[solved] Please help to renew

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: sabaideegroup1.com

I ran this command:

It produced this output:

My web server is (include version): apache 2.4.10

The operating system my web server runs on is (include version): debian 8.8

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

Please Help
First sorry for my poor english, my server can’t renew , my cert was expired.(Oct 31 2017)
my stupid to delete /etc/letsencrypt/live/sabaideegroup1.com and /etc/letsencrypt/live/www.sabaideegroup1.com
because i think can create new when use certbot --apache -d sabaideegroup1.com -d www.sabaideegroup1.com
but not. I find solution and i try to create link from /etc/letsencrypt/achive/sabaideegroup1.com/cert4.pem --> /etc/letsencrypt/live/sabaideegroup1.com/cert.pem and same which files chain.pem, fullchain.pem, privkey.pem
and check config file /etc/apache2/sites-available/000-default-le-ssl.conf point to correct path
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/sabaideegroup1.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sabaideegroup1.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
and try certbot renew --dry-run every thing look good.
i use ssl-cert-check -c cert.pem
status is valid and Expires : Jan 30 2018
i restart apache but browser always show in secure.
in https://globalsign.ssllabs.com/analyze.html?d=sabaideegroup1.com show EXPIRED
i want enable ssl to sabaideegroup1.com and alias name www.sabaideegroup1.com
Please help.

2

Hi @topphy,

Could you run certbot certificates to see if you have other certificates managed by Certbot?

3

thanks schoen this is result for certbot certificates

Found the following certs:
  Certificate Name: www.sabaideegroup1.com
    Domains: www.sabaideegroup1.com
    Expiry Date: 2018-01-29 15:43:25+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/www.sabaideegroup1.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.sabaideegroup1.com/privkey.pem
  Certificate Name: sabaideegroup1.com
    Domains: sabaideegroup1.com www.sabaideegroup1.com
    Expiry Date: 2018-01-30 01:45:44+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/sabaideegroup1.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/sabaideegroup1.com/privkey.pem
4

@topphy,

You set it to open as www.sabaideegroup1.com

so change ssl configs :

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.sabaideegroup1.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.sabaideegroup1.com/privkey.pem

restart apache

If the above changes didn't work, do the following

Please run this command
" certbot delete --cert-name sabaideegroup1.com "
" certbot delete --cert-name www.sabaideegroup1.com

Remove ssl configs from apache
Note : check whether the configuration file and folders are deleted
config file : /etc/letsencrypt/renewal/sabaideegroup1.com.conf
folders : /etc/letsencrypt/archive/sabaideegroup1.com
/etc/letsencrypt/live/sabaideegroup1.com

Now
"certbot certonly -a webroot --webroot-path="document root" -d sabaideegroup1.com -d www.sabaideegroup1.com "

Manually add ssl parameters inside apache config,Restart apache.

1 Like
5

Thanks you very much gotham. I following your guide.
Now i have only one folder sabaideegroup1.com in /etc/letsencrypt/live
l run certbot certificates the result is
-----------------------------------------------------------------------------------------------------
Found the following certs:
Certificate Name: sabaideegroup1.com
Domains: sabaideegroup1.com www.sabaideegroup1.com
Expiry Date: 2018-01-30 04:33:15+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/sabaideegroup1.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/sabaideegroup1.com/privkey.pem
-----------------------------------------------------------------------------------------------------
change apache ssl config path to sabaideegroup1.com and restart apache too.
It look good but why browser still show not secure. what i miss?

6

please post outputs of :
ls -lh /etc/letsencrypt/archive/sabaideegroup1.com/
and
ls -lh /etc/letsencrypt/live/sabaideegroup1.com/

