Apache 000-default.conf issue causing cert renewal failure?

Or probably THE MORE OBVIOUS:
[if it was a snake, I would be dead]

/home/conf/hatters/apache/www.hatters.org.uk-le-ssl.conf: ServerName www.hatters.org.uk
/home/conf/hatters/apache/www.hatters.org.uk-le-ssl.conf: ServerName alice.hatters.org.uk

The second line overwrites the value from the first line.
[that only works in NGINX]

Change them to:
/home/conf/hatters/apache/www.hatters.org.uk-le-ssl.conf: ServerName www.hatters.org.uk
/home/conf/hatters/apache/www.hatters.org.uk-le-ssl.conf: ServerAlias alice.hatters.org.uk

OK Iā€™ve done that (and restarted Apache). My browser now says Iā€™m now getting Common Name (CN) www.hatters.org.uk whereas before it was for bluett.com

So thatā€™s a bit better. Itā€™s still not serving the site though, and Iā€™m still getting the original error when I try to renew the cert manually.

As to the inclusion statement, all the *.conf files are symlinked to the files in /etc/apache2/sites-enabled. Apache is definitely serving the config for that host. If it wasnā€™t then hundreds of other site would likely be down as well. (EDIT: Confirmed. I tried taking the redirect off the port 80 config and it serves OK).

So the Apache config appears fine. Does that isolate this to the certificate then? But that seems to be for the correct domain/hostā€¦

OK we now have the right config serving the name: www.hatters.org.uk
But the cert being served is expired :frowning:
[Valid until Mon, 14 Jan 2019 19:23:19 UTC (expired 1 month ago) EXPIRED]

So please show:
certbot certificates

and also:
grep -i cert /home/conf/hatters/apache/www.hatters.org.uk-le-ssl.conf

certbot certificates shows the same error as before:

   Domain: alice.hatters.org.uk
   Type:   unauthorized
   Detail: Invalid response from
   http://alice.hatters.org.uk/.well-known/acme-challenge/xExxxGMvytUrNxmx6bSM8xrCV3194BDQ8ZP6vtMASIg
   [2001:ba8:0:2c38::39]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

grep -i cert /home/conf/hatters/apache/www.hatters.org.uk-le-ssl.conf shows:

  SSLCertificateFile /etc/letsencrypt/live/alice.hatters.org.uk/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/alice.hatters.org.uk/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/alice.hatters.org.uk/chain.pem

(and see further up the thread for the contents of cert.pem)

As written earlier: Use your webroot.

But your virtualHost with

doesn't have a webroot, so add one and use that. And if that doesn't work, create the test file 1234 and check the test file with your browser.

1 Like

@JuergenAuer

OK I think I got it.

The issue seemed to be in the fact that the docroot for /etc/apache2/sites-enabled/000-default.conf was not the same as that of www.hatters.org.uk - so I changed it to be the same and I could renew the cert!

Still donā€™t know what the hell was going on though.

Thanks for all your help meanwhile - very much appreciated!

PS: Going to have to open a separate thread on how I can get our default vhost to serve over SSL nowā€¦

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.