The client lacks sufficient authorization


#1

My domain is:
herproject.org

I ran these commands:
certbot renew --dry-run and
certbot --debug-challenges

Both commands produced the same error:

Failed authorization procedure. herproject.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://herproject.org/.well-known/acme-challenge/w8Wk1uotRqghqpjtlKglQNm6BnjNrd6cInWNg8GDVOg: “<!DOCTYPE html>\n<html lang=”{language}">\n<head>\n\t<meta charset=“utf-8” />\n\t<meta http-equiv=“X-UA-Compatible”\n\t\tcontent=“IE=edge”

My web server is (include version):
Apache/2.4.6 (CentOS)

The operating system my web server runs on is (include version):
CentOS 7

My hosting provider, if applicable, is:
Rackspace Cloud Servers

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Nope

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.29.1

More info:

I’ve read about a dozen different help topics on this exact error and here’s what I can confirm.

(1) I get a 200 HTTP response from: curl -ikL http://herproject.org/.well-known/acme-challenge/test

(2) I can renew a certificate on another domain on the same server, running certbot --debug-challenges.

(3) herproject.org A record points to the correct IP address at 104.130.217.105

(4) The CNAME domain www.herproject.org, which points to herproject.org, can be successfully renewed running certbot --debug-challenges.

What am I missing here? Anything else I can test?


#2

You seem very close…
Please show the http vhost config for the name herproject.org
[in its’ entirety - use three backticks to enclose the content]
Like:
```
vhost config file
```

and also show the latest portion of the LE log file.


#3

and for good measure and comparison…
Please show:
certbot certificates
and their matching [related] renewal.conf files.
[focus on herproject.org and www.herproject.org]

also show the http vhost config for the name www.herproject.org
[which can renew normally]

Looking for differences… that can explain this.


#4

What was the rest of Certbot’s output?


#5

Thanks for your time and attention on this!

vhost config for herproject.org and pease not the ServerAlias for www.herproject.org so there’s no vhost config file for this subdomain.

<IfModule mod_ssl.c>
<VirtualHost *:443>
       ServerName herproject.org
       ServerAlias www.herproject.org
       DocumentRoot /var/www/herproject/default_site/
       <Directory /var/www/herproject/default_site>
               Options FollowSymLinks MultiViews
                AllowOverride All
       </Directory>

        CustomLog /var/log/httpd/herproject.org.log combined
        ErrorLog /var/log/httpd/herproject.org-error.log
#       RewriteLog /var/log/httpd/rewrite_log
#        RewriteLogLevel 3

#       Possible values include: debug, info, notice, warn, error, crit,
#       alert, emerg.
        LogLevel warn
SSLCertificateFile /etc/letsencrypt/live/herproject.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/herproject.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/herproject.org/chain.pem
</VirtualHost>
</IfModule>

The end of the LE log file shows which is probably not helpful:

2019-01-30 13:17:21,136:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 9, in <module>
    load_entry_point('certbot==0.29.1', 'console_scripts', 'certbot')()
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1352, in main
    return config.func(config, plugins)
  File "/usr/lib/python2.7/site-packages/certbot/main.py", line 1259, in renew
    renewal.handle_renewal_request(config)
  File "/usr/lib/python2.7/site-packages/certbot/renewal.py", line 457, in handle_renewal_request
    len(renew_failures), len(parse_failures)))
Error: 1 renew failure(s), 0 parse failure(s)

And here’s the output of certbot certificates:

  Certificate Name: www.herproject.org
    Domains: www.herproject.org
    Expiry Date: 2019-04-30 00:48:11+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/www.herproject.org/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.herproject.org/privkey.pem
  Certificate Name: herproject.org
    Domains: herproject.org dev.portal.herproject.org portal.herproject.org staging.portal.herproject.org www.herproject.org
    Expiry Date: 2019-03-31 05:00:15+00:00 (VALID: 59 days)
    Certificate Path: /etc/letsencrypt/live/herproject.org/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/herproject.org/privkey.pem
  Certificate Name: portal.herproject.org
    Domains: portal.herproject.org
    Expiry Date: 2019-04-30 00:46:45+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/portal.herproject.org/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/portal.herproject.org/privkey.pem
  Certificate Name: healthybusiness.bsr.org
    Domains: healthybusiness.bsr.org
    Expiry Date: 2019-04-30 00:37:41+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/healthybusiness.bsr.org/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/healthybusiness.bsr.org/privkey.pem

And running certbot renew --dry-run the end of the output is:

1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: herproject.org
   Type:   unauthorized
   Detail: Invalid response from
   http://herproject.org/.well-known/acme-challenge/6Kx74iRlZ6G1v7-IaecqkrfXqpXd1pMLiuMM1wsNfPU:
   "<!DOCTYPE html>\n<html lang=\"{language}\">\n<head>\n\t<meta
   charset=\"utf-8\" />\n\t<meta
   http-equiv=\"X-UA-Compatible\"\n\t\tcontent=\"IE=edge"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

I can’t see any clues here—everything seems normal. And the website is working so not sure how to trouble-shoot any DNS issue.


