On Sun, 2023-04-23 at 00:26 +0930, Tim via users wrote: > On Sat, 2023-04-22 at 13:11 +0100, Patrick O'Callaghan wrote: > > I'm trying to set up a simple web server for personal use, using > > Apache, and want to enable HTTPS access. This involves getting an > > SSL > > certificate and I'll be using LetsEncrypt (www.letsencrypt.org). > > > > The recommended way to do this is with Certbot, but I can't get > > past > > this error: > > > > # certbot --apache -d bree.org.uk > > Saving debug log to /var/log/letsencrypt/letsencrypt.log > > Requesting a certificate for bree.org.uk > > Unable to find a virtual host listening on port 80 which is > > currently > > needed for Certbot to prove to the CA that you control your domain. > > Please add a virtual host for port 80. > > Ask for help or search for solutions at > > https://community.letsencrypt.org. > > See the logfile /var/log/letsencrypt/letsencrypt.log or re-run > > Certbot > > with -v for more details. > > > > Note that the httpd server is online and reachable from outside my > > local net, i.e. this doesn't appear to be a firewall issue. > > > > I've reported the problem upstream and followed a number of > > suggestions, but nothing seems to make any difference: > > > > https://community.letsencrypt.org/t/certbot-fails-with-cant-find-virtual-host-error/196800/29 > > I wonder does Certbot read the Apache config files directly, or is it > doing HTTP/HTTPS access of the webserver? > > Looking at some of your results it is probing port 80, though it > might > be doing more than one thing. > > Assuming that Certbot runs inside your LAN, does the domain name > resolve internally to an IP that can be reached internally? Yes. > e.g. Can you browse to that address staying entirely within your LAN? Yes. > If it reads the config files, might SELinux be denying it? > No. I disabled SElinux and it made no difference. > Looking at my Apache configuration, the virtual hosts ServerName and > ServerAlias entries just have the host names without any port > numbers. > > <VirtualHost *:80> > ServerName www.example.com > ServerAlias example.com The port number is optional. I've since removed it. It makes no difference. > Interesting that it wants a port 80 virtual host, for something > (HTTPS) > that's going to be running through port 443. I would have thought > you'd need something along the lines of: > > <VirtualHost *:443> > ServerName www.example.com > ServerAlias example.com > > as well. > My understanding is that it needs port 80 for the initial token negotiation to get the certificate to set up HTTPS. Requiring port 443 would be a circular dependency. poc _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
