09 16:43:38,279:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.38
2021-03-09 16:43:39,267:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0xb54949d0>
Prep: True
2021-03-09 16:43:39,270:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0xb54949d0>
Prep: True
2021-03-09 16:43:39,271:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_debian.DebianConfigurator object at 0xb54949d0> and installer <certbot_apache._internal.override_debian.DebianConfigurator object at 0xb54949d0>
2021-03-09 16:43:39,271:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-03-09 16:43:39,335:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/106519338', new_authzr_uri=None, terms_of_service=None), 81038f551cb2c4cbbeb514c8701e8bda, Meta(creation_dt=datetime.datetime(2020, 12, 16, 10, 17, 51, tzinfo=<UTC>), creation_host='raspberrypi', register_to_eff=None))>
2021-03-09 16:43:39,337:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-03-09 16:43:39,342:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-03-09 16:43:39,944:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-03-09 16:43:39,945:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 09 Mar 2021 15:43:39 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "hxBtGs3vMFQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-03-09 16:43:39,948:DEBUG:certbot.display.util:Notifying user: Renewing an existing certificate for sokev.ovh
2021-03-09 16:43:43,408:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0050_key-certbot.pem
2021-03-09 16:43:43,421:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0050_csr-certbot.pem
2021-03-09 16:43:43,422:DEBUG:acme.client:Requesting fresh nonce
2021-03-09 16:43:43,422:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-03-09 16:43:43,560:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-03-09 16:43:43,561:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 09 Mar 2021 15:43:43 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00032VTxZCJZ1zyqOm5m5cubhmoMTLQvdRJNCELQORlouzQ
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-03-09 16:43:43,561:DEBUG:acme.client:Storing nonce: 00032VTxZCJZ1zyqOm5m5cubhmoMTLQvdRJNCELQORlouzQ
2021-03-09 16:43:43,562:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "sokev.ovh"\n    }\n  ]\n}'
2021-03-09 16:43:43,571:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA2NTE5MzM4IiwgIm5vbmNlIjogIjAwMDMyVlR4WkNKWjF6eXFPbTVtNWN1Ymhtb01UTFF2ZFJKTkNFTFFPUmxvdXpRIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "NF6E6TWmpWoARkvp2sBCJEyO0LOGrmwDWRrYKxuTpO6OQTP619gPlxY3cakSRJcAptNoa_RPzKSBMnJODY8xuFfE3Z57jejfVeRWWlcVp6qKPJqaIPqomDr3E-pdKXUQmzTnXgrfe6l1ay1vXP8RDXQqxor_uA2FvW6qn5hiIyCxgoCQZcelTd7T5lB5zNgEl5wS0nbm4Ksn7HadiNhBTP32PrVkNWEKsrrb3Op68xxByWUnav35xZY00uowhfUspS0U4ygXhZSzdr0nSeVZACzhiMZcusmTjwogMfkws40SLE9W-lmkZY5-s9Su3J8h9Ijw58ym2MCJXUy0FZDX1A",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNva2V2Lm92aCIKICAgIH0KICBdCn0"
}
2021-03-09 16:43:43,718:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 331
2021-03-09 16:43:43,719:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Tue, 09 Mar 2021 15:43:43 GMT
Content-Type: application/json
Content-Length: 331
Connection: keep-alive
Boulder-Requester: 106519338
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/106519338/8320672285
Replay-Nonce: 0004OQjFt-bNSK7hXELG3GOeU08lckYeRCzni5CrlikmJXk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-03-15T04:12:25Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "sokev.ovh"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/11394210779"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/106519338/8320672285"