#6

This needs more explanation:

[which could explain why you have two certs (overlapping www.heproject.org) and this problem]

Please show any/all http vhost configs that include the herproject.org or www.herproject.org.
[be that as ServerName or ServerAlias]


#7

Thanks for your response! And sorry, I did not show the vhost config for request on port 80:

<VirtualHost *:80>
       ServerName herproject.org
       ServerAlias www.herproject.org
       DocumentRoot /var/www/herproject/default_site/
       <Directory /var/www/herproject/default_site>
               Options FollowSymLinks MultiViews
                AllowOverride All
       </Directory>

        CustomLog /var/log/httpd/herproject.org.log combined
        ErrorLog /var/log/httpd/herproject.org-error.log
#       RewriteLog /var/log/httpd/rewrite_log
#        RewriteLogLevel 3

#       Possible values include: debug, info, notice, warn, error, crit,
#       alert, emerg.
        LogLevel warn
</VirtualHost>

Since www.herproject.org is an alias of herproject.org, I didn’t think I needed a separate vhost config file for this subdomain.

Can you please clarity what you mean that we have two overlapping certs?


#8

I ran certbot certificates on alter server and I think I see you mean by overlapping certificates.

Certificate Name: www.bsr.org-0001
    Domains: www.bsr.org bsr.org
    Expiry Date: 2019-03-10 05:00:57+00:00 (VALID: 38 days)
    Certificate Path: /etc/letsencrypt/live/www.bsr.org-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/www.bsr.org-0001/privkey.pem

In this case, bsr.org domain is an alias of www.bsr.org and both are under one certificate.

If I have this right, I should revoke the www.herproject.org certificate and add add it to the herproject.org certificate?


#9

#10

Ah, thank you! So, to remedy, do I run:
certbot revoke --cert-path /etc/letsencrypt/live/www.herproject.org/fullchain.pem --key-path /etc/letsencrypt/live/www.herproject.org/privkey.pem?


#11

Both names are already on the second cert.

No. There is no need to REVOKE.
Simple delete (using) it with:
sudo certbot delete --cert-name www.herproject.org
[be sure that you are only using the other cert - or Apache will not (re)start]
grep -Eri 'sslcertificatefile|servername|serveralias' /etc/apache2


#12

Sorry, I’n still getting the same error on the heproject.org domain.

  1. I ran certbot delete --cert-name www.herproject.org
  2. Confirmed with certbot certificates:

Certificate Name: herproject.org
Domains: herproject.org dev.portal.herproject.org portal.herproject.org staging.portal.herproject.org www.herproject.org
Expiry Date: 2019-03-31 05:00:15+00:00 (VALID: 59 days)
Certificate Path: /etc/letsencrypt/live/herproject.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/herproject.org/privkey.pem
Certificate Name: portal.herproject.org
Domains: portal.herproject.org
Expiry Date: 2019-04-30 00:46:45+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/portal.herproject.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/portal.herproject.org/privkey.pem
Certificate Name: healthybusiness.bsr.org
Domains: healthybusiness.bsr.org
Expiry Date: 2019-04-30 00:37:41+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/healthybusiness.bsr.org/fullchain.pem
Private Key Path: /etc/letsencrypt/live/healthybusiness.bsr.org/privkey.pem```


#13
  1. I ran certbot --debug-challenges:
    Failed authorization procedure. herproject.org (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://herproject.org/.well-known/acme-challenge/fG1X4BBTgIBHBr3OyrGLEWdsdz9f3ugj_vFTvko_1pA: “\n<html lang=”{language}">\n\n\t<meta charset=“utf-8” />\n\t<meta http-equiv=“X-UA-Compatible”\n\t\tcontent=“IE=edge”

IMPORTANT NOTES:


#14

Please show:
grep -Eri 'include|virtualhost|listen|servername|serveralias|sslcert' /etc/apache2


#15
/etc/httpd/conf/httpd.conf.20150602:# **Listen** : Allows you to bind Apache to specific IP addresses and/or

/etc/httpd/conf/httpd.conf.20150602:# ports, instead of the default. See also the &lt; **VirtualHost** &gt;

/etc/httpd/conf/httpd.conf.20150602:# Change this to **Listen** on specific IP addresses as shown below to

/etc/httpd/conf/httpd.conf.20150602:# **Listen** 12.34.56.78:80

/etc/httpd/conf/httpd.conf.20150602: **Listen** 80

/etc/httpd/conf/httpd.conf.20150602: **Include** conf.modules.d/*.conf

/etc/httpd/conf/httpd.conf.20150602:# &lt; **VirtualHost** &gt; definition. These values also provide defaults for

/etc/httpd/conf/httpd.conf.20150602:# any &lt; **VirtualHost** &gt; containers you may define later in the file.

