The second line overwrites the value from the first line.
[that only works in NGINX]
Change them to:
/home/conf/hatters/apache/www.hatters.org.uk-le-ssl.conf: ServerName www.hatters.org.uk
/home/conf/hatters/apache/www.hatters.org.uk-le-ssl.conf: ServerAliasalice.hatters.org.uk
OK Iāve done that (and restarted Apache). My browser now says Iām now getting Common Name (CN) www.hatters.org.uk whereas before it was for bluett.com
So thatās a bit better. Itās still not serving the site though, and Iām still getting the original error when I try to renew the cert manually.
As to the inclusion statement, all the *.conf files are symlinked to the files in /etc/apache2/sites-enabled. Apache is definitely serving the config for that host. If it wasnāt then hundreds of other site would likely be down as well. (EDIT: Confirmed. I tried taking the redirect off the port 80 config and it serves OK).
So the Apache config appears fine. Does that isolate this to the certificate then? But that seems to be for the correct domain/hostā¦
OK we now have the right config serving the name: www.hatters.org.uk
But the cert being served is expired
[Valid until Mon, 14 Jan 2019 19:23:19 UTC (expired 1 month ago) EXPIRED]
So please show: certbot certificates
and also: grep -i cert /home/conf/hatters/apache/www.hatters.org.uk-le-ssl.conf
certbot certificates shows the same error as before:
Domain: alice.hatters.org.uk
Type: unauthorized
Detail: Invalid response from
http://alice.hatters.org.uk/.well-known/acme-challenge/xExxxGMvytUrNxmx6bSM8xrCV3194BDQ8ZP6vtMASIg
[2001:ba8:0:2c38::39]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
2.0//EN\">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
The issue seemed to be in the fact that the docroot for /etc/apache2/sites-enabled/000-default.conf was not the same as that of www.hatters.org.uk - so I changed it to be the same and I could renew the cert!
Still donāt know what the hell was going on though.
Thanks for all your help meanwhile - very much appreciated!
PS: Going to have to open a separate thread on how I can get our default vhost to serve over SSL nowā¦