Www.g8wrb.co.uk uses an invalid security certificate. The certificate is only valid for www.kirbymicrowave.co.uk

I have a Virtual Private Server for which I have root access, and about 10 websites.

The problem is, the personal site, https://www.g8wrb.co.uk/ keeps reporting the certificate is valid for the kirkbymicrowave.co.uk domain. What I find odd, is if I copy the Apache configuration file of a site that’s working okay (dhars.org.uk) to the problematic one (g8wrb.co.uk), then the latter site does not work after a simple search and replace of dhars.org.uk to g8wrb.co.uk g8wrb.co.uk.conf.txt (4.3 KB)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: g8wrb.co.uk

I ran this command:
root@localhost:/etc/apache2/sites-available# certbot
It produced this output:

Saving debug log to /var/logg8wrb.co.uk.confg8wrb.co.uk.conf.txt (4.3 KB) letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?


1: g8wrb.co.uk
2: www.g8wrb.co.uk
3: kirbymicrowave.co.uk
4: www.kirbymicrowave.co.uk
5: kirkbymicrowave.co.uk
6: www.kirkbymicrowave.co.uk
7: steam-boilers.co.uk
8: www.steam-boilers.co.uk
9: kirkbymicrowave.com
10: www.kirkbymicrowave.com
11: dhars.org.uk
12: www.dhars.org.uk


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/g8wrb.co.uk.conf)

What would you like to do?


1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for g8wrb.co.uk
Waiting for verification…
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/g8wrb.co.uk.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.


1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/g8wrb.co.uk.conf to ssl vhost in /etc/apache2/sites-enabled/g8wrb.co.uk.conf


Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains: https://g8wrb.co.uk

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=g8wrb.co.uk


IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/g8wrb.co.uk/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/g8wrb.co.uk/privkey.pem
    Your cert will expire on 2020-02-19. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

My web server is (include version): Apache

The operating system my web server runs on is (include version): Debian 9.8 (stretch)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.28.0

1 Like

Hi @drkirkby

the most seen problem: A wrong configuration. Every combination of port and domain name must be unique.

So:

What says

apachectl -S
1 Like

root@localhost:~# apachectl -S
VirtualHost configuration:
109.228.58.153:443 is a NameVirtualHost
default server www.kirbymicrowave.co.uk (/etc/apache2/sites-enabled/KIRBYMICROWAVE.co.uk.conf:1)
port 443 namevhost www.kirbymicrowave.co.uk (/etc/apache2/sites-enabled/KIRBYMICROWAVE.co.uk.conf:1)
port 443 namevhost kirbymicrowave.co.uk (/etc/apache2/sites-enabled/KIRBYMICROWAVE.co.uk.conf:34)
port 443 namevhost dhars.org.uk (/etc/apache2/sites-enabled/dhars.org.uk.conf:33)
port 443 namevhost www.dhars.org.uk (/etc/apache2/sites-enabled/dhars.org.uk.conf:51)
port 443 namevhost g8wrb.co.uk (/etc/apache2/sites-enabled/g8wrb.co.uk.conf:36)
port 443 namevhost www.g8wrb.co.uk (/etc/apache2/sites-enabled/g8wrb.co.uk.conf:54)
port 443 namevhost www.kirkbymicrowave.co.uk (/etc/apache2/sites-enabled/kirkbymicrowave.co.uk.conf:1)
port 443 namevhost kirkbymicrowave.co.uk (/etc/apache2/sites-enabled/kirkbymicrowave.co.uk.conf:185)
port 443 namevhost www.kirkbymicrowave.com (/etc/apache2/sites-enabled/kirkbymicrowave.com.conf:1)
port 443 namevhost kirkbymicrowave.com (/etc/apache2/sites-enabled/kirkbymicrowave.com.conf:34)
109.228.58.153:80 is a NameVirtualHost
default server www.kirbymicrowave.co.uk (/etc/apache2/sites-enabled/KIRBYMICROWAVE.co.uk.conf:66)
port 80 namevhost www.kirbymicrowave.co.uk (/etc/apache2/sites-enabled/KIRBYMICROWAVE.co.uk.conf:66)
port 80 namevhost kirbymicrowave.co.uk (/etc/apache2/sites-enabled/KIRBYMICROWAVE.co.uk.conf:79)
port 80 namevhost www.dhars.org.uk (/etc/apache2/sites-enabled/dhars.org.uk.conf:1)
port 80 namevhost dhars.org.uk (/etc/apache2/sites-enabled/dhars.org.uk.conf:17)
port 80 namevhost www.g8wrb.co.uk (/etc/apache2/sites-enabled/g8wrb.co.uk.conf:1)
port 80 namevhost g8wrb.co.uk (/etc/apache2/sites-enabled/g8wrb.co.uk.conf:17)
port 80 namevhost www.kirkbymicrowave.co.uk (/etc/apache2/sites-enabled/kirkbymicrowave.co.uk.conf:156)
port 80 namevhost kirkbymicrowave.co.uk (/etc/apache2/sites-enabled/kirkbymicrowave.co.uk.conf:170)
port 80 namevhost www.kirkbymicrowave.com (/etc/apache2/sites-enabled/kirkbymicrowave.com.conf:69)
port 80 namevhost kirkbymicrowave.com (/etc/apache2/sites-enabled/kirkbymicrowave.com.conf:79)
port 80 namevhost www.steam-boilers.co.uk (/etc/apache2/sites-enabled/steam-boilers.co.uk.conf:2)
port 80 namevhost steam-boilers.co.uk (/etc/apache2/sites-enabled/steam-boilers.co.uk.conf:13)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/etc/apache2/APACHE_RUN_DIR/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: ENABLE_USR_LIB_CGI_BIN
User: name=“www-data” id=33
Group: name=“www-data” id=33
You have new mail in /var/mail/root