/etc/httpd/conf/httpd.conf.20150602:# All of these directives may appear inside &lt; **VirtualHost** &gt; containers,

/etc/httpd/conf/httpd.conf.20150602:# **ServerName** gives the name and port that the server uses to identify itself.

/etc/httpd/conf/httpd.conf.20150602:# **ServerName** www.example.com:80

/etc/httpd/conf/httpd.conf.20150602: # Indexes **Include** s FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews

/etc/httpd/conf/httpd.conf.20150602:# If you do not specify an ErrorLog directive within a &lt; **VirtualHost** &gt;

/etc/httpd/conf/httpd.conf.20150602:# logged here. If you *do* define an error logfile for a &lt; **VirtualHost** &gt;

/etc/httpd/conf/httpd.conf.20150602:# Possible values **include** : debug, info, notice, warn, error, crit,

/etc/httpd/conf/httpd.conf.20150602: # If you do not define any access logfiles within a &lt; **VirtualHost** &gt;

/etc/httpd/conf/httpd.conf.20150602: # define per-&lt; **VirtualHost** &gt; access logfiles, transactions will be

/etc/httpd/conf/httpd.conf.20150602: # If you **include** a trailing / on /webpath then the server will

/etc/httpd/conf/httpd.conf.20150602: # To parse .shtml files for server-side **include** s (SSI):

/etc/httpd/conf/httpd.conf.20150602: # (You will also need to add " **Include** s" to the "Options" directive.)

/etc/httpd/conf/httpd.conf.20150602: AddOutputFilter **INCLUDE** S .shtml

/etc/httpd/conf/httpd.conf.20150602: **Include** Optional conf.d/*.conf

/etc/httpd/conf/httpd.conf:# **Listen** : Allows you to bind Apache to specific IP addresses and/or

/etc/httpd/conf/httpd.conf:# ports, instead of the default. See also the &lt; **VirtualHost** &gt;

/etc/httpd/conf/httpd.conf:# Change this to **Listen** on specific IP addresses as shown below to

/etc/httpd/conf/httpd.conf:# **Listen** 12.34.56.78:80

/etc/httpd/conf/httpd.conf: **Listen** 80

/etc/httpd/conf/httpd.conf: **Include** conf.modules.d/*.conf

/etc/httpd/conf/httpd.conf:# &lt; **VirtualHost** &gt; definition. These values also provide defaults for

/etc/httpd/conf/httpd.conf:# any &lt; **VirtualHost** &gt; containers you may define later in the file.

/etc/httpd/conf/httpd.conf:# All of these directives may appear inside &lt; **VirtualHost** &gt; containers,

/etc/httpd/conf/httpd.conf:# **ServerName** gives the name and port that the server uses to identify itself.

/etc/httpd/conf/httpd.conf: **ServerName** herproject.org:80

/etc/httpd/conf/httpd.conf: # Indexes **Include** s FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews

/etc/httpd/conf/httpd.conf:# If you do not specify an ErrorLog directive within a &lt; **VirtualHost** &gt;

/etc/httpd/conf/httpd.conf:# logged here. If you *do* define an error logfile for a &lt; **VirtualHost** &gt;

/etc/httpd/conf/httpd.conf:# Possible values **include** : debug, info, notice, warn, error, crit,

/etc/httpd/conf/httpd.conf: # If you do not define any access logfiles within a &lt; **VirtualHost** &gt;

/etc/httpd/conf/httpd.conf: # define per-&lt; **VirtualHost** &gt; access logfiles, transactions will be

/etc/httpd/conf/httpd.conf: # If you **include** a trailing / on /webpath then the server will

/etc/httpd/conf/httpd.conf: # To parse .shtml files for server-side **include** s (SSI):

/etc/httpd/conf/httpd.conf: # (You will also need to add " **Include** s" to the "Options" directive.)

/etc/httpd/conf/httpd.conf: AddOutputFilter **INCLUDE** S .shtml

/etc/httpd/conf/httpd.conf: **Include** Optional conf.d/*.conf

/etc/httpd/conf/httpd.conf: **Include** vhost.d/*.conf

/etc/httpd/conf.modules.d/00-base.conf:# This file loads most of the modules **include** d with the Apache HTTP

/etc/httpd/conf.modules.d/00-base.conf:LoadModule **include** _module modules/mod_ **include** .so

/etc/httpd/conf.d/ssl.conf.bak:# When we also provide SSL we have to **listen** to the

/etc/httpd/conf.d/ssl.conf.bak: **Listen** 443 https

/etc/httpd/conf.d/ssl.conf.bak:&lt; **VirtualHost** _default_:443&gt;

