Unable to renew cert

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: sankofakids.org

I ran this command: sudo certbot certonly --apache

It produced this output:

root@ip-172-31-32-223:/# sudo certbot certonly --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?


1: sankofakids.org
2: www.sankofakids.org


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):


You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/sankofakids.org.conf)

It contains these names: sankofakids.org

You requested these names for the new certificate: sankofakids.org,
www.sankofakids.org.

Do you want to expand and replace this existing certificate with the new
certificate?


(E)xpand/©ancel: E
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for sankofakids.org
http-01 challenge for www.sankofakids.org
Waiting for verification…
Challenge failed for domain sankofakids.org
Challenge failed for domain www.sankofakids.org
http-01 challenge for sankofakids.org
http-01 challenge for www.sankofakids.org
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:

My web server is (include version) apache2

The operating system my web server runs on is (include version): 1. Ubuntu 16.04 LTS.

My hosting provider, if applicable, is: aws

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot: command not found

2 Likes

Try:
sudo certbot --version

And please show the output of:
sudo apachectl -S

2 Likes

Your current cert expired 18 hours ago…
So it would seem that something has changed since the last time you obtained a cert (90 days ago).
Your renewal attempts (if any) have all failed and now this additional FQDN (“www”) also fails.
Has anything change?
Did you change your ISP, your HSP, your DSP?

2 Likes

sudo certbot --version

certbot 1.7.0

And please show the output of: sudo apachectl -S

VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server sankofakids.org (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost sankofakids.org (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost sankofakids.org (/etc/apache2/sites-enabled/sankofakids.org.conf:1)
*:443                  is a NameVirtualHost
         default server sankofakids.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
         port 443 namevhost sankofakids.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
         port 443 namevhost sankofakids.org (/etc/apache2/sites-enabled/sankofakids.org.conf:37)
                 alias www.sankofakids.org
                 alias #If
                 alias using
                 alias alternate
                 alias names
                 alias for
                 alias a
                 alias host
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

----->thank you for the quick response<----

1 Like

What is this?:

Please show the file:
/etc/apache2/sites-enabled/sankofakids.org.conf

2 Likes

ISP has not change. Not sure what HSP and DSP are

1 Like

H = Hosting
D = DNS
SP = Service Provider

1 Like

You have the same FQDN in two active vhost configs - that is a name overlap (not good).
Lets also see the file:
/etc/apache2/sites-enabled/000-default.conf

2 Likes

alias stuff were part of the output

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/wordpress

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

ServerName sankofakids.org
SSLCertificateFile /etc/letsencrypt/live/sankofakids.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sankofakids.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>

<VirtualHost *:443>
    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/sankofakids.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/sankofakids.org/privkey.pem
   # SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt  #If using a self-signed certificate, omit this line

    ServerAdmin webmaster@localhost
    ServerName sankofakids.org
    ServerAlias www.sankofakids.org #If using alternate names for a host
     DocumentRoot /var/www/wordpress
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>
VirtualHost configuration:
*:80                   sankofakids.org (/etc/apache2/sites-enabled/sankofakids.o                                                                                        rg.conf:1)
*:443                  is a NameVirtualHost
         default server sankofakids.org (/etc/apache2/sites-enabled/000-default-                                                                                        le-ssl.conf:2)
         port 443 namevhost sankofakids.org (/etc/apache2/sites-enabled/000-defa                                                                                        ult-le-ssl.conf:2)
         port 443 namevhost sankofakids.org (/etc/apache2/sites-enabled/sankofak                                                                                        ids.org.conf:37)
                 alias www.sankofakids.org
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
1 Like

Please wrap your output within three backticks.
Like:
```
your output
```

[to make it readable]

2 Likes

Thanks, they have not change

1 Like

Got it, I Will do that

1 Like

You can edit the previous post or repost the files again (legibly).