}
2021-03-09 16:43:43,720:DEBUG:acme.client:Storing nonce: 0004OQjFt-bNSK7hXELG3GOeU08lckYeRCzni5CrlikmJXk
2021-03-09 16:43:43,720:DEBUG:acme.client:JWS payload:
b''
2021-03-09 16:43:43,729:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11394210779:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA2NTE5MzM4IiwgIm5vbmNlIjogIjAwMDRPUWpGdC1iTlNLN2hYRUxHM0dPZVUwOGxja1llUkN6bmk1Q3JsaWttSlhrIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMTM5NDIxMDc3OSJ9",
  "signature": "3c-CnN9huphOeKXMpGStBPyjN53Mjed-xPT9KBKiU0GxKoKjldJ4dSJ5PPJS_LLw9D-PUmv_8QWtROa9jvPXLKN8dacolmnG9dvsscwP3EHtaihHHJ4hGSaCXR2srjlnOOizQ9B7ER5SSAC1i0Q-pxP8imslFy2Pj8uuAoAn4nslPw2aVQ4gZoyI5GgnCGzizLfiJmKw2iRRmhg_7xvo_27kdHv_FnK5_cqt3mIcmaz7bJ4x4Nmvso4x913_d3c4nGidl_ilHAmTffB_dG2MAzip9WP8sj0ybqaF9d0Tnw8m7o3wAtLhZrqqqCCdbab_lxqd8j0uiJadu_N-q9JhuA",
  "payload": ""
}
2021-03-09 16:43:43,876:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11394210779 HTTP/1.1" 200 790
2021-03-09 16:43:43,877:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Tue, 09 Mar 2021 15:43:43 GMT
Content-Type: application/json
Content-Length: 790
Connection: keep-alive
Boulder-Requester: 106519338
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00049K5dNvEZIyTEYDgahKwkPLpkf1S3FSsowGe0FM5Lwb0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "sokev.ovh"
  },
  "status": "pending",
  "expires": "2021-03-15T04:12:25Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11394210779/sNpmDg",
      "token": "Xl5mc0B5yVzZkSP7VNxk7YD6J2yXjUcQVB5pPJ5zQA4"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11394210779/5GGe5w",
      "token": "Xl5mc0B5yVzZkSP7VNxk7YD6J2yXjUcQVB5pPJ5zQA4"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11394210779/4X4Ekw",
      "token": "Xl5mc0B5yVzZkSP7VNxk7YD6J2yXjUcQVB5pPJ5zQA4"
    }
  ]
}
2021-03-09 16:43:43,877:DEBUG:acme.client:Storing nonce: 00049K5dNvEZIyTEYDgahKwkPLpkf1S3FSsowGe0FM5Lwb0
2021-03-09 16:43:43,879:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-03-09 16:43:43,879:INFO:certbot._internal.auth_handler:http-01 challenge for sokev.ovh
2021-03-09 16:43:43,896:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: sokev.ovh in: /etc/apache2/sites-enabled/000-default-le-ssl.conf
2021-03-09 16:43:43,896:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: None in: /etc/apache2/sites-enabled/000-default-le-ssl.conf
2021-03-09 16:43:43,911:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/configurator.py", line 2498, in perform
    http_response = http_doer.perform()
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/http_01.py", line 76, in perform
    self._mod_config()
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/http_01.py", line 116, in _mod_config
    self._set_up_include_directives(vh)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/http_01.py", line 208, in _set_up_include_directives
    self.configurator.parser.add_dir_beginning(
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/parser.py", line 457, in add_dir_beginning
    self.aug.insert(first_dir, "directive", True)
  File "/snap/certbot/1044/lib/python3.8/site-packages/augeas/__init__.py", line 485, in insert
    self._raise_error(AugeasValueError, "Augeas.insert() failed")
  File "/snap/certbot/1044/lib/python3.8/site-packages/augeas/__init__.py", line 154, in _raise_error
    raise errorclass(ec, fullmessage, msg, minor, details)
augeas.AugeasValueError: Augeas.insert() failed: No match for path expression