/etc/httpd/conf.d/ssl.conf.bak:# **ServerName** www.example.com:443

/etc/httpd/conf.d/ssl.conf.bak:# Point **SSLCert** ificateFile at a PEM encoded certificate. If

/etc/httpd/conf.d/ssl.conf.bak: **SSLCert** ificateFile /etc/pki/tls/certs/localhost.crt

/etc/httpd/conf.d/ssl.conf.bak: **SSLCert** ificateKeyFile /etc/pki/tls/private/localhost.key

/etc/httpd/conf.d/ssl.conf.bak:# Point **SSLCert** ificateChainFile at a file containing the

/etc/httpd/conf.d/ssl.conf.bak:# the referenced file can be the same as **SSLCert** ificateFile

/etc/httpd/conf.d/ssl.conf.bak:# **SSLCert** ificateChainFile /etc/pki/tls/certs/server-chain.crt

/etc/httpd/conf.d/ssl.conf.bak:&lt;/ **VirtualHost** &gt;

/etc/httpd/conf.d/ssl.conf:# When we also provide SSL we have to **listen** to the

/etc/httpd/conf.d/ssl.conf: **Listen** 443 https

/etc/httpd/conf.d/ssl.conf:&lt; **VirtualHost** *:443&gt;

/etc/httpd/conf.d/ssl.conf: **ServerName** herproject.org:443

/etc/httpd/conf.d/ssl.conf: **ServerAlias** www.herproject.org:443

/etc/httpd/conf.d/ssl.conf:# Point **SSLCert** ificateFile at a PEM encoded certificate. If

/etc/httpd/conf.d/ssl.conf: **SSLCert** ificateFile /etc/letsencrypt/live/herproject.org/cert.pem

/etc/httpd/conf.d/ssl.conf: **SSLCert** ificateKeyFile /etc/letsencrypt/live/herproject.org/privkey.pem

/etc/httpd/conf.d/ssl.conf:# Point **SSLCert** ificateChainFile at a file containing the

/etc/httpd/conf.d/ssl.conf:# the referenced file can be the same as **SSLCert** ificateFile

/etc/httpd/conf.d/ssl.conf: **SSLCert** ificateChainFile /etc/letsencrypt/live/herproject.org/chain.pem

/etc/httpd/conf.d/ssl.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/conf.d/ssl.conf.20180205.bak:# When we also provide SSL we have to **listen** to the

/etc/httpd/conf.d/ssl.conf.20180205.bak: **Listen** 443 https

/etc/httpd/conf.d/ssl.conf.20180205.bak:&lt; **VirtualHost** *:443&gt;

/etc/httpd/conf.d/ssl.conf.20180205.bak: **ServerName** herproject.org:443

/etc/httpd/conf.d/ssl.conf.20180205.bak: **ServerAlias** www.herproject.org:443

/etc/httpd/conf.d/ssl.conf.20180205.bak:# Point **SSLCert** ificateFile at a PEM encoded certificate. If

/etc/httpd/conf.d/ssl.conf.20180205.bak: **SSLCert** ificateFile /etc/letsencrypt/live/herproject.org/cert.pem

/etc/httpd/conf.d/ssl.conf.20180205.bak: **SSLCert** ificateKeyFile /etc/letsencrypt/live/herproject.org/privkey.pem

/etc/httpd/conf.d/ssl.conf.20180205.bak:# Point **SSLCert** ificateChainFile at a file containing the

/etc/httpd/conf.d/ssl.conf.20180205.bak:# the referenced file can be the same as **SSLCert** ificateFile

/etc/httpd/conf.d/ssl.conf.20180205.bak: **SSLCert** ificateChainFile /etc/letsencrypt/live/herproject.org/chain.pem

/etc/httpd/conf.d/ssl.conf.20180205.bak:&lt;/ **VirtualHost** &gt;

/etc/httpd/conf.d/userdir.conf: Options MultiViews Indexes SymLinksIfOwnerMatch **Include** sNoExec

/etc/httpd/conf.d/ssl.conf.201612.bak:# When we also provide SSL we have to **listen** to the

/etc/httpd/conf.d/ssl.conf.201612.bak: **Listen** 443 https

/etc/httpd/conf.d/ssl.conf.201612.bak:&lt; **VirtualHost** *:443&gt;

/etc/httpd/conf.d/ssl.conf.201612.bak: **ServerName** herproject.org:443

/etc/httpd/conf.d/ssl.conf.201612.bak: **ServerAlias** www.herproject.org:443

/etc/httpd/conf.d/ssl.conf.201612.bak:# Point **SSLCert** ificateFile at a PEM encoded certificate. If

/etc/httpd/conf.d/ssl.conf.201612.bak: **SSLCert** ificateFile /etc/httpd/ssl/herproject_org.crt

/etc/httpd/conf.d/ssl.conf.201612.bak: **SSLCert** ificateKeyFile /etc/httpd/ssl/herproject.org.key

