cerbot renew fails

Hi
see attached htf_report

My domains did not renew certbot certificates properly. I think there had permissions access problems that I solved. How can I force renewal to restart ?

Additionaly, analysing the pb I found that 1 domain1 looked to have merged domain2 configurations parts:
ks ~ > cat /etc/letsencrypt/renewal/domain1.conf
# renew_before_expiry = 30 days
version = 0.10.2
archive_dir = /etc/letsencrypt/archive/domain1
cert = /etc/letsencrypt/live/domain1/cert.pem
privkey = /etc/letsencrypt/live/domain1/privkey.pem
chain = /etc/letsencrypt/live/domain1/chain.pem
fullchain = /etc/letsencrypt/live/domain1/fullchain.pem

# Options used in the renewal process
[renewalparams]
post_hook = echo '1' > /usr/local/ispconfig/server/le.restart
account = 03dab4f1cd0517d9169402a982aa52d0
authenticator = webroot
rsa_key_size = 4096
installer = None
[[webroot_map]]
mail.domain2 = usr/local/ispconfig/interface/acme
domain1 = usr/local/ispconfig/interface/acme
www.domain1 = usr/local/ispconfig/interface/acme
mail.domain1 = usr/local/ispconfig/interface/acme


ks ~ > cat /etc/letsencrypt/renewal/domain2.conf
# renew_before_expiry = 30 days
version = 0.10.2
archive_dir = /etc/letsencrypt/archive/domain2
cert = /etc/letsencrypt/live/domain2/cert.pem
privkey = /etc/letsencrypt/live/domain2/privkey.pem
chain = /etc/letsencrypt/live/domain2/chain.pem
fullchain = /etc/letsencrypt/live/domain2/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = 03dab4f1cd0517d9169402a982aa52d0
authenticator = webroot
rsa_key_size = 4096
installer = None
[[webroot_map]]
domain2 = usr/local/ispconfig/interface/acme
smtp.domain2 = usr/local/ispconfig/interface/acme
www.domain2 = usr/local/ispconfig/interface/acme
mail.domain2 = usr/local/ispconfig/interface/acme

mail.domain2 is defined twice. How to solve that merge and how did it happen ?
Thanks

PS: I found a second definition related to domain1 that looks correct:
ks307144 ~ > cat /etc/letsencrypt/renewal/domain1-0001.conf
# renew_before_expiry = 30 days
version = 0.10.2
archive_dir = /etc/letsencrypt/archive/domain1-0001
cert = /etc/letsencrypt/live/domain1-0001/cert.pem
privkey = /etc/letsencrypt/live/domain1-0001/privkey.pem
chain = /etc/letsencrypt/live/domain1-0001/chain.pem
fullchain = /etc/letsencrypt/live/domain1-0001/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = 03dab4f1cd0517d9169402a982aa52d0
authenticator = webroot
rsa_key_size = 4096
installer = None
[[webroot_map]]
domain1 = /usr/local/ispconfig/interface/acme
www.domain1 = /usr/local/ispconfig/interface/acme
mail.domain1 = /usr/local/ispconfig/interface/acme

 

1/It worked for several domains but 2 are said "Cert not yet due for renewal" but they dont' work. See https://webologix.com
Tried
> certbot --apache certonly -n -d webologix.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not choose appropriate plugin: The requested apache plugin does not appear to be installed
The requested apache plugin does not appear to be installed
How do I renew only one domain ?

2/ How can I add some shell to letencrypt's pre and post_hook so that nex auto renewing will not fail ?

 

Can't see any LE nor SSL in ISPConfig panel > Sites > Website > Website Name
Here is screen capture

 

