My domain is: veronikalyg.com

I ran this command: sudo certbot --authenticator webroot --installer apache

It produced this output:

Select the appropriate numbers separated by commas and/or spaces, or leave input

blank to select all options shown (Enter ‘c’ to cancel): 1
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t clos
e to expiry.
(ref: /etc/letsencrypt/renewal/veronikalyg.com.conf)
What would you like to do?

1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Keeping the existing certificate
File:

• Could not be found to be deleted /etc/apache2/sites-available/veron-le-ssl.conf - Certbot probably shut down une
  xpectedly
  An unexpected error occurred:
  StopIteration
  Please see the logfiles in /var/log/letsencrypt for more details.
  IMPORTANT NOTES:
• Unable to install the certificate
• Congratulations! Your certificate and chain have been saved at:
  /etc/letsencrypt/live/veronikalyg.com/fullchain.pem
  Your key file has been saved at:
  /etc/letsencrypt/live/veronikalyg.com/privkey.pem
  Your cert will expire on 2018-12-11. To obtain a new or tweaked
  version of this certificate in the future, simply run certbot again
  with the “certonly” option. To non-interactively renew all of
  your certificates, run “certbot renew”

My web server is (include version): 2.4.25-3+deb9u5

The operating system my web server runs on is (include version): Debian 9

My hosting provider, if applicable, is: Google App Engine

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no, ssh only

/var/log/letsencrypt/letsencrypt.log :

2018-09-12 18:31:05,158:DEBUG:certbot.main:certbot version: 0.25.0
2018-09-12 18:31:05,159:DEBUG:certbot.main:Arguments: [’–authenticator’, ‘webroot’, ‘–installer’, ‘apache’]
2018-09-12 18:31:05,160:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2018-09-12 18:31:05,167:DEBUG:certbot.log:Root logging level set at 20
2018-09-12 18:31:05,168:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2018-09-12 18:31:05,169:DEBUG:certbot.plugins.selection:Requested authenticator webroot and installer apache
2018-09-12 18:31:05,247:DEBUG:certbot_apache.configurator:Apache version is 2.4.25
2018-09-12 18:31:05,590:DEBUG:certbot.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.entrypoint:ENTRYPOINT
Initialized: <certbot_apache.override_debian.DebianConfigurator object at 0x7f1d20b77fd0>
Prep: True
2018-09-12 18:31:05,592:DEBUG:certbot.plugins.selection:Single candidate plugin: * webroot
Description: Place files in webroot directory
Interfaces: IAuthenticator, IPlugin
Entry point: webroot = certbot.plugins.webroot:Authenticator
Initialized: <certbot.plugins.webroot.Authenticator object at 0x7f1d1deb0d30>
Prep: True
2018-09-12 18:31:05,593:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.webroot.Authenticator object at 0x7f1d1deb0d30> and installer <certbot_apache.override_debian.DebianConfigurator object at 0x7f1d20b77fd0>
2018-09-12 18:31:05,593:INFO:certbot.plugins.selection:Plugins selected: Authenticator webroot, Installer apache
2018-09-12 18:31:05,597:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(terms_of_service=‘https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf’, uri=‘https://acme-v01.api.letsencrypt.org/acme/reg/41805868’, body=Registration(contact=(‘mailto:gladiator1988@gmail.com’,), terms_of_service_agreed=None, status=‘valid’, agreement=‘https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf’, key=JWKRSA(key=<ComparableRSAKey(<cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7f1d1f87b5c0>)>)), new_authzr_uri=‘https://acme-v01.api.letsencrypt.org/acme/new-authz’), 08cf7fe2fe99edccdbceb8aff9e8839b, Meta(creation_host=‘localhost’, creation_dt=datetime.datetime(2018, 9, 9, 17, 51, 53, tzinfo=)))>
2018-09-12 18:31:05,599:DEBUG:acme.client:Sending GET request to https://acme-v01.api.letsencrypt.org/directory.
2018-09-12 18:31:05,605:DEBUG:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
2018-09-12 18:31:05,829:DEBUG:requests.packages.urllib3.connectionpool:https://acme-v01.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
2018-09-12 18:31:05,830:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 658
Replay-Nonce: ja_fvj9oo7hP8dU6T746c_b2Eg15tG7VBV2rMOC-SJ4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Wed, 12 Sep 2018 18:31:05 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 12 Sep 2018 18:31:05 GMT
Connection: keep-alive