/etc/httpd/conf.d/ssl.conf.201612.bak:# Point **SSLCert** ificateChainFile at a file containing the

/etc/httpd/conf.d/ssl.conf.201612.bak:# the referenced file can be the same as **SSLCert** ificateFile

/etc/httpd/conf.d/ssl.conf.201612.bak: **SSLCert** ificateChainFile /etc/httpd/ssl/herproject_org.ca

/etc/httpd/conf.d/ssl.conf.201612.bak:&lt;/ **VirtualHost** &gt;

/etc/httpd/conf.d/autoindex.conf:# directory must **include** "Indexes", and the directory must not contain

/etc/httpd/conf.d/autoindex.conf:# We **include** the /icons/ alias for FancyIndexed directory listings. If

/etc/httpd/conf.d/autoindex.conf:# and not **include** in the listing. Shell-style wildcarding is permitted.

/etc/httpd/vhost.d/example.conf:&lt; **VirtualHost** *:80&gt;

/etc/httpd/vhost.d/example.conf:# **ServerName** beta.bsr.org

/etc/httpd/vhost.d/example.conf:# **ServerAlias** beta.bsr.org

/etc/httpd/vhost.d/example.conf:# Possible values **include** : debug, info, notice, warn, error, crit,

/etc/httpd/vhost.d/example.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/drcafta.bsr.org.old:&lt; **VirtualHost** *:80&gt;

/etc/httpd/vhost.d/drcafta.bsr.org.old: **ServerName** drcafta.bsr.org

/etc/httpd/vhost.d/drcafta.bsr.org.old:# **ServerAlias** www.drcafta.bsr.org

/etc/httpd/vhost.d/drcafta.bsr.org.old:# Possible values **include** : debug, info, notice, warn, error, crit,

/etc/httpd/vhost.d/drcafta.bsr.org.old:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/healthybusiness.bsr.org-le-ssl.conf:&lt; **VirtualHost** *:443&gt;

/etc/httpd/vhost.d/healthybusiness.bsr.org-le-ssl.conf: **ServerName** healthybusiness.bsr.org

/etc/httpd/vhost.d/healthybusiness.bsr.org-le-ssl.conf: **ServerAlias** www.healthybusiness.bsr.org

/etc/httpd/vhost.d/healthybusiness.bsr.org-le-ssl.conf:# Possible values **include** : debug, info, notice, warn, error, crit,

/etc/httpd/vhost.d/healthybusiness.bsr.org-le-ssl.conf: **SSLCert** ificateFile /etc/letsencrypt/live/healthybusiness.bsr.org/cert.pem

/etc/httpd/vhost.d/healthybusiness.bsr.org-le-ssl.conf: **SSLCert** ificateKeyFile /etc/letsencrypt/live/healthybusiness.bsr.org/privkey.pem

/etc/httpd/vhost.d/healthybusiness.bsr.org-le-ssl.conf: **Include** /etc/letsencrypt/options-ssl-apache.conf

/etc/httpd/vhost.d/healthybusiness.bsr.org-le-ssl.conf: **SSLCert** ificateChainFile /etc/letsencrypt/live/healthybusiness.bsr.org/chain.pem

/etc/httpd/vhost.d/healthybusiness.bsr.org-le-ssl.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/archive.herproject.org.conf:&lt; **VirtualHost** *:80&gt;

/etc/httpd/vhost.d/archive.herproject.org.conf: **ServerName** archive.herproject.org

/etc/httpd/vhost.d/archive.herproject.org.conf:# Possible values **include** : debug, info, notice, warn, error, crit,

/etc/httpd/vhost.d/archive.herproject.org.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/www.herproject.org.conf:&lt; **VirtualHost** *:80&gt;

/etc/httpd/vhost.d/www.herproject.org.conf: **ServerName** www.herproject.org

/etc/httpd/vhost.d/www.herproject.org.conf:# Possible values **include** : debug, info, notice, warn, error, crit,

/etc/httpd/vhost.d/www.herproject.org.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/www.herproject.org.conf:&lt; **VirtualHost** *:443&gt;

/etc/httpd/vhost.d/www.herproject.org.conf: **ServerName** www.herproject.org

/etc/httpd/vhost.d/www.herproject.org.conf:# Possible values **include** : debug, info, notice, warn, error, crit,

/etc/httpd/vhost.d/www.herproject.org.conf: **Include** /etc/letsencrypt/options-ssl-apache.conf

/etc/httpd/vhost.d/www.herproject.org.conf: **SSLCert** ificateFile /etc/letsencrypt/live/herproject.org/cert.pem

/etc/httpd/vhost.d/www.herproject.org.conf: **SSLCert** ificateKeyFile /etc/letsencrypt/live/herproject.org/privkey.pem

