Tried to remove and replace a Let's Encrypt cert, can't use certbot to reinstall cert and can't restart Apache

Help
1

My domain is:
pimail.email
I ran this command:
To remove I’ve ran these commands:
https://www.jesusamieiro.com/remove-revoke-a-domain-in-lets-encrypt/ but didn’t notice pimail.email-0001 when I deleted the certs
Then when Certbot couldn’t renew the cert with error:
Error while running apache2ctl configtest.
Action ‘configtest’ failed.
The Apache error log may have more information.

AH00526: Syntax error on line 34 of /etc/apache2/sites-enabled/000-default-le-ss l.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/pimail.email-0001/fullchain.pem’ does not exist or is empty

The apache plugin is not working; there may be problems with your existing confi guration.
The error was: MisconfigurationError(“Error while running apache2ctl configtest. \nAction ‘configtest’ failed.\nThe Apache error log may have more information.\n \nAH00526: Syntax error on line 34 of /etc/apache2/sites-enabled/000-default-le- ssl.conf:\nSSLCertificateFile: file ‘/etc/letsencrypt/live/pimail.email-0001/ful lchain.pem’ does not exist or is empty\n”,)
I’ve removed Apache2 and Certbot now Apache won’t start with error:
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2019-09-08 22:02:12 BST; 5s ago
Process: 11008 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
Main PID: 27387 (code=exited, status=0/SUCCESS)

Sep 08 22:02:12 raspberrypi2 systemd[1]: Starting The Apache HTTP Server…
Sep 08 22:02:12 raspberrypi2 apachectl[11008]: Action ‘start’ failed.
Sep 08 22:02:12 raspberrypi2 apachectl[11008]: The Apache error log may have more information.
Sep 08 22:02:12 raspberrypi2 systemd[1]: apache2.service: Control process exited, code=exited status=1
Sep 08 22:02:12 raspberrypi2 systemd[1]: Failed to start The Apache HTTP Server.
Sep 08 22:02:12 raspberrypi2 systemd[1]: apache2.service: Unit entered failed state.
Sep 08 22:02:12 raspberrypi2 systemd[1]: apache2.service: Failed with result ‘exit-code’.

My web server is (include version):
Apache 2
The operating system my web server runs on is (include version):
Rasbian (Based on Debian 9)
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.28.0

2

Revoking a cert is almost never the right thing to do, and deleting cert files is almost as rarely the right answer. So now you have Apache failing to start because it can’t load cert and key files. As an interim fix, you could generate a self-signed cert (at the CLI if you know how, or at zerossl.com if you want a web interface), save its files in the appropriate places, then use certbot in webroot mode to get a new cert.

1 Like
3

Do you have other certificates on that machine? You could temporarily configure that virtual host to use one of them – it wouldn’t be valid, but Apache would start.

1 Like
4

There’s only the pimail cert on the server

1 Like
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.