I’m trying to install letsencrypt on Apache with ubuntu 12.04 (Yes, ubuntu 12.04. Please don’t lecture me on using an outdated OS. That would be OT. It’s on my todo list.)
This is the output after answering all the questions:
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for accordi-online.net
tls-sni-01 challenge for accordi-online.com
tls-sni-01 challenge for www.accordi-online.com
tls-sni-01 challenge for www.accordi-online.net
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/conf.robb/vhosts-le-ssl.conf
Enabling NameVirtualHosts on *:443
Deploying Certificate for accordi-online.net to VirtualHost /etc/apache2/conf.robb/vhosts-le-ssl.conf Unsupported filesystem layout. sites-available/enabled expected.
IMPORTANT NOTES:
Unable to install the certificate
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/accordi-online.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/accordi-online.net/privkey.pem
Your cert will expire on 2017-12-09. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again with the “certonly” option. To non-interactively renew all
of your certificates, run “certbot-auto renew”
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
I have:
/etc/apache2/sites-available
/etc/apache2/sites-enabled
So I see why the installation program couldn’t find sites-available/enabled. It’s not there.
What is my best course of action? Do I change my filesystem layout to suit letsencrypt, then uninstall and reinstall letsencrypt?
In this case, this means "both sites-available and sites-enabled", not a directory called "sites-available/enabled". So, you do have the layout it expects... partly.
In this case I think that Certbot was alarmed by the use of /etc/apache2/conf.robb because Certbot assumed that all VirtualHosts that it needs to modify exist within /etc/apache2/sites-available. conf.robb is not sites-available so I assume that Certbot concluded that it didn't know how to modify this file.
The simplest thing would be if you could shift any VirtualHosts out of conf.robb and instead sites-available (you can make appropriate symlinks from sites-enabled via ln -s or more officially a2ensite). There shouldn't be a need to reinstall Certbot and it's probably even possible to get it to proceed with the installation proceed via certbot install. However, you might instead choose to use certbot-auto certificates to find the old certificate and certbot-auto delete to delete it, and then start from scratch rerunning certbot-auto --apache.
In any case, there shouldn't be a need to reinstall certbot-auto because there are no configuration options saved inside the certbot-auto program itself.
# Include generic snippets of statements
Include conf.d/
# Include the virtual host configurations:
Include sites-enabled/
# Added own directives by Robb on 2012-08-27.
include conf.robb/
I moved the 3 files from conf.robb to sites-enabled and commented out the corresponding line (conf.robb) in apache2.conf, then executed the following commands:
sudo /home/dellfalconer/certbot-auto delete
sudo /home/dellfalconer/certbot-auto --apache
Everything seems to be working fine now. Thanks much!