/etc/httpd/vhost.d/www.herproject.org.conf: **SSLCert** ificateChainFile /etc/letsencrypt/live/herproject.org/chain.pem

/etc/httpd/vhost.d/www.herproject.org.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/bsrherproject-portal.conf:&lt; **VirtualHost** *:80&gt;

/etc/httpd/vhost.d/bsrherproject-portal.conf: **ServerName** dev.herprojectportal.zenb.us

/etc/httpd/vhost.d/bsrherproject-portal.conf: **ServerAlias** dev.herprojectportal.zenb.us

/etc/httpd/vhost.d/bsrherproject-portal.conf:# Possible values **include** : debug, info, notice, warn, error, crit,

/etc/httpd/vhost.d/bsrherproject-portal.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/bsrherproject-portal.conf:&lt; **VirtualHost** *:80&gt;

/etc/httpd/vhost.d/bsrherproject-portal.conf: **ServerName** prod.herprojectportal.zenb.us

/etc/httpd/vhost.d/bsrherproject-portal.conf: **ServerAlias** prod.herprojectportal.zenb.us

/etc/httpd/vhost.d/bsrherproject-portal.conf:# Possible values **include** : debug, info, notice, warn, error, crit,

/etc/httpd/vhost.d/bsrherproject-portal.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/beta.herproject.org.conf:&lt; **VirtualHost** *:80&gt;

/etc/httpd/vhost.d/beta.herproject.org.conf: **ServerName** beta.herproject.org

/etc/httpd/vhost.d/beta.herproject.org.conf: **ServerAlias** www.beta.herproject.org

/etc/httpd/vhost.d/beta.herproject.org.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/toolbuilder.herproject.org.conf:&lt; **VirtualHost** *:80&gt;

/etc/httpd/vhost.d/toolbuilder.herproject.org.conf: **ServerName** toolbuilder.herproject.org

/etc/httpd/vhost.d/toolbuilder.herproject.org.conf:# Possible values **include** : debug, info, notice, warn, error, crit,

/etc/httpd/vhost.d/toolbuilder.herproject.org.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/dev.portal.herproject.org.conf:&lt; **VirtualHost** *:80&gt;

/etc/httpd/vhost.d/dev.portal.herproject.org.conf: **ServerName** dev.portal.herproject.org

/etc/httpd/vhost.d/dev.portal.herproject.org.conf:# **ServerAlias** www.portal.herproject.org

/etc/httpd/vhost.d/dev.portal.herproject.org.conf: # Possible values **include** : debug, info, notice, warn, error, crit,

/etc/httpd/vhost.d/dev.portal.herproject.org.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/dev.portal.herproject.org.conf:&lt; **VirtualHost** *:443&gt;

/etc/httpd/vhost.d/dev.portal.herproject.org.conf: **SSLCert** ificateFile "/etc/letsencrypt/live/herproject.org/cert.pem"

/etc/httpd/vhost.d/dev.portal.herproject.org.conf: **SSLCert** ificateKeyFile "/etc/letsencrypt/live/herproject.org/privkey.pem"

/etc/httpd/vhost.d/dev.portal.herproject.org.conf: **ServerName** dev.portal.herproject.org

/etc/httpd/vhost.d/dev.portal.herproject.org.conf:# **ServerAlias** www.dev.portal.herproject.org

/etc/httpd/vhost.d/dev.portal.herproject.org.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/staging.portal.herproject.org.conf:&lt; **VirtualHost** *:80&gt;

/etc/httpd/vhost.d/staging.portal.herproject.org.conf: **ServerName** staging.portal.herproject.org

/etc/httpd/vhost.d/staging.portal.herproject.org.conf:# **ServerAlias** www.portal.herproject.org

/etc/httpd/vhost.d/staging.portal.herproject.org.conf: # Possible values **include** : debug, info, notice, warn, error, crit,

/etc/httpd/vhost.d/staging.portal.herproject.org.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/staging.portal.herproject.org.conf:&lt; **VirtualHost** *:443&gt;

/etc/httpd/vhost.d/staging.portal.herproject.org.conf: **SSLCert** ificateFile "/etc/letsencrypt/live/herproject.org/cert.pem"

/etc/httpd/vhost.d/staging.portal.herproject.org.conf: **SSLCert** ificateKeyFile "/etc/letsencrypt/live/herproject.org/privkey.pem"

/etc/httpd/vhost.d/staging.portal.herproject.org.conf: **ServerName** staging.portal.herproject.org

/etc/httpd/vhost.d/staging.portal.herproject.org.conf:# **ServerAlias** www.staging.portal.herproject.org

/etc/httpd/vhost.d/staging.portal.herproject.org.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/herproject.org-le-ssl.conf:&lt; **VirtualHost** *:443&gt;

/etc/httpd/vhost.d/herproject.org-le-ssl.conf: **ServerName** herproject.org

/etc/httpd/vhost.d/herproject.org-le-ssl.conf: **ServerAlias** www.herproject.org