2021-03-09 16:43:43,911:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-03-09 16:43:43,911:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-03-09 16:43:44,550:ERROR:certbot._internal.renewal:Failed to renew certificate sokev.ovh with error: Augeas.insert() failed: No match for path expression
2021-03-09 16:43:44,559:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 481, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/main.py", line 1242, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/main.py", line 123, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 341, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/configurator.py", line 2498, in perform
    http_response = http_doer.perform()
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/http_01.py", line 76, in perform
    self._mod_config()
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/http_01.py", line 116, in _mod_config
    self._set_up_include_directives(vh)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/http_01.py", line 208, in _set_up_include_directives
    self.configurator.parser.add_dir_beginning(
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/parser.py", line 457, in add_dir_beginning
    self.aug.insert(first_dir, "directive", True)
  File "/snap/certbot/1044/lib/python3.8/site-packages/augeas/__init__.py", line 485, in insert
    self._raise_error(AugeasValueError, "Augeas.insert() failed")
  File "/snap/certbot/1044/lib/python3.8/site-packages/augeas/__init__.py", line 154, in _raise_error
    raise errorclass(ec, fullmessage, msg, minor, details)
augeas.AugeasValueError: Augeas.insert() failed: No match for path expression

2021-03-09 16:43:44,559:DEBUG:certbot.display.util:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-03-09 16:43:44,560:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2021-03-09 16:43:44,560:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/sokev.ovh/fullchain.pem (failure)
2021-03-09 16:43:44,560:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-03-09 16:43:44,561:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/1044/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/main.py", line 1421, in main
    return config.func(config, plugins)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/main.py", line 1325, in renew
    renewal.handle_renewal_request(config)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 506, in handle_renewal_request
    raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2021-03-09 16:43:44,562:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
2

Hi @KevinBrunetFR

if you use --apache and if you have such errors, Certbot doesn't understand your Apache configuration.

What says

apachectl -S
3

Here is the command response. Looks like there are some problems.

pi@raspberrypi:~ $ sudo apachectl -S

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443                  sokev.ovh (/etc/apache2/sites-enabled/000-default-le-ssl.conf:11)
*:80                   is a NameVirtualHost
         default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
         port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
         port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/www/html/log/http.error"
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

pi@raspberrypi:/etc/apache2/sites-enabled $ cat 000-default-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:80>
<If "%{HTTP_HOST} == 'www.sokev.ovh'">
  Redirect permanent / https://sokev.ovh/
</If>
<If "%{HTTP_HOST} == 'sokev.ovh'">
  Redirect permanent / https://sokev.ovh/
</If>
</VirtualHost>

<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog /var/www/html/log/http.error


ServerName sokev.ovh
ServerAlias www.sokev.ovh
SSLCertificateFile /etc/letsencrypt/live/sokev.ovh/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sokev.ovh/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

<If "%{HTTP_HOST} == 'www.sokev.ovh'">
  Redirect permanent / https://sokev.ovh/
</If>
</VirtualHost>
</IfModule>
4

There are two problems:

  • Two identical combinations port + domain name (why 127.0.1.1, not 127.0.0.1?).
  • A missing namevhost with your domain name, so Certbot can't insert the answer -> that's your error message.
5

Hi,

I fixed all the errors from apache but the renew problem is still there.

pi@raspberrypi:/etc/apache2/sites-enabled $ sudo apachectl -S
VirtualHost configuration:
*:80 127.0.0.1 (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:443 sokev.ovh (/etc/apache2/sites-enabled/000-default-le-ssl.conf:11)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/www/html/log/http.error"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

pi@raspberrypi:/etc/apache2/sites-enabled $ sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/sokev.ovh.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate for sokev.ovh
Performing the following challenges:
http-01 challenge for sokev.ovh
Cleaning up challenges
Failed to renew certificate sokev.ovh with error: Augeas.insert() failed: No match for path expression