Thanks now certificates work.
Is it possible that ispconfig and letsencrypt manipulations I did change libraries access ? Now the php-5.6-fpm that I've seen workin ysterday can't restart:
ks307144 ~ >journalctl -u php-5.6-fpm --no-pager
-- Logs begin at Tue 2019-11-19 06:18:01 UTC, end at Fri 2019-11-22 11:17:41 UTC. --
nov. 22 08:52:03 ks307144 systemd[1]: Reloading The PHP 5.6 FastCGI Process Manager.
nov. 22 08:52:03 ks307144 systemd[1]: Reloaded The PHP 5.6 FastCGI Process Manager.
nov. 22 08:52:03 ks307144 systemd[1]: php-5.6-fpm.service: Main process exited, code=exited, status=1/FAILURE
nov. 22 08:52:03 ks307144 systemd[1]: php-5.6-fpm.service: Failed with result 'exit-code'.
nov. 22 08:52:08 ks307144 systemd[1]: php-5.6-fpm.service: Unit cannot be reloaded because it is inactive.
nov. 22 09:05:50 ks307144 systemd[1]: Started The PHP 5.6 FastCGI Process Manager.
nov. 22 09:05:50 ks307144 php-fpm[12109]: /opt/php-5.6/sbin/php-fpm: /usr/lib/x86_64-linux-gnu/libcurl.so.4: version `CURL_OPENSSL_3' not found (required by /opt/php-5.6/sbin/php-fpm)
nov. 22 09:05:50 ks307144 systemd[1]: php-5.6-fpm.service: Main process exited, code=exited, status=1/FAILURE
nov. 22 09:05:50 ks307144 systemd[1]: php-5.6-fpm.service: Failed with result 'exit-code'.
ks307144 ~ > ll /usr/lib/x86_64-linux-gnu/libcurl.so.4
lrwxrwxrwx 1 root root 16 juin 14 18:23 /usr/lib/x86_64-linux-gnu/libcurl.so.4 -> libcurl.so.4.5.0
ks307144 ~ > ll /usr/lib/x86_64-linux-gnu/libcurl.so.4.5.0
-rw-r--r-- 1 root root 588232 juin 14 18:23 /usr/lib/x86_64-linux-gnu/libcurl.so.4.5.0

 

php 5.6?? EOL since 31.12.2018

 

Not shure to understand what you mean by "activate". Enable it ? (it was yet)
ks307144 ~ > systemctl enable php-5.6-fpm
ks307144 ~ > systemctl start php-5.6-fpm
ks307144 ~ > systemctl status php-5.6-fpm
● php-5.6-fpm.service - The PHP 5.6 FastCGI Process Manager
Loaded: loaded (/lib/systemd/system/php-5.6-fpm.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2019-11-22 15:33:25 UTC; 24s ago
Process: 28023 ExecStart=/opt/php-5.6/sbin/php-fpm --nodaemonize --fpm-config /opt/php-5.6/etc/php-fpm.conf (code=exited, status=1/FAILURE)
Main PID: 28023 (code=exited, status=1/FAILURE)

nov. 22 15:33:25 ks307144 systemd[1]: Started The PHP 5.6 FastCGI Process Manager.
nov. 22 15:33:25 ks307144 php-fpm[28023]: /opt/php-5.6/sbin/php-fpm: /usr/lib/x86_64-linux-gnu/libcurl.so.4: version `CURL_OPENSSL_3' not found (required by /opt/php-5
nov. 22 15:33:25 ks307144 systemd[1]: php-5.6-fpm.service: Main process exited, code=exited, status=1/FAILURE
nov. 22 15:33:25 ks307144 systemd[1]: php-5.6-fpm.service: Failed with result 'exit-code'.
lines 1-10/10 (END)

 

syslog shows no more details than journalctl:
Nov 22 16:21:25 ks307144 systemd[1]: Started The PHP 5.6 FastCGI Process Manager.
Nov 22 16:21:25 ks307144 php-fpm[1697]: /opt/php-5.6/sbin/php-fpm: /usr/lib/x86_64-linux-gnu/libcurl.so.4: version `CURL_OPENSSL_3' not found (required by /opt/php-5.6/sbin/php-fpm)
Nov 22 16:21:25 ks307144 systemd[1]: php-5.6-fpm.service: Main process exited, code=exited, status=1/FAILURE
Nov 22 16:21:25 ks307144 systemd[1]: php-5.6-fpm.service: Failed with result 'exit-code'.

 

Here is your Error

 

Yes, that was mentioned in my 12:29PM post

 

it's the same for Ubuntu and Debian

Ubuntu: https://launchpad.net/~ondrej/+archive/ubuntu/php
Debian: https://deb.sury.org/ (https://packages.sury.org/php/README.txt)

Ubuntu is easier to add

 

Yeah sury.org is his homepage, but it's the same Person

 

OK I installed a new php5.6-fpm from sury repositories and now systemd service starts OK:

