in file webmail.domain-ssl.conf i have pointers to pem files:
SSLCertificateFile /etc/letsencrypt/live/webmail.domain/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/webmail.domain/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/webmail.domain/chain.pem
when i run command:
./letsencrypt-auto --apache -d mail.domain.dk
or ./letsencrypt-auto --apache certonly -d mail.domain.dk
i get error:
AH00526: Syntax error on line 140 of /etc/apache2/sites-enabled/webmail.domain-ssl.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/webmail.domain/cert.pem’ does not exist or is empty
I know i does not exist because i deleted it. I thought the abowe command would create new pem files i that dir.
Your command is correct and it should be able to recreate new certificate files. However, the error is from Apache. Your Apache configuration is no longer valid because it refers to the deleted files. Here, Certbot needs to use Apache in order to obtain the new certificate, but it can’t because Apache can’t even start up due to this error.
If you haven’t modified the webmail.domain-ssl.conf file, the easiest way to fix this is to delete that file so that Apache (temporarily) no longer expects the certificate files to exist.
You should also be sure that the files in /etc/letsencrypt/archive, /etc/letsencrypt/live, and /etc/letsencrypt/renewal that correspond to the files you deleted are all removed. Otherwise, Certbot may be confused because the references in /etc/letsencrypt will be inconsistent.
I deleted the .conf file and the files in /etc/letsencrypt/archive , /etc/letsencrypt/live , and /etc/letsencrypt/renewal
Apache is running again. Great.
When i run the command:
./letsencrypt-auto --apache -d mail.domain.dk
It askes for wich .conf file to use.
We were unable to find a vhost with a ServerName or Address of mail.domain.dk.
Which virtual host would you like to choose?
If i recreate the .conf file from before and run the command again the first error comes back.
250-PIPELINING
250-SIZE 20971520
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN|
|[000.299]||We can use this server|
|[000.299]||TLS is an option on this server|
|[000.299]|–>|STARTTLS|
|[000.385]|<–|454 4.7.0 TLS not available due to local problem|
|[000.386]||STARTTLS command rejected|
|[000.386]|–>|MAIL FROM:<test@checktls.com>|
|[000.495]|<–|250 2.1.0 Ok|
|[000.496]||Sender is OK|
|[000.496]|–>|QUIT|
|[000.606]|<–|221 2.0.0 Bye|
Certbot expects your Apache to already have a virtual host listening to unencrypted HTTP on port 80 with the domains in question. It's complaining that it couldn't find one.
I did look at the log but not close enough.
I have two domains one with a hyphen and one without. one is a serveralias
In the log:
warning: TLS library problem: error:02001002:system library:fopen:No such file or directory:bss_file.c:169:fopen(’/etc/letsencrypt/live/webmail.d-omain/chain.pem’,‘r’):
and in my .conf i have:
SSLCertificateChainFile /etc/letsencrypt/live/webmail.domain/chain.pem
I realize this is not a letsencrypt problem. It is a configuration mismatch.
Somehow i have “told” the server that it should look for the pem file at /etc/letsencrypt/live/webmail.d-omain/chain.pem (with a hyphen) and it is actually located at /etc/letsencrypt/live/webmail.domain/chain.pem
So how do I tell the server to look at the other path for the pem file?
If they’re in the same virtual host with a ServerAlias, you need to issue one single certificate covering both names (with two -d options for Certbot, for example). Apache doesn’t have a way to have multiple certificates for an individual virtual host.
Alternatively, you can split the virtual host into two separate virtual hosts (possibly with the same configuration except for the domain name itself), and then each one can refer to a different certificate on disk.