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
All renewals failed. The following certificates could not be renewed:
  /etc/letsencrypt/live/sokev.ovh/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

pi@raspberrypi:/etc/apache2/sites-enabled $ sudo cat /var/log/letsencrypt/letsencrypt.log
2021-03-10 10:29:00,864:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2021-03-10 10:29:01,581:DEBUG:certbot._internal.main:certbot version: 1.13.0
2021-03-10 10:29:01,585:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1044/bin/certbot
2021-03-10 10:29:01,585:DEBUG:certbot._internal.main:Arguments: ['--preconfigured-renewal']
2021-03-10 10:29:01,585:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-03-10 10:29:01,645:DEBUG:certbot._internal.log:Root logging level set at 20
2021-03-10 10:29:01,646:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-03-10 10:29:01,649:DEBUG:certbot.display.util:Notifying user: Processing /etc/letsencrypt/renewal/sokev.ovh.conf
2021-03-10 10:29:01,723:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0xb543b400> and installer <certbot._internal.cli.cli_utils._Default object at 0xb543b400>
2021-03-10 10:29:01,788:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): r3.o.lencr.org:80
2021-03-10 10:29:01,827:DEBUG:urllib3.connectionpool:http://r3.o.lencr.org:80 "POST / HTTP/1.1" 200 503
2021-03-10 10:29:01,829:DEBUG:certbot.ocsp:OCSP response for certificate /etc/letsencrypt/archive/sokev.ovh/cert2.pem is signed by the certificate's issuer.
2021-03-10 10:29:01,836:DEBUG:certbot.ocsp:OCSP certificate status for /etc/letsencrypt/archive/sokev.ovh/cert2.pem is: OCSPCertStatus.GOOD
2021-03-10 10:29:01,845:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2021-03-16 09:29:29 UTC.
2021-03-10 10:29:01,845:INFO:certbot._internal.renewal:Cert is due for renewal, auto-renewing...
2021-03-10 10:29:01,845:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2021-03-10 10:29:02,092:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.38
2021-03-10 10:29:03,116:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0xb53d23a0>
Prep: True
2021-03-10 10:29:03,119:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_debian.DebianConfigurator object at 0xb53d23a0>
Prep: True
2021-03-10 10:29:03,120:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_debian.DebianConfigurator object at 0xb53d23a0> and installer <certbot_apache._internal.override_debian.DebianConfigurator object at 0xb53d23a0>
2021-03-10 10:29:03,120:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-03-10 10:29:03,163:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/106519338', new_authzr_uri=None, terms_of_service=None), 81038f551cb2c4cbbeb514c8701e8bda, Meta(creation_dt=datetime.datetime(2020, 12, 16, 10, 17, 51, tzinfo=), creation_host='raspberrypi', register_to_eff=None))>
2021-03-10 10:29:03,166:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-03-10 10:29:03,171:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-03-10 10:29:03,689:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-03-10 10:29:03,690:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 10 Mar 2021 09:29:03 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "5AsZ6_veG5w": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-03-10 10:29:03,693:DEBUG:certbot.display.util:Notifying user: Renewing an existing certificate for sokev.ovh
2021-03-10 10:29:05,899:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /etc/letsencrypt/keys/0053_key-certbot.pem
2021-03-10 10:29:05,911:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0053_csr-certbot.pem
2021-03-10 10:29:05,912:DEBUG:acme.client:Requesting fresh nonce
2021-03-10 10:29:05,912:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-03-10 10:29:06,038:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-03-10 10:29:06,039:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 10 Mar 2021 09:29:05 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104En0YOZmJSUMWAsLLkAFt7zRA8gL988zZPqJL16Csals
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-03-10 10:29:06,039:DEBUG:acme.client:Storing nonce: 0104En0YOZmJSUMWAsLLkAFt7zRA8gL988zZPqJL16Csals
2021-03-10 10:29:06,039:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "sokev.ovh"\n    }\n  ]\n}'
2021-03-10 10:29:06,049:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA2NTE5MzM4IiwgIm5vbmNlIjogIjAxMDRFbjBZT1ptSlNVTVdBc0xMa0FGdDd6UkE4Z0w5ODh6WlBxSkwxNkNzYWxzIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "YPP7gUzp5ahTqVz6uZB29tZ-Uan5cFajLxz7t5jGvmBFdKfXonG1FE46_2iWvrF-gEnLnWxFbgzCCwjJfQbVdhIpByi6lfh8sWaCw02tjSyo1V5sIubkyb2kae_9gkLvkSaljKU5EGZRKIckv6vECNQrZjGWAFsVpviOPaqt8_WpLDpTiryODWTcAE3Y_1PrGuqnTb1xWKeIpx35QNwzLKLMOS8M3AlKrvBYsxuOT2Gf0-v1P6OP82df1WP2tSlDH6qrJxQmMaS-5GJGqcl13TB-yOrBDttN7xrKwLki4nnx_VYvAasRnz1vfXP-HTtdJmWjPcCJ8_FS4kN7HRfYKw",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInNva2V2Lm92aCIKICAgIH0KICBdCn0"
