Can’t get new SSL certificate (again)

avanty42 · 29 March 2025 11:29

Problem Description

sympl-ssl can’t get a new certificate for the server.shilka.uk domain. I had this problem before and fixed it by removing a symlink.

I still don’t have the symlink, but I’m having the same problem again.

How do I resolve this?

Any Error Messages

Output from sympl-ssl --verbose server.shilka.uk

* Examining certificates for server.shilka.uk
        SSL set 1: Not valid for server.shilka.uk -- certificate has expired (10)
        SSL set 2: Not valid for server.shilka.uk -- certificate has expired (10)
        SSL set 3: Not valid for server.shilka.uk -- certificate has expired (10)
        SSL set 4: Not valid for server.shilka.uk -- certificate has expired (10)
        SSL set 5: Not valid for server.shilka.uk -- certificate has expired (10)
        SSL set 6: Not valid for server.shilka.uk -- certificate has expired (10)
        SSL set 7: Not valid for server.shilka.uk -- certificate has expired (10)
        SSL set 8: Not valid for server.shilka.uk -- certificate has expired (10)
        Current SSL set 9: signed by /C=US/O=Let's Encrypt/CN=R10, expires 2025-04-15 10:43:19 UTC
        The current certificate expires in 17 days.
        Fetching a new certificate from LetsEncrypt.
        Requesting verification for server.shilka.uk from https://acme-v02.api.letsencrypt.org/directory
        !! Unable to verify server.shilka.uk (status: invalid)
        !! Check http://server.shilka.uk/.well-known/acme-challenge/tVNaudf8nx-gV30IFSuxIZGoiZc9-UHQ0dkhtZ-JzwI works.
        Requesting verification for www.server.shilka.uk from https://acme-v02.api.letsencrypt.org/directory
        !! Unable to verify www.server.shilka.uk (status: invalid)
        !! Check http://www.server.shilka.uk/.well-known/acme-challenge/3-TXbUYJpQ25yiAaYCPSOMqKZR079U555GXn1jcIPdA works.
        !! Failed: Failed to fetch certificate

Environment

Sympl Version: 12
Debian Version: 12.10
Hardware Type: Intel Xeon E3-1275v5
Hosted With: Hetzner

Kelduum · 9 April 2025 11:46

Place a file in /srv/server.shilka.uk/public/htdocs/.well-known/acme-challenge and see if you can retrieve it normally.

avanty42 · 14 April 2025 20:28

I could retrieve a file from there.

I fixed the issue by removing the zz-mass-hosting config files from /etc/apache2/sites-enabled/. I kept them in sites-available so that I can restore them if need be, but they’re disabled.