Code:

ks307144 ~ > systemctl status php5.6-fpm
● php5.6-fpm.service - The PHP 5.6 FastCGI Process Manager
   Loaded: loaded (/lib/systemd/system/php5.6-fpm.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-11-26 18:54:03 UTC; 9min ago
     Docs: man:php-fpm5.6(8)
 Main PID: 17147 (php-fpm5.6)
   Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec"
   Memory: 10.3M
   CGroup: /system.slice/php5.6-fpm.service
           ├─17147 php-fpm: master process (/etc/php/5.6/fpm/php-fpm.conf)
           ├─17148 php-fpm: pool www
           └─17149 php-fpm: pool www

nov. 26 18:54:03 ks307144 systemd[1]: Starting The PHP 5.6 FastCGI Process Manager...
nov. 26 18:54:03 ks307144 systemd[1]: Started The PHP 5.6 FastCGI Process Manager.
ks307144 ~ > dpkg -l php5.6*
Souhait=inconnU/Installé/suppRimé/Purgé/H=à garder
| État=Non/Installé/fichier-Config/dépaqUeté/échec-conFig/H=semi-installé/W=attend-traitement-déclenchements
|/ Err?=(aucune)/besoin Réinstallation (État,Err: majuscule=mauvais)
||/ Nom              Version                                      Architecture Description
+++-================-============================================-============-==============================================================
ii  php5.6           5.6.40-13+0~20191026.23+debian10~1.gbp37e45b all          server-side, HTML-embedded scripting language (metapackage)
un  php5.6-calendar  <aucune>                                     <aucune>     (aucune description n'est disponible)
un  php5.6-cgi       <aucune>                                     <aucune>     (aucune description n'est disponible)
ii  php5.6-cli       5.6.40-13+0~20191026.23+debian10~1.gbp37e45b amd64        command-line interpreter for the PHP scripting language
ii  php5.6-common    5.6.40-13+0~20191026.23+debian10~1.gbp37e45b amd64        documentation, examples and common module for PHP
un  php5.6-ctype     <aucune>                                     <aucune>     (aucune description n'est disponible)
un  php5.6-exif      <aucune>                                     <aucune>     (aucune description n'est disponible)
un  php5.6-fileinfo  <aucune>                                     <aucune>     (aucune description n'est disponible)
ii  php5.6-fpm       5.6.40-13+0~20191026.23+debian10~1.gbp37e45b amd64        server-side, HTML-embedded scripting language (FPM-CGI binary)
un  php5.6-ftp       <aucune>                                     <aucune>     (aucune description n'est disponible)
un  php5.6-gettext   <aucune>                                     <aucune>     (aucune description n'est disponible)
un  php5.6-iconv     <aucune>                                     <aucune>     (aucune description n'est disponible)
ii  php5.6-json      5.6.40-13+0~20191026.23+debian10~1.gbp37e45b amd64        JSON module for PHP
ii  php5.6-opcache   5.6.40-13+0~20191026.23+debian10~1.gbp37e45b amd64        Zend OpCache module for PHP
un  php5.6-pdo       <aucune>                                     <aucune>     (aucune description n'est disponible)
un  php5.6-phar      <aucune>                                     <aucune>     (aucune description n'est disponible)
un  php5.6-posix     <aucune>                                     <aucune>     (aucune description n'est disponible)
ii  php5.6-readline  5.6.40-13+0~20191026.23+debian10~1.gbp37e45b amd64        readline module for PHP
un  php5.6-shmop     <aucune>                                     <aucune>     (aucune description n'est disponible)
un  php5.6-sockets   <aucune>                                     <aucune>     (aucune description n'est disponible)
un  php5.6-sysvmsg   <aucune>                                     <aucune>     (aucune description n'est disponible)

I changed the ispconfig "Additional php versions" php5.6 parameters like that:

Code:

Path to the PHP FastCGI binary : php5.6
Path to the php.ini directory : /etc/php/5.6/fpm/php.ini

Path to the PHP-FPM init script: php-5.6-fpm
Path to the php.ini directory: /etc/php/5.6/fpm
Path to the PHP-FPM pool directory: /etc/php/5.6/fpm/pool.d/

But I still get 503 error page on the website and the website's vhost refers to a php7.0-fpm/web3.sock instead of a php5.6-fpm expected
and Apache error.log shows that:
Connection refused: AH02454: FCGI: attempt to connect to Unix domain socket /var/lib/php7.0-fpm/web3.sock (*) failed

I also installed php5.6-cgi and changed Path to the PHP FastCGI binary to php5.6-cgi without success