I’m trying to enable a 000-default-le-ssl.conf, everything looks OK when running a2ensite 000-default-le-ssl a reloading apache2 and I even used sudo apachectl configtest with Syntax OK result, but when I run the apachectl -S the command doesn’t display the the *443 configuration.
The apache2 error logs doesn’t show any errors related to this.
I also enabled the 000-default.conf and it works correctly, and it shows up when I use the apachectl -S.
This is on a server that I’m upgrading, and the settings are the same using in production and they working OK in the old server. I have also tested the process moving a site to a new server, and I didn’t have this problem.
This is the virtualhost that I’m using:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Apache has been reloaded.
I also try disabling the site command, reload apache, enable site command, and reload apache.
Both virtualhosts for 80 and 443 appear in the Sites-Enabled folder.
The domain is 192.241.1.2. This is a new test server, before moving site. So, it’s not live, yet.
I also restarted the server just in case.
it should, check modules-available and modules-enabled, there should be a symlink in the second location. This sounds like something certbot should check, did you use certbot?
Yes, the ssl.load and ssl.conf have symlinks to the mods-enabled folder.
The thing is that I’m using prebuilt vm. Let’s Encrypt is install and ready to go, but because the server initial setup wants to set the site https, and because I’m moving a site from the old to this new server, I skipped the https setup. Then moved the sites and letsencrypt folder to the new server.
And this is probably why the module was disabled.
Now, I’m noticing that the IP address of the new server is loading with https without issues, and I haven’t yet run sudo letsencrypt renew --dry-run is this an expected behavior.
Can I keep the new server turn on running the https until I’m ready to switch while the old server continues to run as always?