7

ls -lh /etc/letsencrypt/archive/sabaideegroup1.com/
total 16K
-rw-r--r-- 1 root root 1.8K Nov 1 12:33 cert1.pem
-rw-r--r-- 1 root root 1.7K Nov 1 12:33 chain1.pem
-rw-r--r-- 1 root root 3.5K Nov 1 12:33 fullchain1.pem
-rw-r--r-- 1 root root 1.7K Nov 1 12:33 privkey1.pem

ls -lh /etc/letsencrypt/live/sabaideegroup1.com/
total 4.0K
-rw-r--r-- 1 root root 543 Nov 1 12:33 README
lrwxrwxrwx 1 root root 42 Nov 1 12:33 cert.pem -> ../../archive/sabaideegroup1.com/cert1.pem
lrwxrwxrwx 1 root root 43 Nov 1 12:33 chain.pem -> ../../archive/sabaideegroup1.com/chain1.pem
lrwxrwxrwx 1 root root 47 Nov 1 12:33 fullchain.pem -> ../../archive/sabaideegroup1.com/fullchain1.pem
lrwxrwxrwx 1 root root 45 Nov 1 12:33 privkey.pem -> ../../archive/sabaideegroup1.com/privkey1.pem

8

This is not something to modify yourself, certbot handles all the links for you.

9

my /etc/apache2/sites-available/000-default-le-ssl.conf

ServerAdmin webmaster@localhost DocumentRoot /var/www/html ServerName sabaideegroup1.com ServerAlias www.sabaideegroup1.com 
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine on
    SSLCertificateFile    /etc/letsencrypt/live/sabaideegroup1.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/sabaideegroup1.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

10

@rg305 yes it’s my mistake.

11

Are you still having trouble?
You have issued 7 cert in the last 2 days. (https://crt.sh/?q=sabaideegroup1.com)
You need to stop trying to issue new certs and correct the problem that it is not using the newly created certs.
@gotham suggested that you delete the certs and create new ones.
Have you followed that advice?

12 
 <VirtualHost *:80>
    ServerName sabaideegroup1.com
    ServerAlias www.sabaideegroup1.com
    DocumentRoot /var/www/html
    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^(.*)$ https://%{HTTP_HOST} [R=301,L]

    <Directory /var/www/html>
            Options  FollowSymLinks MultiViews
            AllowOverride All
            Require all granted
    </Directory>
    ErrorLog /var/www/html/sabaideegroup1.log
    LogLevel warn
  </VirtualHost>

<VirtualHost *:443>
  ServerName sabaideegroup1.com
    ServerAlias www.sabaideegroup1.com
    DocumentRoot /var/www/html
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/sabaideegroup1.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/sabaideegroup1.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/sabaideegroup1.com/fullchain.pem



  <Directory /var/www/html>
            Options  FollowSymLinks MultiViews
            AllowOverride All
            Require all granted
    </Directory>
    ErrorLog /var/www/html/sabaideegroup1.log
    LogLevel warn
</VirtualHost>

Disable old config files and copy this config in a single file [ check document root and Directory] and enable it and check .

13

Ok gotham. Now i have 2 config file

  1. 000-default.conf (80)
  2. 000-default-le-ssl.conf (443)
    I need to disable 000-default-le-ssl.conf (use a2disconf ?)
    and replace 000-default.conf with your config above right ?
14

do not replace anything . disable 1,2 . create a new test.conf inside sites-available . paste the configs inside it . a2ensite test.conf . service apache2 restart . kindly check document root and Directory and change according to your path.

15

@gotham I did it now in /etc/apache2/sites-enabled have only one file test.conf
I enable and restart apache but still have problem. Maybe we solved it but it not active because of
i create many cert @rg305 say , limit? i need to wait?

16

No need to wait.
You have good certs and private keys.
But the site is still using the expired cert.

17

no problem with letsencrypt cert creation . no problem with config .no problem with dry-run .
According to the config i have given above , it should open https://sabaideegroup1.com . But it is still opening with https://www.sabaideegroup1.com . Is there any internal redirects or .htaccess configs you have configured?
Can you post the log here.as we have configured in the config.
ErrorLog /var/www/html/sabaideegroup1.log

18

@gotham we have sabaideegroup1.log and it empty.
I have index.php file in /var/www/html and redirect page

<?php header("Location:https://www.sabaideegroup1.com/site/public/"); die(); ?>

it’s a problem?

now i change index.php to show “OK” no redirect and no .htaccess in /var/www/html

19

why are you forcing the url there in header? May i know your document root ?is it laravel ?

20

My customer want to see www infront of site address for both type sabaideegroup1.com and www.sabaideegroup1.com.
I think it easy way to redirect at index file. yes in /site/public its laravel.