On Sat, 2023-04-22 at 13:11 +0100, Patrick O'Callaghan wrote: > I'm trying to set up a simple web server for personal use, using > Apache, and want to enable HTTPS access. This involves getting an SSL > certificate and I'll be using LetsEncrypt (www.letsencrypt.org). > > The recommended way to do this is with Certbot, but I can't get past > this error: > > # certbot --apache -d bree.org.uk > Saving debug log to /var/log/letsencrypt/letsencrypt.log > Requesting a certificate for bree.org.uk > Unable to find a virtual host listening on port 80 which is currently > needed for Certbot to prove to the CA that you control your domain. > Please add a virtual host for port 80. > Ask for help or search for solutions at https://community.letsencrypt.org. > See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot > with -v for more details. > > Note that the httpd server is online and reachable from outside my > local net, i.e. this doesn't appear to be a firewall issue. > > I've reported the problem upstream and followed a number of > suggestions, but nothing seems to make any difference: > > https://community.letsencrypt.org/t/certbot-fails-with-cant-find-virtual-host-error/196800/29 I wonder does Certbot read the Apache config files directly, or is it doing HTTP/HTTPS access of the webserver? Looking at some of your results it is probing port 80, though it might be doing more than one thing. Assuming that Certbot runs inside your LAN, does the domain name resolve internally to an IP that can be reached internally? e.g. Can you browse to that address staying entirely within your LAN? If it reads the config files, might SELinux be denying it? Looking at my Apache configuration, the virtual hosts ServerName and ServerAlias entries just have the host names without any port numbers. <VirtualHost *:80> ServerName www.example.com ServerAlias example.com Interesting that it wants a port 80 virtual host, for something (HTTPS) that's going to be running through port 443. I would have thought you'd need something along the lines of: <VirtualHost *:443> ServerName www.example.com ServerAlias example.com as well. I have to say that my experimenting with SSL is rather limited, I don't have anything needing encryption on my public or private web servers. And the public one is professionally hosted, where they've done most of the hard work, and customising it is next to impossible (regarding the issues we're discussing here). -- NB: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the list. The following system info data is generated fresh for each post: uname -rsvp Linux 6.2.8-100.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Mar 22 19:14:19 UTC 2023 x86_64 _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
