Well, I only promoted the www address for my NextCloud.
I initially understood it wrong and thought certs cannot contain www, so I started without and corrected it afterwards. The www worked for me all the years.
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
ServerName www.woestmeyer.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.woestmeyer.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.woestmeyer.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
</VirtualHost>
</IfModule>
Okay, that way? /var/www/html is my NC installation.
Yes! Deleted the unused one.
The site now comes up with:
Internal Server Error
The server encountered an internal error and was unable to complete your request. Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report. More details can be found in the server log.
I think, the logs are the NC logs to look up, right?
Yes, the certs look fine now. They are renewing successfully and connections to your www domain use the current cert. Note you have an IP address in the DNS for your root name so requests can be made to that name. And, HTTPS requests fail due to mis-matched domain name but if you don't care I don't care
The HTTP 500 error is not related to the certs. I didn't see anything in your Apache config that causes that. But, what is in this folder?
ls -l /etc/apache2/sites-enabled/
Also, did you change anything in your base Apache config recently?
I contains mostly the same as the conf without the *.save extension , see above.
Unfortunately not. If, then I made this long time ago. Or edited it, due to new config requirements of NC.
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
ServerName www.woestmeyer.com
SSLCertificateFile /etc/letsencrypt/live/www.woestmeyer.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.woestmeyer.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
</VirtualHost>
</IfModule>
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomai>
</IfModule>
Just to be safe you should move that .save file to your /sites-available/ folder or somewhere else if you still need it.
As for the http 500, you should see some errors in the Apache error logs. It is also affecting just HTTP requests to your root domain so is not cert related. Something must be in your base Apache config that is causing this.
I know you don't care about the root name requests but this just helps locate the problem.
It is a little odd that the Strict-Transport-Security header is set for this HTTP request. Normally that is only used for HTTPS requests so maybe this is a clue on what to look at in your Apache config.
Do you think I should better start over with my NC installation?
As it's only for private use, it's no really a big deal. It has several odd configuration changes and additions over the years, that I did not track by 100 %.
Guess what, I'll do that. A fresh start once in awhile can do wonders. Tracking back old errors is a waste of time.
Now I understand it much more than in 2018, and the installation / updating is not a nightmare anymore.
When there's another problem with the certs, I'll be back here.
