Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: srv-a-de.c-231.maxcluster.net
I ran this command: /usr/bin/certbot --no-self-upgrade --duplicate --non-interactive --agree-tos --register-unsafely-without-email certonly --webroot -w /var/www/share/srv-a-de.c-231.maxcluster.net/htdocs/ --cert-name srv-a-de.c-231.maxcluster.net -d srv-a-de.c-231.maxcluster.net -d letest.c-231.maxcluster.net -d letsencrypt.c-231.maxcluster.net -d srv-a-test.c-231.maxcluster.net -d srv-a.c-231.maxcluster.net -d test.c-231.maxcluster.net -d testing.c-231.maxcluster.net
It produced this output: it’s piped to dev null
My web server is (include version): Apache/2.4.29
The operating system my web server runs on is (include version): Ubuntu 18.04
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.33.1
Well now to my main issue…
We have an Interface which is able to edit the aliases of the domains, as you can see the command get’s those with -d but the problem is that the renewal conf is always showing our latest edit.
In this case it looks like this:
# renew_before_expiry = 30 days
version = 0.33.1
archive_dir = /etc/letsencrypt/archive/srv-a-de.c-231.maxcluster.net
cert = /etc/letsencrypt/live/srv-a-de.c-231.maxcluster.net/cert.pem
privkey = /etc/letsencrypt/live/srv-a-de.c-231.maxcluster.net/privkey.pem
chain = /etc/letsencrypt/live/srv-a-de.c-231.maxcluster.net/chain.pem
fullchain = /etc/letsencrypt/live/srv-a-de.c-231.maxcluster.net/fullchain.pem
# Options used in the renewal process
[renewalparams]
authenticator = webroot
account = b9ac4f09150fdf4a39682ea14f33e4c0
webroot_path = /var/www/share/srv-a-de.c-231.maxcluster.net/htdocs,
server = https://acme-v02.api.letsencrypt.org/directory
[[webroot_map]]
letsencrypt.c-231.maxcluster.net = /var/www/share/srv-a-de.c-231.maxcluster.net/htdocs
If it looks like this and i try to renew the certificate it fails and tells me it is missing something in the config files. I started to fill in all aliases in the webroot_map and renewed again. Which worked just fine.
Is that the only solution for this problem?