{
“key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“terms-of-service”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org”
},
“new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”,
“new-cert”: “https://acme-v01.api.letsencrypt.org/acme/new-cert”,
“new-reg”: “https://acme-v01.api.letsencrypt.org/acme/new-reg”,
“r_bSS2Dpe9s”: “Adding random entries to the directory”,
“revoke-cert”: “https://acme-v01.api.letsencrypt.org/acme/revoke-cert”
}
2018-09-12 18:31:10,618:INFO:certbot.renewal:Cert not yet due for renewal
2018-09-12 18:31:17,118:INFO:certbot.main:Keeping the existing certificate
2018-09-12 18:31:17,119:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/veronikalyg.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/veronikalyg.com/privkey.pem
Your cert will expire on 2018-12-11. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the “certonly” option. To non-interactively renew all of your certificates, run “certbot renew”
2018-09-12 18:31:17,121:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 489, in deploy_certificate
fullchain_path=fullchain_path)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 304, in deploy_cert
vhosts = self.choose_vhosts(domain)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 328, in choose_vhosts
return [self.choose_vhost(domain, create_if_no_ssl)]
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 510, in choose_vhost
vhost = self.make_vhost_ssl(vhost)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 1085, in make_vhost_ssl
self._copy_create_ssl_vhost_skeleton(nonssl_vhost, ssl_fp)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 1231, in copy_create_ssl_vhost
skeleton
ssl_vh_contents, sift = self._sift_rewrite_rules(orig_contents)
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 1303, in _sift_rewrite_rules
line = next(contents)
StopIteration
2018-09-12 18:31:17,121:DEBUG:certbot.error_handler:Calling registered functions
2018-09-12 18:31:17,122:WARNING:certbot.reverter:File:

• Could not be found to be deleted /etc/apache2/sites-available/veron-le-ssl.conf - Certbot probably shut do
  wn unexpectedly
  2018-09-12 18:31:17,123:DEBUG:certbot.reporter:Reporting to user: Unable to install the certificate
  2018-09-12 18:31:17,123:DEBUG:certbot.log:Exiting abnormally:
  Traceback (most recent call last):
  File “/usr/bin/certbot”, line 11, in
  load_entry_point(‘certbot==0.25.0’, ‘console_scripts’, ‘certbot’)()
  File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1323, in main
  return config.func(config, plugins)
  File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1093, in run
  _install_cert(config, le_client, domains, new_lineage)
  File “/usr/lib/python3/dist-packages/certbot/main.py”, line 768, in _install_cert
  path_provider.cert_path, path_provider.chain_path, path_provider.fullchain_path)
  File “/usr/lib/python3/dist-packages/certbot/client.py”, line 489, in deploy_certificate
  fullchain_path=fullchain_path)
  File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 304, in deploy_cert
  vhosts = self.choose_vhosts(domain)
  File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 328, in choose_vhosts
  return [self.choose_vhost(domain, create_if_no_ssl)]
  File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 510, in choose_vhost
  vhost = self.make_vhost_ssl(vhost)
  File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 1085, in make_vhost_ssl
  self._copy_create_ssl_vhost_skeleton(nonssl_vhost, ssl_fp)
  File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 1231, in copy_create_ssl_vhost
  skeleton
  ssl_vh_contents, sift = self._sift_rewrite_rules(orig_contents)
  File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 1303, in _sift_rewrite_rules
  line = next(contents)
  StopIteration
  2018-09-12 18:31:17,124:ERROR:certbot.log:An unexpected error occurred:

Please show:
certbot certificates
grep -Eri 'servername|serveralias' /etc/apache2

sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: veronikalyg.com
Domains: veronikalyg.com
Expiry Date: 2018-12-11 16:09:27+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/veronikalyg.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/veronikalyg.com/privkey.pem

sudo grep -Eri ‘servername|serveralias’ /etc/apache2
/etc/apache2/sites-available/000-default.conf: # The ServerName directive sets the request scheme, hostname and po
rt that
/etc/apache2/sites-available/000-default.conf: # redirection URLs. In the context of virtual hosts, the ServerName
/etc/apache2/sites-available/000-default.conf: #ServerName www.example.com
/etc/apache2/sites-available/veron.conf: # The ServerName directive sets the request scheme, hostname and po
rt that
/etc/apache2/sites-available/veron.conf: # redirection URLs. In the context of virtual hosts, the ServerName
/etc/apache2/sites-available/veron.conf: ServerName veronikalyg.com
/etc/apache2/sites-available/veron.conf:# ServerAlias veronikalyg.com *.veronikalyg.com
/etc/apache2/mods-available/info.conf: # http://servername/server-info (requires that mod_info.c be loaded).
/etc/apache2/mods-available/status.conf: # with the URL of http://servername/server-status