1 Like

Change that to either:
ServerAlias www.sankofakids.org # If using alternate names for a host
OR
ServerAlias www.sankofakids.org

"#if" has a “special” meaning and doesn’t do what is being expected here

Actually search and replace all occurrences of “#if” [there are others]

1 Like

ok I have,replaced all the #if

Still pending on the two files I asked for previously.
But I need to step out now - be back later.


        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/wordpress

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

ServerName sankofakids.org
SSLCertificateFile /etc/letsencrypt/live/sankofakids.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sankofakids.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>

#<VirtualHost *:443>
#    SSLEngine On
#    SSLCertificateFile /etc/letsencrypt/live/sankofakids.org/fullchain.pem
#    SSLCertificateKeyFile /etc/letsencrypt/live/sankofakids.org/privkey.pem
   # SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt  #If using a self-signed certificate, omit this line

 #   ServerAdmin webmaster@localhost
  #  ServerName sankofakids.org
  #  ServerAlias www.sankofakids.org #If using alternate names for a host
  #   DocumentRoot /var/www/wordpress
  #   ErrorLog ${APACHE_LOG_DIR}/error.log
   #  CustomLog ${APACHE_LOG_DIR}/access.log combined

#</VirtualHost>

This is the corrected version of /etc/apache2/sites-enabled/sankofakids.org.conf

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        # ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/wordpress

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        # LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        # Include conf-available/serve-cgi-bin.conf

ServerName sankofakids.org
SSLCertificateFile /etc/letsencrypt/live/sankofakids.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sankofakids.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>

<VirtualHost *:443>
    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/sankofakids.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/sankofakids.org/privkey.pem
   # SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt  #If using a self-signed certificate, omit this line

    ServerAdmin webmaster@localhost
    ServerName sankofakids.org
    ServerAlias www.sankofakids.org
     DocumentRoot /var/www/wordpress
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

Hi @appsellent,

You’ve noticed that the website doesn’t work at all in HTTP, right? http://www.sankofakids.org/ just disconnects entirely without sending back any data. Do you have any idea why that might be? Are you sure it isn’t some kind of firewall behavior?

Do you have any errors logged in /var/log/apache2/error.log that might explain the problem?

