Let's Encrypt renew failing

0

I'm trying to renew my website certificate with Let's Encrypt and Apache2. But it returns me that error:

sudo certbot --apache renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/*****************.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for *****************
Cleaning up challenges
Attempting to renew cert (*****************) from /etc/letsencrypt/renewal/*****************.conf produced an unexpected error: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/*****************/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/*****************/fullchain.pem (failure)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

This is mi apache2 conf:

<IfModule mod_ssl.c>
<VirtualHost *:80 *:443>

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/phpipam

    ServerName *****************
    SSLCertificateFile /etc/letsencrypt/live/*****************/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/*****************/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory "/var/www/html/phpipam">
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>
</IfModule>

Could you tell me what is wrong?

axsor

Posted 2019-04-29T10:02:30.080

Reputation: 3

Information provided are not enough to determinate what is going on there, please try to run the renewal process with "--debug" and "--dry-run"; debug option for have more information on the error and dry run option is for have a process not request really the certificate, once you have this please update the question with the new information. – AtomiX84 – 2019-04-29T10:15:44.270

Answers

2

You do have a virtual host on port 80, but it is not set to be available via HTTP. Instead, it is available via HTTPS. This is not what’s expected on port 80.

The port 80 vhost must have its own configuration section that does not contain any SSL stuff. Instead, it should only contain a redirect to HTTPS, like this:

<VirtualHost *:80>
  ServerName an.example.com
  Redirect permanent / https://an.example.com/
</VirtualHost>

Daniel B

Posted 2019-04-29T10:02:30.080

Reputation: 40 502

Asked: 2019-04-29T10:02:30.080

Viewed: 663 times

Active: 2019-04-29T11:05:43.517