/etc/httpd/vhost.d/herproject.org-le-ssl.conf:# Possible values **include** : debug, info, notice, warn, error, crit,

/etc/httpd/vhost.d/herproject.org-le-ssl.conf: **Include** /etc/letsencrypt/options-ssl-apache.conf

/etc/httpd/vhost.d/herproject.org-le-ssl.conf: **SSLCert** ificateFile /etc/letsencrypt/live/herproject.org/cert.pem

/etc/httpd/vhost.d/herproject.org-le-ssl.conf: **SSLCert** ificateKeyFile /etc/letsencrypt/live/herproject.org/privkey.pem

/etc/httpd/vhost.d/herproject.org-le-ssl.conf: **SSLCert** ificateChainFile /etc/letsencrypt/live/herproject.org/chain.pem

/etc/httpd/vhost.d/herproject.org-le-ssl.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/herproject.org.conf:&lt; **VirtualHost** *:80&gt;

/etc/httpd/vhost.d/herproject.org.conf: **ServerName** herproject.org

/etc/httpd/vhost.d/herproject.org.conf: # **ServerAlias** www.herproject.org

/etc/httpd/vhost.d/herproject.org.conf:# Possible values **include** : debug, info, notice, warn, error, crit,

/etc/httpd/vhost.d/herproject.org.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/portal.herproject.org.conf:&lt; **VirtualHost** *:80&gt;

/etc/httpd/vhost.d/portal.herproject.org.conf: **ServerName** portal.herproject.org

/etc/httpd/vhost.d/portal.herproject.org.conf:# **ServerAlias** www.portal.herproject.org

/etc/httpd/vhost.d/portal.herproject.org.conf: # Possible values **include** : debug, info, notice, warn, error, crit,

/etc/httpd/vhost.d/portal.herproject.org.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/portal.herproject.org.conf:&lt; **VirtualHost** *:443&gt;

/etc/httpd/vhost.d/portal.herproject.org.conf: **ServerName** portal.herproject.org

/etc/httpd/vhost.d/portal.herproject.org.conf: **ServerAlias** www.portal.herproject.org

/etc/httpd/vhost.d/portal.herproject.org.conf: **SSLCert** ificateFile /etc/letsencrypt/live/portal.herproject.org/cert.pem

/etc/httpd/vhost.d/portal.herproject.org.conf: **SSLCert** ificateKeyFile /etc/letsencrypt/live/portal.herproject.org/privkey.pem

/etc/httpd/vhost.d/portal.herproject.org.conf: **Include** /etc/letsencrypt/options-ssl-apache.conf

/etc/httpd/vhost.d/portal.herproject.org.conf: **SSLCert** ificateChainFile /etc/letsencrypt/live/portal.herproject.org/chain.pem

/etc/httpd/vhost.d/portal.herproject.org.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/ciyuan.bsr.org.conf:&lt; **VirtualHost** *:80&gt;

/etc/httpd/vhost.d/ciyuan.bsr.org.conf: **ServerName** ciyuan.bsr.org

/etc/httpd/vhost.d/ciyuan.bsr.org.conf: **ServerAlias** www.ciyuan.bsr.org

/etc/httpd/vhost.d/ciyuan.bsr.org.conf:# Possible values **include** : debug, info, notice, warn, error, crit,

/etc/httpd/vhost.d/ciyuan.bsr.org.conf:&lt;/ **VirtualHost** &gt;

/etc/httpd/vhost.d/healthybusiness.bsr.org.conf:&lt; **VirtualHost** *:80&gt;

/etc/httpd/vhost.d/healthybusiness.bsr.org.conf: **ServerName** healthybusiness.bsr.org

/etc/httpd/vhost.d/healthybusiness.bsr.org.conf: **ServerAlias** www.healthybusiness.bsr.org

/etc/httpd/vhost.d/healthybusiness.bsr.org.conf:# Possible values **include** : debug, info, notice, warn, error, crit,

/etc/httpd/vhost.d/healthybusiness.bsr.org.conf:&lt;/ **VirtualHost** &gt;

#16
/etc/httpd/conf/httpd.conf: Listen 80
/etc/httpd/conf/httpd.conf: Include conf.modules.d/*.conf
/etc/httpd/conf/httpd.conf: ServerName herproject.org:80 <<<<<<<<<<<<<<<<<< conflicts - change to giberish
/etc/httpd/conf/httpd.conf: AddOutputFilter INCLUDE S .shtml
/etc/httpd/conf/httpd.conf: Include Optional conf.d/*.conf
/etc/httpd/conf/httpd.conf: Include vhost.d/*.conf