Please show file:
/etc/apache2/sites-available/veron.conf
and the corresponding file at:
/etc/letsencrypt/renewal/

/etc/apache2/sites-available/veron.conf

<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName veronikalyg.com

ServerAlias veronikalyg.com *.veronikalyg.com

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/site
    <Directory /var/www/site>
    Require all granted
    AllowOverride all
    </Directory>
    RewriteEngine on
    RewriteOptions inherit
    RewriteRule \.(svn|git)(/)?$ - [F]
    RewriteCond %{HTTP_HOST}    !^www.veronikalyg\.com [NC]
    RewriteCond %{HTTP_HOST}    !^$
    #Enable https redirection
    #RewriteRule ^/(.*)          https://www.veronikalyg/$1 [L,R]
    <IfModule mod_headers.c>
    Header set X-XSS-Protection "1; mode=block"
    Header always append X-Frame-Options SAMEORIGIN
    </IfModule>
    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

/etc/letsencrypt/renewal/veronikalyg.com.conf

renew_before_expiry = 30 days

version = 0.25.0
archive_dir = /etc/letsencrypt/archive/veronikalyg.com
cert = /etc/letsencrypt/live/veronikalyg.com/cert.pem
privkey = /etc/letsencrypt/live/veronikalyg.com/privkey.pem
chain = /etc/letsencrypt/live/veronikalyg.com/chain.pem
fullchain = /etc/letsencrypt/live/veronikalyg.com/fullchain.pem

Options used in the renewal process

[renewalparams]
installer = apache
authenticator = webroot
account = 08cf7fe2fe99edccdbceb8aff9e8839b
[[webroot_map]]
veronikalyg.com = /var/www/site

Since the installer and webroot are already defined in the renewal conf file, you don't need to mention them in the command request.
Try just:
sudo certbot
or
sudo certbot renew
on your next attempt and use whichever works in your crontab.

However...
This is concerning:

It seems that certbot thinks that file should exist but it doesn't exist.
At this point, I think you should start over by deleting the cert and re-installing it.
type
sudo certbot delete
then pick the cert number from the list (#1)
then check:
The file
/etc/letsencrypt/renewal/veronikalyg.com.conf
should have also been deleted, so you will have to use "webroot" and "--apache" in the installation command (as you did with the first cert).

I made everything. but again it doesnt work.

Looks like the root of problem here

  2018-09-13 18:11:22,383:DEBUG:certbot.error_handler:Encountered exception:
  Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 489, in deploy_certificate
    fullchain_path=fullchain_path)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 304, in deploy_cert
    vhosts = self.choose_vhosts(domain)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 328, in choose_vhosts
    return [self.choose_vhost(domain, create_if_no_ssl)]
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 510, in choose_vhost
    vhost = self.make_vhost_ssl(vhost)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 1085, in make_vhost_ssl
    self._copy_create_ssl_vhost_skeleton(nonssl_vhost, ssl_fp)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 1231, in _copy_create_ssl_vhost_skelet
on
    ssl_vh_contents, sift = self._sift_rewrite_rules(orig_contents)
  File "/usr/lib/python3/dist-packages/certbot_apache/configurator.py", line 1303, in _sift_rewrite_rules
    line = next(contents)
StopIteration

I think something wrong with RewriteCond

 # RewriteCond(s) must be followed by one RewriteRule
while not line.lower().lstrip().startswith("rewriterule"):
chunk.append(line)
line = next(contents)

Yes, the configuration you posted earlier shows a RewriteCond that isn't followed by a RewriteRule:

There's a Certbot issue about handling it better, but the quick fix is to comment out the RewriteConds, or uncomment the RewriteRule.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.