1 Like

Note, I have a couple of variations on the kirkbymicrowave.co.uk domain - one is a common misspelling (kirby instead of kirkby), so be careful interpreting them.

1 Like

I just noticed. The domain the certificate is reported as being valid for is actually kirbymicrowave.co.uk, not kikrbymicrowave.co.uk. But one with the common mis-spelling, (missiing out the 2nd k), redirects to the correct spelling. Those seem okay - its the g8wrb.co.uk witch is problematic.

1 Like

Please show files:
[you may have provided one of these earlier]
/etc/apache2/sites-enabled/g8wrb.co.uk.conf
/etc/apache2/sites-enabled/KIRBYMICROWAVE.co.uk.conf

And output of:
certbot certificates

So far, I see in use:

        SSLCertificateFile /etc/letsencrypt/live/g8wrb.co.uk/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/g8wrb.co.uk/privkey.pem
        SSLCertificateKeyFile  /etc/letsencrypt/live/www.g8wrb.co.uk/privkey.pem
        SSLCertificateFile   /etc/letsencrypt/live/www.g8wrb.co.uk/cert.pem
        SSLCertificateChainFile /etc/letsencrypt/live/www.g8wrb.co.uk/fullchain.pem
1 Like

I found to be using proper cert:
https://www.g8wrb.co.uk/

I found to be using improper cert:
https://g8wrb.co.uk/

Please show:
grep -Ri servername /etc/apache2/sites-enabled/

[EDIT]
To be clear:
Both URLs are sending multiple certs (one is good, the other is not).
So it just depends on which cert your browser receives first / processes first / decides to use first that determines if you see an error or not.
Either way, neither site should be sending the second cert (for the unrelated name).

1 Like

Checked the domain with my browser -> wrong certificate.

Checked via https://check-your-website.server-daten.de/?q=g8wrb.co.uk - Grade D, so the non-www and the www version are secure.

@drkirkby : Are there multiple servers, one time answers the first, the other time the second?

If not, you may have orphaned Apache processes -> Reboot your server to kill these.


PS: A few minutes later, it works with my FireFox. But Chrome shows the certificate error. That’s terrible -> reboot.

1 Like

Thank you, everyone. There were at one point two IP addresses (one was 109.228.59.169). I wanted to delete that, as it should not have been used and was costing me money each month. None of the sites should have been using that IP anyway, as the IP address is put in the VirtualHost definition. I have just removed that and rebooted the server.

I can see a couple of things that look wrong, but I don’t wish to change them, as I will probably just confuse anyone trying to debug this.

  1. The output of certbot certificates does report an error. I put more information in #6 below, as its quite a long output, but that seems quite relevent, so I will mention it first.

