I had several postings yesterday detailing my inability to renew my certificate. I was asked a few questions and suggested acme.sh. Acme did not work either and deleted my current certificate.
Now, I am setting up the web site on another server (which has letsencrypt installed). I have added 2 new domains. They show up. But, the server does not respond to a request for https for a new domain.
For instance: https://zend.centerstage.com works but https://tix4.centerstageticketing.com does not work. This is what I get:
[root@ip-172-31-18-163 bruce]# ./certbot-auto certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The latest stable version of Apache is 2.4.29 (released 2017-10-23) - your system is running 2.4.6.
Not sure if that comes into play, but worth mentioning.
The cert your asking for already exists.
But it is not the one being served.
Try without --expand (defaults to renew which will get new if needed)
If that fails try walking it through once interactively: --manual
If the certificate was already issued, it may not be helpful to try to get new certificates at all—if you can figure out where the existing certificate might be on the server.
I took a look at what the provider had for the tix4.centerstageticketing.com domain. I found that it was pointed at a cname entry. I deleted it and re-entered it as an IP address. It seems to work now.
I was given this message:
What would you like to do?
1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)
We were unable to find a vhost with a ServerName or Address of tix4.centerstageticketing.com.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)
Select the appropriate number [1-4] then [enter] (press 'c' to cancel): 4
Waiting for verification...
Cleaning up challenges
We were unable to find a vhost with a ServerName or Address of tix4.centerstageticketing.com.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)
Select the appropriate number [1-4] then [enter] (press 'c' to cancel): 4
The selected vhost would conflict with other HTTPS VirtualHosts within Apache. Please select another vhost or add ServerNames to your configuration.
VirtualHost not able to be selected.
IMPORTANT NOTES:
Unable to install the certificate
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/zend.centerstage.com-0001/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/zend.centerstage.com-0001/privkey.pem
Your cert will expire on 2018-02-03. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again with the "certonly" option. To non-interactively renew all
of your certificates, run "certbot-auto renew"
First you need to get all the vhost files in order.
By that I mean they can’t have any overlapping domains.
Check for use of “wild cards” or same FQDN in multiple vhost configs.
These two files overlap www.tix4.centerstageticketing.com and are creating the conflict:
/etc/httpd/conf.d/ssl.conf
/etc/httpd/conf.d/le-redirect-zend.centerstage.com.conf