[BlueOnyx:19912] Re: Let's encrypt not renewing

[Michael Stauber]

Hi Felix,

> For one of my sites I forgot to activate automatic renewal. Now after the
> certificate had expired I tried to renew it using the GUI, but got the error
> message: The following error occured during the SSL certificate request: The
> installation path for the certificates could not be determined.

Remove the web server aliases for the Vsite, save and put them back in
again and save yet again. That might fix it.

Let's Encrypt needs to do an online verification to make sure you own
the domain for which the cert is requested. It does so by placing a file
into the Vsite's /web directory, which is called during the verification
process.

The error message seems to indicate that either the client couldn't
place the file, or their server couldn't access it from the outside.

There are also cases where a .htaccess file with extensive rewrite rules
might prevent the access. Also: If the Vsite has PHP-FPM activated, the
verification might fail as PHP-FPM doesn't like files that start with a dot.

You might want to check /var/log/messages and the Apache access and
error logs during and after a cert request to get some more ideas what's
going on and if it triggered 404 error messages or other notable problems.

-- 
With best regards

Michael Stauber