    Renewal configuration file /etc/letsencrypt/renewal/www.kirbymicrowave.co.uk.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping

    The following renewal configurations were invalid:
    /etc/letsencrypt/renewal/www.kirbymicrowave.co.uk.conf

    1. This virtual host

      <VirtualHost 109.228.58.153:80>
      ServerName kirbymicrowave.co.uk

      Redirect “/” “http://www.kirbymicrowave.co.uk/

on port 80, which is there only to correct a common spelling mistake (kirby instead of kirkby), redirects to the mist-spelt domain http://www.kirbymicrowave.co.uk. It would seem more sensible to redirect it to the correct SSL enabled domain, although that’s not happening in one stage, but the SSL enabled domain should redirect it to the correctly spelt one. There are two redirections, but I doubt that is a cause of any problems, except waste a few CPU cycles. I would have thought it more sensible to do it in one, but I have left it for now. But I will mention it anyway.

  1. I’ve noticed a fair degree of randomness - sometimes a site works, then does not. I rebooted the server as suggested.

  2. I use the site I’ve attached two files suggested.

/etc/apache2/sites-enabled/g8wrb.co.uk.conf
/etc/apache2/sites-enabled/KIRBYMICROWAVE.co.uk.conf

  1. grep -Ri servername /etc/apache2/sites-enabled/
    root@localhost:~# grep -Ri servername /etc/apache2/sites-enabled/
    /etc/apache2/sites-enabled/kirkbymicrowave.com.conf: # The ServerName directive sets the request scheme, hostname and port that
    /etc/apache2/sites-enabled/kirkbymicrowave.com.conf: # redirection URLs. In the context of virtual hosts, the ServerName
    /etc/apache2/sites-enabled/kirkbymicrowave.com.conf: ServerName www.kirkbymicrowave.com
    /etc/apache2/sites-enabled/kirkbymicrowave.com.conf: # The ServerName directive sets the request scheme, hostname and port that
    /etc/apache2/sites-enabled/kirkbymicrowave.com.conf: # redirection URLs. In the context of virtual hosts, the ServerName
    /etc/apache2/sites-enabled/kirkbymicrowave.com.conf: ServerName kirkbymicrowave.com
    /etc/apache2/sites-enabled/kirkbymicrowave.com.conf: ServerName www.kirkbymicrowave.com
    /etc/apache2/sites-enabled/kirkbymicrowave.com.conf: ServerName kirkbymicrowave.com
    /etc/apache2/sites-enabled/dhars.org.uk.conf: ServerName www.dhars.org.uk
    /etc/apache2/sites-enabled/dhars.org.uk.conf: ServerName dhars.org.uk
    /etc/apache2/sites-enabled/dhars.org.uk.conf: ServerName dhars.org.uk
    /etc/apache2/sites-enabled/dhars.org.uk.conf: # The ServerName directive sets the request scheme, hostname and port that
    /etc/apache2/sites-enabled/dhars.org.uk.conf: # redirection URLs. In the context of virtual hosts, the ServerName
    /etc/apache2/sites-enabled/dhars.org.uk.conf: ServerName www.dhars.org.uk
    /etc/apache2/sites-enabled/kirkbymicrowave.co.uk.conf: # The ServerName directive sets the request scheme, hostname and port that
    /etc/apache2/sites-enabled/kirkbymicrowave.co.uk.conf: # redirection URLs. In the context of virtual hosts, the ServerName
    /etc/apache2/sites-enabled/kirkbymicrowave.co.uk.conf: ServerName www.kirkbymicrowave.co.uk
    /etc/apache2/sites-enabled/kirkbymicrowave.co.uk.conf: ServerName www.kirkbymicrowave.co.uk
    /etc/apache2/sites-enabled/kirkbymicrowave.co.uk.conf: ServerName kirkbymicrowave.co.uk
    /etc/apache2/sites-enabled/kirkbymicrowave.co.uk.conf: ServerName kirkbymicrowave.co.uk
    /etc/apache2/sites-enabled/KIRBYMICROWAVE.co.uk.conf: # The ServerName directive sets the request scheme, hostname and port that
    /etc/apache2/sites-enabled/KIRBYMICROWAVE.co.uk.conf: # redirection URLs. In the context of virtual hosts, the ServerName
    /etc/apache2/sites-enabled/KIRBYMICROWAVE.co.uk.conf: ServerName www.kirbymicrowave.co.uk
    /etc/apache2/sites-enabled/KIRBYMICROWAVE.co.uk.conf: # The ServerName directive sets the request scheme, hostname and port that
    /etc/apache2/sites-enabled/KIRBYMICROWAVE.co.uk.conf: # redirection URLs. In the context of virtual hosts, the ServerName
    /etc/apache2/sites-enabled/KIRBYMICROWAVE.co.uk.conf: ServerName kirbymicrowave.co.uk
    /etc/apache2/sites-enabled/KIRBYMICROWAVE.co.uk.conf: ServerName www.kirbymicrowave.co.uk
    /etc/apache2/sites-enabled/KIRBYMICROWAVE.co.uk.conf: ServerName kirbymicrowave.co.uk
    /etc/apache2/sites-enabled/steam-boilers.co.uk.conf: ServerName www.steam-boilers.co.uk
    /etc/apache2/sites-enabled/steam-boilers.co.uk.conf: ServerName steam-boilers.co.uk
    /etc/apache2/sites-enabled/g8wrb.co.uk.conf: ServerName www.g8wrb.co.uk
    /etc/apache2/sites-enabled/g8wrb.co.uk.conf: ServerName g8wrb.co.uk
    /etc/apache2/sites-enabled/g8wrb.co.uk.conf: ServerName g8wrb.co.uk
    /etc/apache2/sites-enabled/g8wrb.co.uk.conf: # The ServerName directive sets the request scheme, hostname and port that
    /etc/apache2/sites-enabled/g8wrb.co.uk.conf: # redirection URLs. In the context of virtual hosts, the ServerName
    /etc/apache2/sites-enabled/g8wrb.co.uk.conf: ServerName www.g8wrb.co.uk