/etc/httpd/vhost.d/example.conf:<VirtualHost *:80>
/etc/httpd/vhost.d/example.conf:# ServerName beta.bsr.org <<<<<<<<<<<<<<<<<<<<<<<< NO NAME - CONFLICT (because it uses default ServerName "herproject.org")
/etc/httpd/vhost.d/example.conf:# ServerAlias beta.bsr.org <<<<<<<<<<<<<<<<<<<<<<<< NO NAME - CONFLICT (because it uses default ServerName "herproject.org")
/etc/httpd/vhost.d/example.conf:</VirtualHost>

/etc/httpd/vhost.d/www.herproject.org.conf:<VirtualHost *:80>
/etc/httpd/vhost.d/www.herproject.org.conf: ServerName www.herproject.org
/etc/httpd/vhost.d/www.herproject.org.conf:</VirtualHost>

/etc/httpd/vhost.d/herproject.org.conf:<VirtualHost *:80>
/etc/httpd/vhost.d/herproject.org.conf: ServerName herproject.org
/etc/httpd/vhost.d/herproject.org.conf:</VirtualHost>


/etc/httpd/conf.d/ssl.conf: Listen 443 https
/etc/httpd/conf.d/ssl.conf:<VirtualHost *:443>
/etc/httpd/conf.d/ssl.conf: ServerName herproject.org:443 <<<<<<<<<<<<<<<<<<<<<<<< 1
/etc/httpd/conf.d/ssl.conf: ServerAlias www.herproject.org:443 <<<<<<<<<<<<<<<<<<<<<<<< 2
/etc/httpd/conf.d/ssl.conf: SSLCert ificateFile /etc/letsencrypt/live/herproject.org/cert.pem
/etc/httpd/conf.d/ssl.conf: SSLCert ificateKeyFile /etc/letsencrypt/live/herproject.org/privkey.pem
/etc/httpd/conf.d/ssl.conf: SSLCert ificateChainFile /etc/letsencrypt/live/herproject.org/chain.pem
/etc/httpd/conf.d/ssl.conf:</VirtualHost>

/etc/httpd/vhost.d/www.herproject.org.conf:<VirtualHost *:443>
/etc/httpd/vhost.d/www.herproject.org.conf: ServerName www.herproject.org <<<<<<<<<<<<<<<<<<<<<<<< 1
/etc/httpd/vhost.d/www.herproject.org.conf: Include /etc/letsencrypt/options-ssl-apache.conf
/etc/httpd/vhost.d/www.herproject.org.conf: SSLCert ificateFile /etc/letsencrypt/live/herproject.org/cert.pem
/etc/httpd/vhost.d/www.herproject.org.conf: SSLCert ificateKeyFile /etc/letsencrypt/live/herproject.org/privkey.pem
/etc/httpd/vhost.d/www.herproject.org.conf: SSLCert ificateChainFile /etc/letsencrypt/live/herproject.org/chain.pem
/etc/httpd/vhost.d/www.herproject.org.conf:</VirtualHost>

/etc/httpd/vhost.d/herproject.org-le-ssl.conf:<VirtualHost *:443>
/etc/httpd/vhost.d/herproject.org-le-ssl.conf: ServerName herproject.org <<<<<<<<<<<<<<<<<<<<<<<< 1
/etc/httpd/vhost.d/herproject.org-le-ssl.conf: ServerAlias www.herproject.org <<<<<<<<<<<<<<<<<<<<<<<< 2
/etc/httpd/vhost.d/herproject.org-le-ssl.conf: Include /etc/letsencrypt/options-ssl-apache.conf
/etc/httpd/vhost.d/herproject.org-le-ssl.conf: SSLCert ificateFile /etc/letsencrypt/live/herproject.org/cert.pem
/etc/httpd/vhost.d/herproject.org-le-ssl.conf: SSLCert ificateKeyFile /etc/letsencrypt/live/herproject.org/privkey.pem
/etc/httpd/vhost.d/herproject.org-le-ssl.conf: SSLCert ificateChainFile /etc/letsencrypt/live/herproject.org/chain.pem
/etc/httpd/vhost.d/herproject.org-le-ssl.conf:</VirtualHost>

#17

Delete file:
/etc/httpd/vhost.d/example.conf

Probably also delete file:
/etc/httpd/conf.d/ssl.conf
[seems to duplicate /etc/httpd/vhost.d/herproject.org-le-ssl.conf]

Combine files:
/etc/httpd/vhost.d/www.herproject.org.conf
/etc/httpd/vhost.d/herproject.org-le-ssl.conf
[if they do the same thing - to the same document root = you only need one]


#18

Problem solved! Thanks again for all your help and attention! This seems to have fixed my issue (although I had to keep the ssl.conf file and comment-out the vhost information).

There’s still some strangeness going on between herproject.org and www.herproject.org domains and I’d like to remove and revoke all the certificates and start over again but that’s for another time.


#19

Don’t ever revoke unless you lose the private key.

I’m glad to hear it is secure now :slight_smile: