Apache 000-default.conf issue causing cert renewal failure?


[if it was a snake, I would be dead]

/home/conf/hatters/apache/www.hatters.org.uk-le-ssl.conf: ServerName www.hatters.org.uk
/home/conf/hatters/apache/www.hatters.org.uk-le-ssl.conf: ServerName alice.hatters.org.uk

The second line overwrites the value from the first line.
[that only works in NGINX]

Change them to:
/home/conf/hatters/apache/www.hatters.org.uk-le-ssl.conf: ServerName www.hatters.org.uk
/home/conf/hatters/apache/www.hatters.org.uk-le-ssl.conf: ServerAlias alice.hatters.org.uk


OK I’ve done that (and restarted Apache). My browser now says I’m now getting Common Name (CN) www.hatters.org.uk whereas before it was for bluett.com

So that’s a bit better. It’s still not serving the site though, and I’m still getting the original error when I try to renew the cert manually.

As to the inclusion statement, all the *.conf files are symlinked to the files in /etc/apache2/sites-enabled. Apache is definitely serving the config for that host. If it wasn’t then hundreds of other site would likely be down as well. (EDIT: Confirmed. I tried taking the redirect off the port 80 config and it serves OK).

So the Apache config appears fine. Does that isolate this to the certificate then? But that seems to be for the correct domain/host…


OK we now have the right config serving the name: www.hatters.org.uk
But the cert being served is expired :frowning:
[Valid until Mon, 14 Jan 2019 19:23:19 UTC (expired 1 month ago) EXPIRED]

So please show:
certbot certificates

and also:
grep -i cert /home/conf/hatters/apache/www.hatters.org.uk-le-ssl.conf


certbot certificates shows the same error as before:

   Domain: alice.hatters.org.uk
   Type:   unauthorized
   Detail: Invalid response from
   [2001:ba8:0:2c38::39]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

grep -i cert /home/conf/hatters/apache/www.hatters.org.uk-le-ssl.conf shows:

  SSLCertificateFile /etc/letsencrypt/live/alice.hatters.org.uk/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/alice.hatters.org.uk/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/alice.hatters.org.uk/chain.pem

(and see further up the thread for the contents of cert.pem)


As written earlier: Use your webroot.

But your virtualHost with

doesn’t have a webroot, so add one and use that. And if that doesn’t work, create the test file 1234 and check the test file with your browser.



OK I think I got it.

The issue seemed to be in the fact that the docroot for /etc/apache2/sites-enabled/000-default.conf was not the same as that of www.hatters.org.uk - so I changed it to be the same and I could renew the cert!

Still don’t know what the hell was going on though.

Thanks for all your help meanwhile - very much appreciated!

PS: Going to have to open a separate thread on how I can get our default vhost to serve over SSL now…

closed #27

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.