  2. The output of certbot certificatesdoes indicate a problem.

root@localhost:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/www.kirbymicrowave.co.uk.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.


Found the following certs:
Certificate Name: kirkbymicrowave.com
Domains: kirkbymicrowave.com
Expiry Date: 2020-01-11 21:54:26+00:00 (VALID: 50 days)
Certificate Path: /etc/letsencrypt/live/kirkbymicrowave.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/kirkbymicrowave.com/privkey.pem
Certificate Name: dhars.org.uk
Domains: dhars.org.uk
Expiry Date: 2019-12-31 20:08:42+00:00 (VALID: 39 days)
Certificate Path: /etc/letsencrypt/live/dhars.org.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/dhars.org.uk/privkey.pem
Certificate Name: www.kirkbymicrowave.com
Domains: www.kirkbymicrowave.com
Expiry Date: 2020-01-11 21:54:37+00:00 (VALID: 50 days)
Certificate Path: /etc/letsencrypt/live/www.kirkbymicrowave.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.kirkbymicrowave.com/privkey.pem
Certificate Name: kirkbymicrowave.co.uk
Domains: kirkbymicrowave.co.uk
Expiry Date: 2020-01-11 21:54:49+00:00 (VALID: 50 days)
Certificate Path: /etc/letsencrypt/live/kirkbymicrowave.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/kirkbymicrowave.co.uk/privkey.pem
Certificate Name: www.kirkbymicrowave.co.uk
Domains: www.kirkbymicrowave.co.uk
Expiry Date: 2020-01-11 21:55:01+00:00 (VALID: 50 days)
Certificate Path: /etc/letsencrypt/live/www.kirkbymicrowave.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.kirkbymicrowave.co.uk/privkey.pem
Certificate Name: g8wrb.co.uk
Domains: g8wrb.co.uk
Expiry Date: 2020-02-19 21:44:29+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/g8wrb.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/g8wrb.co.uk/privkey.pem
Certificate Name: www.dhars.org.uk
Domains: www.dhars.org.uk
Expiry Date: 2019-12-31 20:08:49+00:00 (VALID: 39 days)
Certificate Path: /etc/letsencrypt/live/www.dhars.org.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.dhars.org.uk/privkey.pem
Certificate Name: www.g8wrb.co.uk
Domains: www.g8wrb.co.uk
Expiry Date: 2020-02-19 21:05:44+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.g8wrb.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.g8wrb.co.uk/privkey.pem
Certificate Name: www.kirbymicrowave.co.uk-0001
Domains: www.kirbymicrowave.co.uk
Expiry Date: 2020-01-11 21:55:18+00:00 (VALID: 50 days)
Certificate Path: /etc/letsencrypt/live/www.kirbymicrowave.co.uk-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.kirbymicrowave.co.uk-0001/privkey.pem
Certificate Name: kirbymicrowave.co.uk
Domains: www.kirbymicrowave.co.uk
Expiry Date: 2020-02-16 06:48:52+00:00 (VALID: 85 days)
Certificate Path: /etc/letsencrypt/live/www.kirbymicrowave.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.kirbymicrowave.co.uk/privkey.pem