2 Likes
[Sat Sep 05 06:25:01.582080 2020] [mpm_prefork:notice] [pid 14634] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 06:25:01.582104 2020] [core:notice] [pid 14634] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 12:15:24.147139 2020] [mpm_prefork:notice] [pid 14634] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 12:15:24.247343 2020] [mpm_prefork:notice] [pid 14634] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 12:15:24.247358 2020] [core:notice] [pid 14634] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 12:15:30.716271 2020] [mpm_prefork:notice] [pid 14634] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 12:15:30.842080 2020] [mpm_prefork:notice] [pid 14634] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 12:15:30.842099 2020] [core:notice] [pid 14634] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 17:34:04.665405 2020] [mpm_prefork:notice] [pid 14634] AH00169: caught SIGTERM, shutting down
[Sat Sep 05 17:34:05.784847 2020] [mpm_prefork:notice] [pid 23471] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 17:34:05.784919 2020] [core:notice] [pid 23471] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 17:42:51.746611 2020] [mpm_prefork:notice] [pid 23471] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 17:42:51.833918 2020] [mpm_prefork:notice] [pid 23471] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 17:42:51.833933 2020] [core:notice] [pid 23471] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 17:42:58.468863 2020] [mpm_prefork:notice] [pid 23471] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 17:42:58.594620 2020] [mpm_prefork:notice] [pid 23471] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 17:42:58.594636 2020] [core:notice] [pid 23471] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 17:45:20.905824 2020] [mpm_prefork:notice] [pid 23471] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 17:45:20.977391 2020] [mpm_prefork:notice] [pid 23471] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 17:45:20.977409 2020] [core:notice] [pid 23471] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 17:45:27.197651 2020] [mpm_prefork:notice] [pid 23471] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 17:45:27.317157 2020] [mpm_prefork:notice] [pid 23471] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 17:45:27.317173 2020] [core:notice] [pid 23471] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 18:06:27.047341 2020] [mpm_prefork:notice] [pid 23471] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 18:06:27.127240 2020] [mpm_prefork:notice] [pid 23471] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 18:06:27.127255 2020] [core:notice] [pid 23471] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 18:06:37.025499 2020] [mpm_prefork:notice] [pid 23471] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 18:06:37.149401 2020] [mpm_prefork:notice] [pid 23471] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 18:06:37.149421 2020] [core:notice] [pid 23471] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 18:12:03.014173 2020] [mpm_prefork:notice] [pid 23471] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 18:12:03.088737 2020] [mpm_prefork:notice] [pid 23471] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 18:12:03.088755 2020] [core:notice] [pid 23471] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 18:12:09.762474 2020] [mpm_prefork:notice] [pid 23471] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 18:12:09.898597 2020] [mpm_prefork:notice] [pid 23471] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 18:12:09.898613 2020] [core:notice] [pid 23471] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 18:25:45.480358 2020] [mpm_prefork:notice] [pid 23471] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 18:25:45.558119 2020] [mpm_prefork:notice] [pid 23471] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 18:25:45.558132 2020] [core:notice] [pid 23471] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 18:25:50.155320 2020] [mpm_prefork:notice] [pid 23471] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 18:25:50.275441 2020] [mpm_prefork:notice] [pid 23471] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 18:25:50.275455 2020] [core:notice] [pid 23471] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 21:43:03.101734 2020] [mpm_prefork:notice] [pid 23471] AH00169: caught SIGTERM, shutting down
[Sat Sep 05 21:43:04.219120 2020] [mpm_prefork:notice] [pid 27157] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 21:43:04.219197 2020] [core:notice] [pid 27157] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 21:51:28.898027 2020] [mpm_prefork:notice] [pid 27157] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 21:51:29.070874 2020] [mpm_prefork:notice] [pid 27157] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 21:51:29.070900 2020] [core:notice] [pid 27157] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 21:51:36.954524 2020] [mpm_prefork:notice] [pid 27157] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 21:51:37.074435 2020] [mpm_prefork:notice] [pid 27157] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 21:51:37.074459 2020] [core:notice] [pid 27157] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 21:56:35.212990 2020] [mpm_prefork:notice] [pid 27157] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 21:56:35.283144 2020] [mpm_prefork:notice] [pid 27157] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 21:56:35.283159 2020] [core:notice] [pid 27157] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 21:56:45.857376 2020] [mpm_prefork:notice] [pid 27157] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 21:56:45.981876 2020] [mpm_prefork:notice] [pid 27157] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 21:56:45.981895 2020] [core:notice] [pid 27157] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 22:03:10.334414 2020] [mpm_prefork:notice] [pid 27157] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 22:03:10.429806 2020] [mpm_prefork:notice] [pid 27157] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 22:03:10.429820 2020] [core:notice] [pid 27157] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 22:03:14.841008 2020] [mpm_prefork:notice] [pid 27157] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 22:03:14.961893 2020] [mpm_prefork:notice] [pid 27157] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 22:03:14.961906 2020] [core:notice] [pid 27157] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 22:11:54.272142 2020] [mpm_prefork:notice] [pid 27157] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 22:11:54.366831 2020] [mpm_prefork:notice] [pid 27157] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 22:11:54.366845 2020] [core:notice] [pid 27157] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 22:11:59.315813 2020] [mpm_prefork:notice] [pid 27157] AH00171: Graceful restart requested, doing restart
[Sat Sep 05 22:11:59.438776 2020] [mpm_prefork:notice] [pid 27157] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Sep 05 22:11:59.438790 2020] [core:notice] [pid 27157] AH00094: Command line: '/usr/sbin/apache2'
[Sat Sep 05 22:51:41.394022 2020] [ssl:error] [pid 29068] [client 104.130.202.77:33110] AH02042: rejecting client initiated renegotiation