}
2021-03-10 10:29:06,209:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 331
2021-03-10 10:29:06,210:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Wed, 10 Mar 2021 09:29:06 GMT
Content-Type: application/json
Content-Length: 331
Connection: keep-alive
Boulder-Requester: 106519338
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/106519338/8320672285
Replay-Nonce: 0103RXBpKWGBOh519hss3V68KBiefIlSw7h9AhUzkCJF_xA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-03-15T04:12:25Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "sokev.ovh"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/11394210779"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/106519338/8320672285"
}
2021-03-10 10:29:06,211:DEBUG:acme.client:Storing nonce: 0103RXBpKWGBOh519hss3V68KBiefIlSw7h9AhUzkCJF_xA
2021-03-10 10:29:06,211:DEBUG:acme.client:JWS payload:
b''
2021-03-10 10:29:06,220:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/11394210779:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTA2NTE5MzM4IiwgIm5vbmNlIjogIjAxMDNSWEJwS1dHQk9oNTE5aHNzM1Y2OEtCaWVmSWxTdzdoOUFoVXprQ0pGX3hBIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xMTM5NDIxMDc3OSJ9",
  "signature": "XhcqSizqPwvjQra4nk_ZFNfULD1lQDWk01loexr_s7qeP6_mCcc3oNCQrpToSLePBeHTk0xv-y5UFVv8OZ_AW_QGEv-wiwWH2lWfPhLMr7uw3ul2VPrLRd3exMyCHBujRxfcHYNSIgernufGPWpEg8oH5X140K-Vr_rwQUaahfuCyFEtDDKi0L-QRVrIG1i_AWVIIixO6c2yFD3JWG7xk8ZmMF60n99v8f-Di8jpBWPBKek7Bffb4MZFNQA9rL7d1bUYrtOOmaUn5fwpvgRMH3cEF87XTwsgfFBWd81-_koLwnzFK3W1BQTduIJ2NZTEZ_8W-rSk_R9ML5dlX4K1nQ",
  "payload": ""
}
2021-03-10 10:29:06,420:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/11394210779 HTTP/1.1" 200 790
2021-03-10 10:29:06,421:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Wed, 10 Mar 2021 09:29:06 GMT
Content-Type: application/json
Content-Length: 790
Connection: keep-alive
Boulder-Requester: 106519338
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0104FT0-ftA9TFlq_qlTTVMS6K2SA0m3zLAsGbOt0AyhK4Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "sokev.ovh"
  },
  "status": "pending",
  "expires": "2021-03-15T04:12:25Z",
  "challenges": [
    {
      "type": "http-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11394210779/sNpmDg",
      "token": "Xl5mc0B5yVzZkSP7VNxk7YD6J2yXjUcQVB5pPJ5zQA4"
    },
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11394210779/5GGe5w",
      "token": "Xl5mc0B5yVzZkSP7VNxk7YD6J2yXjUcQVB5pPJ5zQA4"
    },
    {
      "type": "tls-alpn-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/11394210779/4X4Ekw",
      "token": "Xl5mc0B5yVzZkSP7VNxk7YD6J2yXjUcQVB5pPJ5zQA4"
    }
  ]
}
2021-03-10 10:29:06,421:DEBUG:acme.client:Storing nonce: 0104FT0-ftA9TFlq_qlTTVMS6K2SA0m3zLAsGbOt0AyhK4Y
2021-03-10 10:29:06,423:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-03-10 10:29:06,423:INFO:certbot._internal.auth_handler:http-01 challenge for sokev.ovh
2021-03-10 10:29:06,443:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: sokev.ovh in: /etc/apache2/sites-enabled/000-default-le-ssl.conf
2021-03-10 10:29:06,444:DEBUG:certbot_apache._internal.http_01:Adding a temporary challenge validation Include for name: None in: /etc/apache2/sites-enabled/000-default-le-ssl.conf
2021-03-10 10:29:06,451:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/configurator.py", line 2498, in perform
    http_response = http_doer.perform()
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/http_01.py", line 76, in perform
    self._mod_config()
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/http_01.py", line 116, in _mod_config
    self._set_up_include_directives(vh)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/http_01.py", line 208, in _set_up_include_directives
    self.configurator.parser.add_dir_beginning(
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/parser.py", line 457, in add_dir_beginning
    self.aug.insert(first_dir, "directive", True)
  File "/snap/certbot/1044/lib/python3.8/site-packages/augeas/__init__.py", line 485, in insert
    self._raise_error(AugeasValueError, "Augeas.insert() failed")
  File "/snap/certbot/1044/lib/python3.8/site-packages/augeas/__init__.py", line 154, in _raise_error
    raise errorclass(ec, fullmessage, msg, minor, details)
augeas.AugeasValueError: Augeas.insert() failed: No match for path expression

