During the installation it came up with an option:
There was a list techsup, writing, SSl.conf - select 1 - 3
I selected 3.
So what did I do wrong?
Are psychic powers necessary?
Do I have to start over?
The Web Servers are Virtual Name-based Apache servers. All share the same IP address but with different names,
You probably need to include all the names.
No, only web server programming powers.
[Before you can get a cert (via HTTP authentication), you must have a working HTTP site]
No.
That is normal and customary; One server (with one IP) can be used to host many sites (by their names).
OK, I created the certificate for the domain, no probblem, but each of the websites came up with warnings, so I created a certificate for each.
It works perfectly.
Now, I'm moving the entire Centos-7 server to Alma Linux. I've set it up, everything is working. I copied the /etc/httpd/conf/httpd.conf and the files (including SSL Certs) for each of the Forums.
Now as far as I read, I have to copy the entire /etc/letsencrypt folder and all the files (preserving symbolic links) to the new Alma computer.
I can't!
It won't allow me to transfer them with Filezilla to my home directory so I can copy them to the /etc/letsencrypt folder on the new server.
How do I do this? Both are VMWare Virtual machines on the same host and the same datastore.
I'd create a .tar file (preserving the symlinks) and copy that over.
I tried on Old Server:
certs.tar.gz /etc/letsencrypt/archive/MyDomainFQDN /etc/letsencrypt/renewal/MyDomainFQDN.conf
No problem
Copied the archive to the new server.
Logged in as root
tar -xvf ~/certs.tar.gz
No in /etc/letsencrypt I have 3 folders
archive, live, renewal
According to what I read I now need to recreate symlinks. I tried
ln -s /etc/letsencrypt/archive/MyDomainFQDN/cert1.pem /etc/letsencrypt/live/MyDomainFQDN/cert.pem
Reply
ln: failed to create symbolic link '/etc/letsencrypt/live/MyDomainFQDN/cert.pem': No such file or directory
I created the /etc/letsencrypt/live/MyDomainFQDN folder and it worked
Also did the symlinks for chain, fullchain and privkey.
Next I'm supposed to type ssl_certificate /etc/letsencrypt/live/MyDomainFQDN/fullchain.pem;
response
bash: ssl_certificate: command not found...
Tried to retsrt httpd
Response:
Process: 11779 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Quo vadis?
Please show:
ls -lR /etc/letsencrypt/live/
I fixed that, It's working. THIS is my problem now
Tried to retstart httpd
Response:
Process: 11779 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
In my .conf file for the forum I have these three lines
RewriteCond %{SERVER_NAME} =server1.MyDomainFQDN [OR]
RewriteCond %{SERVER_NAME} =server1
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
These files were copied from the OLD server. How do I set SERVER_NAME or see what it curently is? Could this be the problem?
Are you sure those lines are what is causing it to fail?
You could try it without them, but I think it would still fail.
I tried without them but yes, it still failed.
Any ideas?
Show us the complete failure message.
systemctl start httpd
Job for httpd.service failed because the control process exited with error code.
See "systemctl status httpd.service" and "journalctl -xe" for details.
[root@alma-86 /]# systemctl status -l httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2022-07-19 22:10:56 CEST; 3s ago
Docs: man:httpd.service(8)
Process: 12370 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 12370 (code=exited, status=1/FAILURE)
Jul 19 22:10:55 systemd[1]: Starting The Apache HTTP Server...
Jul 19 22:10:55 httpd[12370]: httpd: Syntax error on line 94 of /etc/httpd/conf/httpd.conf:>
Jul 19 22:10:56 systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILU>
Jul 19 22:10:56 systemd[1]: httpd.service: Failed with result 'exit-code'.
Jul 19 22:10:56 systemd[1]: Failed to start The Apache HTTP Server.
is the name of my server.
systemctl status -l httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2022-07-19 22:10:56 CEST; 25min ago
Docs: man:httpd.service(8)
Process: 12370 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 12370 (code=exited, status=1/FAILURE)
Jul 19 22:10:55 systemd[1]: Starting The Apache HTTP Server...
Jul 19 22:10:55 httpd[12370]: httpd: Syntax error on line 94 of /etc/httpd/conf/httpd.conf:>
Jul 19 22:10:56 systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILU>
Jul 19 22:10:56 systemd[1]: httpd.service: Failed with result 'exit-code'.
Jul 19 22:10:56 systemd[1]: Failed to start The Apache HTTP Server.
Forgot Line 94 IncludeOptional conf.d/*.conf
Anything else?
Does that "conf.d" path exist?
Try commenting that line out.
The path exists and theserver1, server2 .conf files are in there. You must know that. So if I comment the line out what's the point, then I have no webservers at all so the entire exercise is pointless.
Sorry, this is not helpful.
As I'm starting to see this. I have three options. (a) just leave the entire thing on CentOS 7
or (b) revoke all the certificates and start over or (c) I restore my new Alma Linux machine from backup (yes I made a backup before I started) and then someone who knows Alma/Rocjky/Centos 8 servers and how to transfer the Certificates gives me a step by step WORKING solution.
I used this 5 Simple Steps to Migrate Let's Encrypt Certificates (certbot) to a New Server and like most things linux 'HowTo' IT DOESN'T WORK, does it?
I get this feeling I'm wasting my time
It is helpful.
Try comment it out, see if the error goes away.
[then uncomment back]
If it doesn't go away, then that might NOT contain the line 94 it sees with an error.
It goes away!
In conf.d are the following files:
autoindex.conf,
fcgid.conf,
le-redirect-MyDomainFQDN,
manual.conf,
ssl.conf,
server1.conf,bak,
server2.conf.bak,
server1-le-ssl.conf.bak,
server2-le-ssl.conf.bak,
userdir.conf,
welcome.conf,
server2.conf.bak
and because I know that your next advice, I already tried as you can see, I renamed the two server files and the le-ssl.conf.bak
IT still fails same message
Remeber I copied these files from the old CentoOS 7 server
Let's order them by date:
ls -ltr *.conf
That solved part of the problem because some of the file had the wrong owner (don't ask me why, I have NO idea)
-rw-rw-r-- 1 me me 254 Jul 19 17:29 le-redirect-MyDomainFQDN.conf
-rw-rw-r-- 1 me me 9726 Jul 19 17:29 ssl.conf
-rw-rw-r-- 1 me me 797 Jul 19 17:29 server2-le-ssl.conf
-rw-rw-r-- 1 me me 780 Jul 19 17:29 server1-le-ssl.conf
-rw-r--r-- 1 root root 568 Jul 19 22:18 server1.conf
I ran chown -R root:root /etc/httpd/conf.d
then systemctl start httpd worked fine and status shows it running BUT
letsencrypt renew --dry-run
Returns
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/MyDomainFQDN.conf
Failed to renew certificate MyDomainFQDN with error: The requested apache plugin does not appear to be installed
All simulated renewals failed. The following certificates could not be renewed:
/etc/letsencrypt/live/MyDomainFQDN/fullchain.pem (failure)
1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
Which Apache plugin?
[check the LE log file - /var/log/letsencrypt/letsencrypt.log]
Which version of certbot is running?
OK. I got tired of messing around and getting nowhere fast.
Here is what I've done.
What I need now, is the SIMPLEST possible waay to transfer the SSL Certificates and autoinstall from the OLD Centos 7.3 Server to the new Alma 8.6 server.
I have not yet installed certbot or anything whatsoever to do with SSL,
If someone can now give me a WORKING step by step, it would be greatly appreciated.
I'm not using CPanel. it on one of our own server in the server room. It's all on VMWare 6.0.