How can I repair damage after a Let's Encrypt update?

by Christos Hayward   Last Updated May 15, 2019 22:00 PM

After some domains were not being installed from my Let's Encrypt cron job, I manually ran some domains.

This has had the effect that the effective DocumentRoot for https://cjshayward.com has been changed to the DocumentRoot for https://iconlibrary.cjshayward.com. If I replace the icon library with a symlink to the main site, it displays a simple, CSS naked version of what the site used to be.

My entry for cjshayward.com, which was removed, is as follows, modulo blank lines, comments, and URL rewrites that have been stable for a fair while:

    <VirtualHost *:443>
        ServerName cjshayward.com
        ServerAlias wordpress.cjshayward.com
        DirectoryIndex index.php index.cgi index.shtml index.html index.html.var
        DocumentRoot /home/cjsh/wordpress
        CustomLog /var/log/apache2/cjshayward_access.log combined
         SSLEngine On
         SSLCACertificateFile /etc/letsencrypt/live/cjshayward.com-0002/cert.pem
         ServerAdmin [email protected]
        <Directory />
            Options FollowSymLinks
            AllowOverride None
        </Directory>
        <Directory /home/cjsh/wordpress/>
            Options ExecCGI Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
        </Directory>
                         ErrorLog ${APACHE_LOG_DIR}/wordpress.error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access-wordpress.log combined
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/cjshayward.com-0002/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cjshayward.com-0002/privkey.pem
    </VirtualHost>

The icon library had two similar entries, which I am suspecting tripped Let's Encrypt, and some debris afterwards with directives I've only seen in a <VirtualHost>:

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName iconlibrary.mobi
    ServerAlias iconlibrary.cjshayward.com iconlibrary.jsh.name iconlibrary.cjsh.name

    DocumentRoot /home/cjsh/ikon
    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>
<VirtualHost *:80>
    ServerName www.iconlibrary.mobi
    ServerAlias icon.stornge.com icons.stornge.com
    RewriteEngine on
    RewriteRule ^(.*)$ http://iconlibrary.mobi$1 [R=301,L]

    DocumentRoot /home/cjsh/ikon
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>

    <Directory /home/cjsh/ikon>
        Options ExecCGI Indexes FollowSymLinks MultiViews
        AllowOverride All
        AddHandler cgi-script .cgi
        DirectoryIndex index.cgi index.html
        Order allow,deny
        allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
</VirtualHost>


    DocumentRoot /home/cjsh/ikon
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>

    <Directory /home/cjsh/ikon>
        Options ExecCGI Indexes FollowSymLinks MultiViews
        AllowOverride All
        AddHandler cgi-script .cgi
        DirectoryIndex index.cgi index.html
        Order allow,deny
        allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined

However, commenting out the apparent debris and bouncing Apache didn't seem to solve the problem. Commenting out the entire contents of the file and restarting resulted in a new website's Apache start page. Also, making superficial changes to the default SSL configuration (and restarting Apache) did not, so far as I can tell, alter the display of the Apache start page. If I replace /var/www/html with a symlink to the document, I get an encouraging Internal Server Error, but I'd rather fix the real problem than stop at a stopgap.

Thanks for any help,

--UPDATE-- I've managed to conceal the problem by replacing the out-of-bounds "DocumentRoot /home/cjsh/ikon" with "DocumentRoot /home/cjsh/wordpress" and the site passes a cursory check. However, I would still like to go with something better than duct tape for this.



Related Questions


Updated March 26, 2017 19:00 PM

Updated April 23, 2017 22:00 PM

Updated October 04, 2017 21:00 PM

Updated December 05, 2015 09:00 AM

Updated April 10, 2017 04:00 AM