Apache not loading SSL virtualhost

I’m trying to enable a 000-default-le-ssl.conf, everything looks OK when running a2ensite 000-default-le-ssl a reloading apache2 and I even used sudo apachectl configtest with Syntax OK result, but when I run the apachectl -S the command doesn’t display the the *443 configuration.

The apache2 error logs doesn’t show any errors related to this.

I also enabled the 000-default.conf and it works correctly, and it shows up when I use the apachectl -S.

This is on a server that I’m upgrading, and the settings are the same using in production and they working OK in the old server. I have also tested the process moving a site to a new server, and I didn’t have this problem.

This is the virtualhost that I’m using:

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        ServerName domain.com
        ServerAlias www.domain.com
        DocumentRoot /var/www/html

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

the fullchaing and privkey are in location.

This is the output I get:

root@webserver:/etc/apache2/sites-available# apachectl -S
VirtualHost configuration:
*:80                   domain.com (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
User: name="www-data" id=33
Group: name="www-data" id=33

As you can see ,the *:443 is missing.

Any ideas how to fix this problem?

post your actual domain name.

you reloaded apache, right?

check /etc/apache2/sites-enabled

Apache has been reloaded.
I also try disabling the site command, reload apache, enable site command, and reload apache.
Both virtualhosts for 80 and 443 appear in the Sites-Enabled folder.
The domain is This is a new test server, before moving site. So, it’s not live, yet.
I also restarted the server just in case.

I don’t need a domain for another machine, give me an address on which this server responds :smiley:

This is the machine I’m using.

a2enmod ssl ?

or maybe…

I want to cry, because I’m still learning, I spent countless hours search before posting in here.

Thank you, it seem that fixed the issue. However, after enabling the a2enmod ssl will stay enabled after reboot and apache reload?

it should, check modules-available and modules-enabled, there should be a symlink in the second location. This sounds like something certbot should check, did you use certbot?

Yes, the ssl.load and ssl.conf have symlinks to the mods-enabled folder.

The thing is that I’m using prebuilt vm. Let’s Encrypt is install and ready to go, but because the server initial setup wants to set the site https, and because I’m moving a site from the old to this new server, I skipped the https setup. Then moved the sites and letsencrypt folder to the new server.
And this is probably why the module was disabled.

Now, I’m noticing that the IP address of the new server is loading with https without issues, and I haven’t yet run sudo letsencrypt renew --dry-run is this an expected behavior.

Can I keep the new server turn on running the https until I’m ready to switch while the old server continues to run as always?

yes. be aware that http-01 validation will fail before switching dns records.

worst case scenario, once you switch dns records you’ll start on an expired certificate.

1 Like

Thank you for your help.
One last question, what log file and entry I need to check to find out the certbot cron checking job worked?


1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.