Super frustrated with certbot nuking my VESTA-driven sites

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: webwarephpdevelopment.com

I ran this command: certbot run -a webroot -i apache -w /home/admin/web/webwarephpdevelopment.com/public_html/ -d webwarephpdevelopment.com

It produced this output:Deploying Certificate to VirtualHost /home/admin/conf/web/webwarephpdevelopment.com.httpd.ssl.conf
Error while running apachectl graceful.

Job for httpd.service invalid.

Unable to restart apache using [‘apachectl’, ‘graceful’]
Error while running apachectl restart.

Job for httpd.service failed because the control process exited with error code. See “systemctl status httpd.service” and “journalctl -xe” for details.

Rolling back to previous server configuration…
Error while running apachectl graceful.

Job for httpd.service invalid.

Unable to restart apache using [‘apachectl’, ‘graceful’]
Error while running apachectl restart.

Job for httpd.service failed because the control process exited with error code. See “systemctl status httpd.service” and “journalctl -xe” for details.

Encountered exception during recovery:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/error_handler.py”, line 108, in _call_registered
self.funcs-1
File “/usr/lib/python2.7/site-packages/certbot/client.py”, line 626, in _rollback_and_restart
self.installer.restart()
File “/usr/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 2175, in restart
self._reload()
File “/usr/lib/python2.7/site-packages/certbot_apache/configurator.py”, line 2203, in _reload
raise errors.MisconfigurationError(error)
MisconfigurationError: Error while running apachectl restart.

Job for httpd.service failed because the control process exited with error code. See “systemctl status httpd.service” and “journalctl -xe” for details.

Error while running apachectl restart.

Job for httpd.service failed because the control process exited with error code. See “systemctl status httpd.service” and “journalctl -xe” for details.

IMPORTANT NOTES:

  • An error occurred and we failed to restore your config and restart
    your server. Please post to
    https://community.letsencrypt.org/c/server-config with details
    about your configuration and this error you received.
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/webwarephpdevelopment.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/webwarephpdevelopment.com/privkey.pem
    Your cert will expire on 2019-08-21. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

My web server is (include version): Server version: Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version): CentOS 7

My hosting provider, if applicable, is: na

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): VESTA CP

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

So after running this command ALL MY SITES are down with a 500 error and to be honest, i dont appreciate you guys nuking my entire configuration and then making NO EFFORT AT ALL to restore everything to how is was before you guys broke it!!

I find it incredibly irresponsible of your software not to store the originals of everything it touches and then put everything back if some sort of error occurs…so no i am totally dependant upon your ability to reply to this message for getting my business sites up and running again…thats simply not good way to treat your users.

I look forward to hearing an answer to my broken configuration ASAP.

regards

  • mark

Hi @menriquez

don’t use VestaCP and certbot parallel. That can’t work.

The not working apachectl graceful looks like such a problem.

VestaCP has it’s own rules how to manage vHosts. So use only the VestaCP - integrated solution.

1 Like

PS: There is a new check of your domain - https://check-your-website.server-daten.de/?q=webwarephpdevelopment.com

If you use Cloudflare, first deactivate that proxy setup. A “Bad Gateway” message blocks http-01 validation.

Thank you for your help…

The integrated solution stopped working when the decision to stop using port 443 for auth was implemented ], so I was getting error messages that I was running out of time for the certs to be updated.

I guess I should have done more research before attempting the work, but I still maintain that certbot should simply restore things to exactly how they were on the case of failure.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.