2021-03-10 10:29:06,452:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-03-10 10:29:06,452:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-03-10 10:29:07,095:ERROR:certbot._internal.renewal:Failed to renew certificate sokev.ovh with error: Augeas.insert() failed: No match for path expression
2021-03-10 10:29:07,098:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 481, in handle_renewal_request
    main.renew_cert(lineage_config, plugins, renewal_candidate)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/main.py", line 1242, in renew_cert
    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/main.py", line 123, in _get_and_save_cert
    renewal.renew_cert(config, domains, le_client, lineage)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 341, in renew_cert
    new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/client.py", line 374, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/client.py", line 421, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/configurator.py", line 2498, in perform
    http_response = http_doer.perform()
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/http_01.py", line 76, in perform
    self._mod_config()
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/http_01.py", line 116, in _mod_config
    self._set_up_include_directives(vh)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/http_01.py", line 208, in _set_up_include_directives
    self.configurator.parser.add_dir_beginning(
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot_apache/_internal/parser.py", line 457, in add_dir_beginning
    self.aug.insert(first_dir, "directive", True)
  File "/snap/certbot/1044/lib/python3.8/site-packages/augeas/__init__.py", line 485, in insert
    self._raise_error(AugeasValueError, "Augeas.insert() failed")
  File "/snap/certbot/1044/lib/python3.8/site-packages/augeas/__init__.py", line 154, in _raise_error
    raise errorclass(ec, fullmessage, msg, minor, details)
augeas.AugeasValueError: Augeas.insert() failed: No match for path expression

2021-03-10 10:29:07,099:DEBUG:certbot.display.util:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-03-10 10:29:07,099:ERROR:certbot._internal.renewal:All renewals failed. The following certificates could not be renewed:
2021-03-10 10:29:07,099:ERROR:certbot._internal.renewal:  /etc/letsencrypt/live/sokev.ovh/fullchain.pem (failure)
2021-03-10 10:29:07,100:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-03-10 10:29:07,100:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/snap/certbot/1044/bin/certbot", line 8, in <module>
    sys.exit(main())
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/main.py", line 1421, in main
    return config.func(config, plugins)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/main.py", line 1325, in renew
    renewal.handle_renewal_request(config)
  File "/snap/certbot/1044/lib/python3.8/site-packages/certbot/_internal/renewal.py", line 506, in handle_renewal_request
    raise errors.Error("{0} renew failure(s), {1} parse failure(s)".format(
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2021-03-10 10:29:07,101:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)
6

No, the relevant part isn't fixed.

A port 80 vHost with your domain name is required. Http validation -> port 80. Port 443 comes later.

1 Like
7

Thanks, it worked by addind the ServerName to the Apache configuration.

3 Likes