apache2 config help needed

41

It said:
<VirtualHost _default_: 443>

When I deleted the empty space, before 443 the error was gone.

But now I get another error:
Reloading LSB: Apache2 web server.
Jan 17 15:56:37 katbulk apache2[2038]: Reloading web server: apache2 failed!
Jan 17 15:56:37 katbulk apache2[2038]: The apache2 configtest failed. Not doing anything. … (warning).
Jan 17 15:56:37 katbulk apache2[2038]: Output of config test was:
Jan 17 15:56:37 katbulk apache2[2038]: AH00526: Syntax error on line 34 of /etc/apache2/sites-enabled/default-ssl.conf:
Jan 17 15:56:37 katbulk apache2[2038]: SSLCertificateFile: file β€˜/etc/letsencrypt/live/katbulk.hopto.org/cert1.pem’ does not exist or is empty.

42

it must be empty then? cause it exists, right?
─ live
β”‚ └── katbulk.hopto.org
β”‚ β”œβ”€β”€ cert.pem -> …/…/archive/katbulk.hopto.org/cert1.pem
β”‚ β”œβ”€β”€ chain.pem -> …/…/archive/katbulk.hopto.org/chain1.pem
β”‚ β”œβ”€β”€ fullchain.pem -> …/…/archive/katbulk.hopto.org/fullchain1.pem
β”‚ └── privkey.pem -> …/…/archive/katbulk.hopto.org/privkey1.pem

43

in live it looks like just β€œcert.pem” from what you have written, yet in the apache config file it’s pointing to β€œcert1.pem”

44

I installed it few times cause I didnt know what I was doing :grin:

When I type sudo tree /etc/letsencrypt the names in the live dir are cert1.pem, chain1.pem etc so thats why I point to cert1.pem

there’s no cert.pem

archive
β”‚ └── katbulk.hopto.org
β”‚ β”œβ”€β”€ cert1.pem
β”‚ β”œβ”€β”€ chain1.pem
β”‚ β”œβ”€β”€ fullchain1.pem
β”‚ └── privkey1.pem

45

Your own post just above begs to differ:

I cleary see cert.pem and chain.pem in the /live/ directory?

Learn more about what symlinks are and how they work.

46

Oh, youre right
wait

47

Ok, so now I can reload apache.
When I got to the website as usual, nothing changed, I can login and theres no lock. But when I go to https://katbulk.org I get a warning;

This connection is not secure

Your Browser asked to set up a secure connection with katbulk.hopto.org, but we can not confirm that your connection is secure. blabla

48 
Certificate chain
 0 s:/CN=katbulk.hopto.org
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X1

Well, that’s good anyway… And it’s the good certificate for katbulk.hopto.org (not katbulk.org though, that domain doesn’t even exist…) Only it doesn’t send the LE intermediate certificate.

What version of Apache do you have? If you have 2.4.8 or newer, you should point to fullchain.pem instead of cert.pem (fullchain.pem is just cert.pem+chain.pem in one file).
If older, then you should add:
SSLCertificateChainFile /etc/letsencrypt/live/katbulk.hopto.org/chain.pem
to your Apache configuration (just below SSLCertificateFile or something) and leave SSLCertificateFile pointed to cert.pem.

49

enter link description here

This is awesome!! Thank you, thank you so much guys.

(All I need to find out is how to force to https…)

50

Just add

<IfModule mod_alias.c>
    RedirectMatch permanent ^(?!/\.well-known/acme-challenge/).* https://katbulk.hopto.org$0
</IfModule>

To the <VirtualHost _default_:80> part of your Apache configuration. (I.e., the non-HTTPS part of your site).

51

That did it!
Thanks again. This is the best day of my life (well almost :smile_cat:)

3 Likes