Unable to install the certificate

my domain is:
soltanius.de

I ran this command:
certbot --apache -m myEmail -d soltanius.de

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for soltanius.de
Waiting for verification…
Cleaning up challenges
Could not reverse map the HTTPS VirtualHost to the original

IMPORTANT NOTES:

  • Unable to install the certificate
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/soltanius.de/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/soltanius.de/privkey.pem
    Your cert will expire on 2020-01-25. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

My web server is (include version):
Apache/2.4.29 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 18.04.3 LTS

My hosting provider, if applicable, is:
Strato AG

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): /

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.23.0

First, my english is not the best, but i make an effort. :slight_smile:
I tried to make a SSL certificate for my Website but I got this output and my Website isn´t secured. (tested with Chrome on Windows 10)

My certificate for my cloud (nextcloud) works.
Domain: cloud.soltanius.de

What can I do?

1 Like

Hi @Soltanius

checking your domain you have created 4 certificates - https://check-your-website.server-daten.de/?q=soltanius.de#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-10-27 2020-01-25 soltanius.de - 1 entries duplicate nr. 4
Let's Encrypt Authority X3 2019-10-27 2020-01-25 soltanius.de - 1 entries duplicate nr. 3
Let's Encrypt Authority X3 2019-10-27 2020-01-25 soltanius.de - 1 entries duplicate nr. 2
Let's Encrypt Authority X3 2019-10-27 2020-01-25 soltanius.de - 1 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-09-20 2019-12-19 ts3bot.soltanius.de - 1 entries

So that part has worked. Don't create a new certificate, there is a rate limit.

But used is the wrong certificate:

CN=cloud.soltanius.de
	17.09.2019
	16.12.2019
expires in 50 days	cloud.soltanius.de - 1 entry

If you can't install it:

First step: Update your Certbot, 0.23 is very old.

Then: Looks like your configuration is buggy, Certbot doesn't understand it.

What says

apachectl -S
1 Like

Is there an extra command to update certbot?
I use apt-get upgrade and apt-get install once per week…

apachectl -S:
VirtualHost configuration:
81.169.170.18:443 cloud.soltanius.de (/etc/apache2/sites-enabled/nextcloud-le-ssl.conf:2)
81.169.170.18:80 is a NameVirtualHost
default server cloud.soltanius.de (/etc/apache2/sites-enabled/nextcloud.conf:1)
port 80 namevhost cloud.soltanius.de (/etc/apache2/sites-enabled/nextcloud.conf:1)
alias www.cloud.soltanius.de
port 80 namevhost soltanius.de (/etc/apache2/sites-enabled/soltanius.conf:1)
port 80 namevhost www.soltanius.de (/etc/apache2/sites-enabled/soltanius.conf:17)
port 80 namevhost soltanius.de (/etc/apache2/sites-enabled/soltanius.conf:33)
port 80 namevhost steckbriefe.soltanius.de (/etc/apache2/sites-enabled/steckbriefe.conf:1)
port 80 namevhost www.steckbriefe.soltanius.de (/etc/apache2/sites-enabled/steckbriefe.conf:17)
*:80 h2849908.stratoserver.net (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

steckbriefe.soltanius.de is another Website, wich I used as a test for my skill in HTML/CSS

There

you see the problem. Two vHosts with the same port + domain name. So Certbot doesn't know what's the correct vHost.

Should non-www + www have the same content? If yes, merge these three in one port 80 vHost.

With

ServerName soltanius.de
ServerAlias www.soltanius.de

so you have one vHost with both domain names. Remove the other vHosts, then restart your Apache, then again apachectl -S to see, if the output is correct.

1 Like

So… Now:
VirtualHost configuration:
81.169.170.18:443 cloud.soltanius.de (/etc/apache2/sites-enabled/nextcloud-le-ssl.conf:2)
81.169.170.18:80 is a NameVirtualHost
default server cloud.soltanius.de (/etc/apache2/sites-enabled/nextcloud.conf:1)
port 80 namevhost cloud.soltanius.de (/etc/apache2/sites-enabled/nextcloud.conf:1)
alias www.cloud.soltanius.de
port 80 namevhost soltanius.de (/etc/apache2/sites-enabled/soltanius.conf:1)
alias www.soltanius.de
port 80 namevhost steckbriefe.soltanius.de (/etc/apache2/sites-enabled/steckbriefe.conf:1)
alias www.steckbrief.soltanius.de
*:80 h2849908.stratoserver.net (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

I´ve done the same for my other Sub-Domain.

1 Like

I used Port 80, should this be the problem?
http use this port and https use 443,or I´m wrong?

That looks good:

Now create one certificate with both domain names.

certbot --apache -d soltanius.de -d www.soltanius.de

So the command has the same list of domain names as one vHost.

Should work with the old Certbot, because now your configuration is better.

2 Likes

Thank u very much!
Now i know how I can do it :slight_smile:

2 Likes

Yep, now there is a new certificate with both domain names :+1:

1 Like

I tried the same with my other Domain…
What mean this output?:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for steckbriefe.soltanius.de
http-01 challenge for www.steckbriefe.soltanius.de
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. www.steckbriefe.soltanius.de (http-01): urn:acme:error:dns :: DNS problem: NXDOMAIN looking up A for www.steckbriefe.soltanius.de

IMPORTANT NOTES:

There is a check of your domain, some minutes old - https://check-your-website.server-daten.de/?q=steckbriefe.soltanius.de

There is no ip address

Host T IP-Address is auth. ∑ Queries ∑ Timeout
steckbriefe.soltanius.de A 81.169.170.18 Berlin/Land Berlin/Germany (DE) - Strato AG Hostname: h2849908.stratoserver.net yes 1 0
AAAA yes
www.steckbriefe.soltanius.de Name Error yes 1 0

of the www version. Add one or ignore it (remove the www version in your vHost). It's a subdomain, so a www version isn't required. But you can create one.

1 Like

Oh… thanks…
I didn´t know, that I have to make a extra subdomain then…
I removed the alias in the vHost and now its works too…

This was ist for the next time :smiley:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.