Unable to renew certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:video.alunika.com

I ran this command:sudo certbot --apache

It produced this output:Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): video.alunika.com,www.video.alunika.com
Requesting a certificate for video.alunika.com and www.video.alunika.com
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for por
t 80.

My web server is (include version):CentOS 8

The operating system my web server runs on is (include version):Apache 2.4

My hosting provider, if applicable, is:https://www.ukraine.com.ua/

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):ISPmanager Lite 6.14.1

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 1.21.0

I have tried to renew it with instructions from Certbot Instructions | Certbot
Also we could't renew certificate automatically, so now we are trying to do it with our hands, but we are facing some problems. Appriciate your help, thanks.

2 Likes

Hi @Alunika and welcome to the LE community forum :slight_smile:

We need to address:

Let's start to unravel this problem with the output of:
sudo apachectl -t -D DUMP_VHOSTS

And since you mention "renew", please also show the output of:
certbot certificates

2 Likes

Hi! Thank you for answering. Here is results for comands:

sudo apachectl -t -D DUMP_VHOSTS

Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
If you want to pass extra arguments to httpd, edit the
/etc/sysconfig/httpd config file.
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using vps-32408.vps-default-host.net. Set the 'ServerName' directive globally to sup
press this message
VirtualHost configuration:
[2a05:480:0:f678::2]:80 is a NameVirtualHost
default server crmtest.alunika.com (/etc/httpd/conf/vhosts/www-root/crmtest.alunika.com:1)
port 80 namevhost crmtest.alunika.com (/etc/httpd/conf/vhosts/www-root/crmtest.alunika.com:1)
alias www.crmtest.alunika.com
port 80 namevhost test1v.alunika.com (/etc/httpd/conf/vhosts/www-root/test1v.alunika.com:1)
alias www.test1v.alunika.com
port 80 namevhost video.alunika.com (/etc/httpd/conf/vhosts/www-root/video.alunika.com:1)
alias www.video.alunika.com
port 80 namevhost videotest.alunika.com (/etc/httpd/conf/vhosts/www-root/videotest.alunika.com:1)
alias www.videotest.alunika.com
[2a05:480:0:f678::2]:443 is a NameVirtualHost
default server crmtest.alunika.com (/etc/httpd/conf/vhosts/www-root/crmtest.alunika.com:36)
port 443 namevhost crmtest.alunika.com (/etc/httpd/conf/vhosts/www-root/crmtest.alunika.com:36)
alias www.crmtest.alunika.com
port 443 namevhost video.alunika.com (/etc/httpd/conf/vhosts/www-root/video.alunika.com:16)
alias www.video.alunika.com
port 443 namevhost videotest.alunika.com (/etc/httpd/conf/vhosts/www-root/videotest.alunika.com:36)
alias www.videotest.alunika.com
185.65.246.120:80 is a NameVirtualHost
default server crmtest.alunika.com (/etc/httpd/conf/vhosts/www-root/crmtest.alunika.com:1)
port 80 namevhost crmtest.alunika.com (/etc/httpd/conf/vhosts/www-root/crmtest.alunika.com:1)
alias www.crmtest.alunika.com
port 80 namevhost test1v.alunika.com (/etc/httpd/conf/vhosts/www-root/test1v.alunika.com:1)
alias www.test1v.alunika.com
port 80 namevhost video.alunika.com (/etc/httpd/conf/vhosts/www-root/video.alunika.com:1)
alias www.video.alunika.com
port 80 namevhost videotest.alunika.com (/etc/httpd/conf/vhosts/www-root/videotest.alunika.com:1)
alias www.videotest.alunika.com
185.65.246.120:443 is a NameVirtualHost
default server crmtest.alunika.com (/etc/httpd/conf/vhosts/www-root/crmtest.alunika.com:36)
port 443 namevhost crmtest.alunika.com (/etc/httpd/conf/vhosts/www-root/crmtest.alunika.com:36)
alias www.crmtest.alunika.com
port 443 namevhost video.alunika.com (/etc/httpd/conf/vhosts/www-root/video.alunika.com:16)
alias www.video.alunika.com
port 443 namevhost videotest.alunika.com (/etc/httpd/conf/vhosts/www-root/videotest.alunika.com:36)
alias www.videotest.alunika.com

certbot certificates

certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: crmtest.alunika.com
Serial Number: 3f90e3fafd00495eb7b1a30542dd5974214
Key Type: RSA
Domains: crmtest.alunika.com
Expiry Date: 2021-12-09 08:52:41+00:00 (VALID: 10 days)
Certificate Path: /etc/letsencrypt/live/crmtest.alunika.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/crmtest.alunika.com/privkey.pem
Certificate Name: test1v.alunika.com
Serial Number: 356240b1ce62e7ae0f537a0aaee0cff01db
Key Type: RSA
Domains: test1v.alunika.com
Expiry Date: 2021-12-22 11:37:00+00:00 (VALID: 23 days)
Certificate Path: /etc/letsencrypt/live/test1v.alunika.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/test1v.alunika.com/privkey.pem
Certificate Name: video.alunika.com
Serial Number: 4657f0333d48d9af58c1652e80e1733b1f4
Key Type: RSA
Domains: video.alunika.com videotest.alunika.com
Expiry Date: 2021-11-28 14:49:28+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/video.alunika.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/video.alunika.com/privkey.pem

1 Like

OK, I see an expired cert [but it doesn't have the same names on it as the renewal request].
Let's find out why certbot can't issue you a cert.
Please show the renewal.conf file:
named something like:
/etc/letsencrypt/renewal/video.alunika.com.conf
and the file:
/etc/httpd/conf/vhosts/www-root/videotest.alunika.com

3 Likes

Oh, it resolved for now.
It was due to php-fpm module was down. We don’t know why it was down and why certbot didn’t renew it when it was down, but after activating it, everything started working again

2 Likes

You should review the certs, and delete the ones you no longer need nor wish to be renewed.

3 Likes

Thank you very much, already doing it! :slight_smile:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.