SSL Randomly Failed On Me

My domain is:

I ran this command:

It produced this output:

My web server is (include version):
apache 2.4.6

The operating system my web server runs on is (include version):
centos 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

This SSL certificate was correctly installed and was working. Today it stopped out of blue. In the attachment, my browsers it says its not evening using let’s encrypt… instead it has become a self-assigned from linode… what?? All this just happened today. There was no update of any kind prior to this.

1 Like

Current certificate is valid here is the log

indent preformatted text by 4 spaces

[root@bistrotaiyo letsencrypt]# cat /var/log/letsencrypt/letsencrypt.log
2020-08-09 05:56:13,113:DEBUG:certbot._internal.main:certbot version: 1.5.0
2020-08-09 05:56:13,113:DEBUG:certbot._internal.main:Arguments:
2020-08-09 05:56:13,113:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-08-09 05:56:13,137:DEBUG:certbot._internal.log:Root logging level set at 20
2020-08-09 05:56:13,137:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-08-09 05:56:13,139:DEBUG:certbot._internal.plugins.selection:Requested authenticator None and installer None
2020-08-09 05:56:13,352:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.6
2020-08-09 05:56:13,838:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f6bb0c8b810>
Prep: True
2020-08-09 05:56:13,839:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f6bb0c8b810> and installer <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7f6bb0c8b810>
2020-08-09 05:56:13,839:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2020-08-09 05:56:13,872:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=None, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u’’, new_authzr_uri=None, terms_of_service=None), a1b8b2eef202aae1bf85e8c4b98ad58d, Meta(creation_host=u’’, creation_dt=datetime.datetime(2020, 7, 22, 21, 14, 47, tzinfo=)))>
2020-08-09 05:56:13,874:DEBUG:acme.client:Sending GET request to
2020-08-09 05:56:13,885:INFO:urllib3.connectionpool:Starting new HTTPS connection (1):
2020-08-09 05:56:14,102:DEBUG:urllib3.connectionpool:“GET /directory HTTP/1.1” 200 658
2020-08-09 05:56:14,103:DEBUG:acme.client:Received response:
HTTP 200
content-length: 658
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
cache-control: public, max-age=0, no-cache
date: Sun, 09 Aug 2020 05:56:19 GMT
x-frame-options: DENY
content-type: application/json

“keyChange”: “”,
“lZMrsyGe70w”: “Adding random entries to the directory”,
“meta”: {
“caaIdentities”: [
“termsOfService”: “”,
“website”: “
“newAccount”: “”,
“newNonce”: “”,
“newOrder”: “”,
“revokeCert”: “
2020-08-09 06:01:58,222:ERROR:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==1.5.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/”, line 15, in main
return internal_main.main(cli_args)
File “/usr/lib/python2.7/site-packages/certbot/_internal/”, line 1347, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/_internal/”, line 1095, in run
domains, certname = _find_domains_or_certname(config, installer)
File “/usr/lib/python2.7/site-packages/certbot/_internal/”, line 419, in _find_domains_or_certname
domains = display_ops.choose_names(installer, question)
File “/usr/lib/python2.7/site-packages/certbot/display/”, line 128, in choose_names
code, names = _filter_names(names, question)
File “/usr/lib/python2.7/site-packages/certbot/display/”, line 179, in _filter_names
question, tags=sorted_names, cli_flag="–domains", force_interactive=True)
File “/usr/lib/python2.7/site-packages/certbot/display/”, line 252, in checklist
File “/usr/lib/python2.7/site-packages/certbot/display/”, line 178, in input
ans = input_with_timeout(message)
File “/usr/lib/python2.7/site-packages/certbot/display/”, line 82, in input_with_timeout
line = misc.readline_with_timeout(timeout, prompt)
File “/usr/lib/python2.7/site-packages/certbot/compat/”, line 58, in readline_with_timeout
rlist, _, _ =[sys.stdin], , , timeout)
indent preformatted text by 4 spaces

1 Like

Hi @scotthe

what says

apachectl -S
certbot certificates

(may be)

httpd -S

If there is a working certificate, try to reinstall it:

certbot --reinstall

PS: Checking your domain - is this that what you want?

Host Type IP-Address is auth. ∑ Queries ∑ Timeout A Toronto/Ontario/Canada (CA) - Linode, LLC Hostname: yes 1 0
AAAA yes CNAME yes 1 0
A Portland/Oregon/United States (US) -, Inc. Hostname: yes
* A yes
A yes
AAAA yes
AAAA yes

Non-www and www have different ip addresses.

There is a wildcard CNAME to defined, so www uses that ip address.

Looks like the wrong vHost (with the standard self signed certificate) answers.

1 Like

Hi Juergen,

certbot certificates
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name:
Serial Number: 35b06eb31f84ca6eceb9da76f9c9ce8377d
Expiry Date: 2020-10-20 20:15:21+00:00 (VALID: 72 days)
Certificate Path: /etc/letsencrypt/live/
Private Key Path: /etc/letsencrypt/live/

httpd -s

VirtualHost configuration:

*:8080 (/etc/httpd/conf/httpd.conf:80)
*:443 is a NameVirtualHost
default server (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost (/etc/httpd/conf/httpd-le-ssl.conf:2)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
PidFile: “/run/httpd/”
User: name=“apache” id=48
Group: name=“apache” id=48

Regard the dns record, CNAME wild card isn’t technically what I wanted… but I never had to touch it. www does go to my server. As you can see in my apache I have the www alias.

Correct, I don’t know why the wrong Vhost is answering.

Should I reinstall the certificate?

1 Like


you see your problem.

Two different combinations port + domain name, that's always wrong.

Merge these in one or delete one.

1 Like

Thanks Juergen. That was the problem but it didn’t become apparent until now.
It’s a similar issue as this one
Apache Serving Up Wrong Certs
In the end I commented out the vhost directives as advised.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.