Super frustrated with certbot nuking my VESTA-driven sites

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: webwarephpdevelopment.com

I ran this command: certbot run -a webroot -i apache -w /home/admin/web/webwarephpdevelopment.com/public_html/ -d webwarephpdevelopment.com

It produced this output:Deploying Certificate to VirtualHost /home/admin/conf/web/webwarephpdevelopment.com.httpd.ssl.conf
Error while running apachectl graceful.

Job for httpd.service invalid.

Unable to restart apache using [‘apachectl’, ‘graceful’]
Error while running apachectl restart.

Job for httpd.service failed because the control process exited with error code. See “systemctl status httpd.service” and “journalctl -xe” for details.

Rolling back to previous server configuration…
Error while running apachectl graceful.

Job for httpd.service invalid.

Unable to restart apache using [‘apachectl’, ‘graceful’]
Error while running apachectl restart.

Job for httpd.service failed because the control process exited with error code. See “systemctl status httpd.service” and “journalctl -xe” for details.

Encountered exception during recovery:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/error_handler.py”, line 108, in _call_registered
self.funcs-1
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 626, in _rollback_and_restart
self.installer.restart()
File “/usr/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 2175, in restart
self._reload()
File “/usr/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 2203, in _reload
raise errors.MisconfigurationError(error)
MisconfigurationError: Error while running apachectl restart.

Job for httpd.service failed because the control process exited with error code. See “systemctl status httpd.service” and “journalctl -xe” for details.

Error while running apachectl restart.

Job for httpd.service failed because the control process exited with error code. See “systemctl status httpd.service” and “journalctl -xe” for details.

IMPORTANT NOTES:

  • An error occurred and we failed to restore your config and restart
    your server. Please post to
    https://community.letsencrypt.org/c/server-config with details
    about your configuration and this error you received.
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/webwarephpdevelopment.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/webwarephpdevelopment.com/privkey.pem
    Your cert will expire on 2019-08-21. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

My web server is (include version): Server version: Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version): CentOS 7

My hosting provider, if applicable, is: na

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): VESTA CP

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

So after running this command ALL MY SITES are down with a 500 error and to be honest, i dont appreciate you guys nuking my entire configuration and then making NO EFFORT AT ALL to restore everything to how is was before you guys broke it!!

I find it incredibly irresponsible of your software not to store the originals of everything it touches and then put everything back if some sort of error occurs…so no i am totally dependant upon your ability to reply to this message for getting my business sites up and running again…thats simply not good way to treat your users.

I look forward to hearing an answer to my broken configuration ASAP.

regards

  • mark
2

Hi @menriquez

don't use VestaCP and certbot parallel. That can't work.

The not working apachectl graceful looks like such a problem.

VestaCP has it's own rules how to manage vHosts. So use only the VestaCP - integrated solution.

1 Like
3

PS: There is a new check of your domain - https://check-your-website.server-daten.de/?q=webwarephpdevelopment.com

If you use Cloudflare, first deactivate that proxy setup. A “Bad Gateway” message blocks http-01 validation.

4

Thank you for your help…

The integrated solution stopped working when the decision to stop using port 443 for auth was implemented ], so I was getting error messages that I was running out of time for the certs to be updated.

I guess I should have done more research before attempting the work, but I still maintain that certbot should simply restore things to exactly how they were on the case of failure.

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.