The following renewal configurations were invalid:
/etc/letsencrypt/renewal/www.kirbymicrowave.co.uk.conf


KIRBYMICROWAVE.co.uk.conf.txt (3.7 KB)

g8wrb.co.uk.conf.txt (4.3 KB)

1 Like

This is probably relevant too. The renewal configuration file /etc/letsencrypt/renewal/www.kirbymicrowave.co.uk.conf
is empty - zero bytes in length.

root@localhost:/etc/letsencrypt/renewal# ls -l /etc/letsencrypt/renewal/
total 44
-rw-r--r-- 1 root root 564 Oct  2 21:08 dhars.org.uk.conf
-rw-r--r-- 1 root root 514 Nov 21 22:44 g8wrb.co.uk.conf
-rw-r--r-- 1 root root 579 Nov 18 07:48 kirbymicrowave.co.uk.conf
-rw-r--r-- 1 root root 554 Oct 13 22:54 kirkbymicrowave.com.conf
-rw-r--r-- 1 root root 564 Oct 13 22:54 kirkbymicrowave.co.uk.conf
-rw-r--r-- 1 root root 539 Nov 17 17:33 www.dhars.org.uk.conf
-rw-r--r-- 1 root root 584 Nov 17 17:31 www.dhars.org.uk.conf.bak
-rw-r--r-- 1 root root 534 Nov 21 22:05 www.g8wrb.co.uk.conf
-rw-r--r-- 1 root root 604 Oct 13 22:55 www.kirbymicrowave.co.uk-0001.conf
-rw-r--r-- 1 root root   0 Jun 15 22:48 www.kirbymicrowave.co.uk.conf
-rw-r--r-- 1 root root 574 Oct 13 22:54 www.kirkbymicrowave.com.conf
-rw-r--r-- 1 root root 584 Oct 13 22:55 www.kirkbymicrowave.co.uk.conf
2 Likes

Please show (if any):
grep -Ri serveralias /etc/apache2/sites-enabled/

You will need to delete and recreate that zero byte file.

1 Like

[reduced entries for clarity]

In this block you have two different “redirects” (choose one):

<VirtualHost 109.228.58.153:80>
	ServerName g8wrb.co.uk 
	DocumentRoot /var/www/html/g8wrb.co.uk
        Redirect "/" "http://www.g8wrb.co.uk/"
RewriteEngine on
RewriteCond %{SERVER_NAME} =g8wrb.co.uk
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

In this block you may have a syntax problem:
[add a space between the double-double-quotes]

<VirtualHost 109.228.58.153:443>
	ServerName www.kirbymicrowave.co.uk
        Redirect  "/""https://www.kirkbymicrowave.co.uk/"
</VirtualHost>

In this block you have two different “redirects” (choose one):

<VirtualHost 109.228.58.153:80>
	ServerName www.kirbymicrowave.co.uk
        Redirect "/" "http://www.kirkbymicrowave.co.uk/"
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.kirbymicrowave.co.uk
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
1 Like

I believe I have sorted out the problems now, with the exception that /etc/letsencrypt/renewal/www.kirbymicrowave.co.uk.conf is zero bytes long. How do I fix that?

1 Like

Thank you. I think most of the problems are now fixed following your notes, but /etc/letsencrypt/renewal/www.kirbymicrowave.co.uk.conf is of zero length. I’m unsure how to resolve that issue.

1 Like

Zero byte file is useless.
If you don’t have a backup, you may do best by just deleting it and moving on.
See what fails to renew and make new certs (as needed).

1 Like

Additionally, is that really what it said? That the certificate named kirbymicrowave.co.uk is storing files in a directory named www.kirbymicrowave.co.uk instead of kirbymicrowave.co.uk? That's not correct, and might cause the certificate to fail to renew.

Can you post the output of "sudo ls -alR /etc/letsencrypt/{archive,live,renewal}" and the contents of /etc/letsencrypt/renewal/kirbymicrowave.co.uk.conf?

Edit: For that matter, it's a duplicate anyway, since you already have an older equivalent certificate named www.kirbymicrowave.co.uk-0001.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.