Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: w4rku.us.to
I ran this command: sudo certbot --apache-ctl /opt/lampp/bin/apachectl
It produced this output: (98)Address already in use: AH00072: make_sock: could not bind to address 127.0.0.1:80 no listening sockets available, shutting down
My web server is apache Apache/2.4.52 (Ubuntu)
The operating system my web server runs on is Linux Mint 21
My hosting provider, if applicable, is: Self - built with lampp 8.0.23
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21.0
It appears that I have conflicting virtualhosts (guessing). On resides in /opt/lampp/etc/extra/httpd-vhosts.conf and maybe another in /etc/apache2/ in one of the directories (not sure which one). I don't recall ever messing with anything in the /etc/apache2 directory in the past. I am not sure if it was even there. Howeverthe only thing I can think of that is starting two processes. If I run netstat after the fact there is nothing on port 80. I am stumped.
I'm not familiar with there being an apache-ctl option in certbot but it seems very like something is already using port 80 (e.g. apache is already running).
Yes it asked me questions I can't remember how I answered. One thing was my domain name to use (I had aliases but only use the one).
I probably should have added I did run certbot --apache first and it failed so I did it again with the /opt/lampp/bin/apachectl option.
Here are the outputs:
ku@Mint-Tower:~$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: w4rku.us.to
Serial Number: 420dd2da483fea31525e85d888df840eeb1
Key Type: RSA
Domains: w4rku.us.to
Expiry Date: 2023-01-31 21:53:24+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/w4rku.us.to/fullchain.pem
Private Key Path: /etc/letsencrypt/live/w4rku.us.to/privkey.pem
I did the apachectl both ways (/opt/lampp/bin is in the path) and got these results
ku@Mint-Tower:~$ apachectl -t -D DUMP_VHOSTS
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
ku@Mint-Tower:/opt/lampp/bin$ /opt/lampp/bin/apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:80 is a NameVirtualHost
default server localhost (/opt/lampp/etc/extra/httpd-vhosts.conf:24)
port 80 namevhost localhost (/opt/lampp/etc/extra/httpd-vhosts.conf:24)
alias www.localhost
port 80 namevhost w4rku.us.to (/opt/lampp/etc/extra/httpd-vhosts.conf:32)
alias www.w4rku.us.to
alias w4rku.com
alias www.w4rku.com
I could restore from the snapshot and clean stuff up and run certbot again.
Ok I am not sure what to do here. I restored to before I started. I removed the /etc/apache2 direcory - it only had a non-function file in it.
I installed via snap this time. I went to install using the following command and the results are as follow:
Thank you for the help so far. I ran this and it appears that it worked and after reboot the server works and there is no /etc/apache2 directory. Progress!
I answered the questions with my Email, accepted the TOS, said "N" to news, and it issued the certificate.
However there are two things I think need to be done still. First is an entry in the /opt/lampp/etc/extra/httpd-vhosts.conf and add a port 443 entry. Then change the .htaccess in the root of the website to take http and force it to https.
Make the change in WordPress (I have done some of this before with a hosting company's help).
Am I right or is the vhosts taken care of somewhere else?
I have figured this much out. The httpd.conf file I have uses this entry.
# Secure (SSL/TLS) connections
<IfModule ssl_module>
# XAMPP
<IfDefine SSL>
Include etc/extra/httpd-ssl.conf
</IfDefine>
</IfModule>
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
In the the ect/extra/http-ssl.conf file are definitions for using a CA certificate ( I won't bother with those details).
LetsEcrypt uses the file httpd-vhosts-le-ssl.conf for this purpose. When I created using certonly this file was not created. If I substitute the above include with your name and create the file
httpd-vhosts-le-ssl.conf manually (there are a few examples out there) - would that solve the issue of the 443 entry and does the name have to be that? Also, is that SSLRandomSeed necessary?
When using certonly, certbot won't do anything else - just obtain a cert.
You will have to address the other two concerns yourself.
That is expected.
I'm not sure I understand what is meant by "your name" and "the name"...
But a server block that listens on 443 with SSL on and uses the cert is required for HTTPS to "work".
That said, it can be in its' own file or included within the https-vhosts.conf file.
[they both get included into the running config]
It is likely a non-issue, but I would leave it as is.
Thank you - I have in the interim kind of figured that was going to be your answer. I am going to try one more thing and that I can define the paths for the apache for the options. That would be ideal.
If that doesn't work I will try work it out for myself.