Just run this:
sudo certbot --apache -d "oceanwars.fr,www.oceanwars.fr"
2 Likes
I concur. The account creation should be automatic.
I actually prefer webroot personally. I don't suggest it though if apache works.
2 Likes
After moving the repository and creating a new account I got this result:
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for oceanwars.fr
http-01 challenge for www.oceanwars.fr
Waiting for verification...
Cleaning up challenges
archive directory exists for oceanwars.fr
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
I think there was a problem because the folders for oceanwars.fr already exists so he didn't thought of going more far (www.oceanwars.fr still provoque security issues). 
2 Likes
Run this:
certbot delete --cert-name oceanwars.fr
Then run this again:
sudo certbot --apache -d "oceanwars.fr,www.oceanwars.fr"
1 Like
What was the exact command you ran and what's the output of certbot certificates?
2 Likes
Well I get (full commands):
root@712:~# certbot delete --cert-name oceanwars.fr
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No certificate found with name oceanwars.fr (expected /etc/letsencrypt/renewal/oceanwars.fr.conf).
root@712:~# sudo certbot --apache -d "oceanwars.fr,www.oceanwars.fr"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for oceanwars.fr
http-01 challenge for www.oceanwars.fr
Waiting for verification...
Cleaning up challenges
archive directory exists for oceanwars.fr
root@712:~#
Output of certbot certificates:
root@712:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/oceanwars.fr.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The following renewal configurations were invalid:
/etc/letsencrypt/renewal/oceanwars.fr.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
At this point should I totally reset the VPS and start over?
2 Likes
I think the old account hash is still in the old renewal configuration file.
2 Likes
This is what happens when we don't clean up fully. Osiris will get you squared though. I'll be back later.
2 Likes
That could very well be the case. No idea how certbot would handle that though. Pretty uncharted territory here.
1 Like
Euh, no. That is never ever necessary...
It does seem however that the 0.28.0 version of certbot doesn't like what we're doing 
You could move /etc/letsencrypt/renewal/oceanwars.fr.conf out of the way like:
mv /etc/letsencrypt/renewal/oceanwars.fr.conf /etc/letsencrypt/renewal/oceanwars.fr.conf.backup
And try again.
1 Like
At this point I have worked more on the SSL that on my actual content 
I think I can retrieve the work easily after a reset and maybe put another distribution on my vps that has better package for certbot.
1 Like
You shouldn't have forgotten the www subdomain from the beginning then 
But I'm sure we can fix this within a few moments.
1 Like
After running your command (plus a cat that I have done before that shows that some files are empty):
root@712:~# cat /etc/letsencrypt/renewal/oceanwars.fr.conf
root@712:~# mv /etc/letsencrypt/renewal/oceanwars.fr.conf /etc/letsencrypt/renewal/oceanwars.fr.conf.backup
root@712:~#
root@712:~# And try again.^C
root@712:~# certbot delete --cert-name oceanwars.fr
Saving debug log to /var/log/letsencrypt/letsencrypt.log
No certificate found with name oceanwars.fr (expected /etc/letsencrypt/renewal/oceanwars.fr.conf).
root@712:~# sudo certbot --apache -d "oceanwars.fr,www.oceanwars.fr"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for oceanwars.fr
http-01 challenge for www.oceanwars.fr
Waiting for verification...
Cleaning up challenges
archive directory exists for oceanwars.fr
root@712:~#
1 Like
Uch, why does it keep complaining about that..
mv /etc/letsencrypt/archive/oceanwars.fr /etc/letsencrypt/archive/oceanwars.fr.backup
And try again.
2 Likes
I hope it works this time 
or letsencrypt will ban me if we keep creating new certificates x)
1 Like
Unfortunate, that is indeed a realistic issue.. I'm seeing three (out of a maximum of 5) certificates already. 
Certbot shouldn't complain that much! And just use the issued certificate.......
Version 0.28.0 is pretty ancient.. These are all pretty much terrible workarounds for that.
1 Like
After running your commands:
root@712:~# mv /etc/letsencrypt/archive/oceanwars.fr /etc/letsencrypt/archive/oceanwars.fr.backup
root@712:~# sudo certbot --apache -d "oceanwars.fr,www.oceanwars.fr"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apache2ctl configtest.
Action 'configtest' failed.
The Apache error log may have more information.
AH00526: Syntax error on line 7 of /etc/apache2/sites-enabled/002-oceanwars.fr.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/oceanwars.fr/fullchain.pem' does not exist or is empty
The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError("Error while running apache2ctl configtest.\nAction 'configtest' failed.\nThe Apache error log may have more information.\n\nAH00526: Syntax error on line 7 of /etc/apache2/sites-enabled/002-oceanwars.fr.conf:\nSSLCertificateFile: file '/etc/letsencrypt/live/oceanwars.fr/fullchain.pem' does not exist or is empty\n",)
There was an error with apache so I tried to run:
root@712:~# systemctl restart apache2
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.
root@712:~#
But it also failed
1 Like
Hmm, makes sense.. Apache expects the symbolic links to actually mean something..
mv /etc/letsencrypt/live/oceanwars.fr /etc/letsencrypt/live/oceanwars.fr.backup
ln -sf /etc/letsencrypt/live/oceanwars.fr.backup/fullchain.pem /etc/letsencrypt/archive/oceanwars.fr.backup/fullchain3.pem
ln -sf /etc/letsencrypt/live/oceanwars.fr.backup/chain.pem /etc/letsencrypt/archive/oceanwars.fr.backup/chain3.pem
ln -sf /etc/letsencrypt/live/oceanwars.fr.backup/cert3.pem /etc/letsencrypt/archive/oceanwars.fr.backup/cert3.pem
ln -sf /etc/letsencrypt/live/oceanwars.fr.backup/privkey3.pem /etc/letsencrypt/archive/oceanwars.fr.backup/privkey3.pem
That way the /live/ directory is also out of the way and the symbolic links are good.
You just need to modify the Apache configuration file /etc/apache2/sites-enabled/002-oceanwars.fr.conf to also refer to the backup location of the links in /live/, as we've just renamed the directory 
1 Like
Thanks,
I have ran this command, so here is my /etc/apache2/sites-enabled/002-oceanwars.fr:
<Virtualhost *:443>
ServerName oceanwars.fr
DocumentRoot /var/www/html
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/oceanwars.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/oceanwars.fr/privkey.pem
</Virtualhost>
If I correctly understand what you asked there:
Here is how should looks the file at the end:
<Virtualhost *:443>
ServerName oceanwars.fr
DocumentRoot /var/www/html
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/oceanwars.fr.backup/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/oceanwars.fr.backup/privkey.pem
</Virtualhost>
1 Like
I have talked with my hoster support service.
They told me that they are running certbot 0.27.0 without any issue. Does my issues come from the certbot version and I should try to reverse?
Or my installation is just broken?