"Cannot find a cert or key directive" error

Warfley · March 1, 2017, 4:56pm

Hello,
i tried to use certbot with: certbot --apache -d kehrein.eu
This produced the following error:

Cannot find a cert or key directive in /files/etc/apache2/vhosts.d/kehrein-ssl.conf/IfDefine/IfDefine/VirtualHost. VirtualHost was not modified
Unable to find cert and/or key directives

IMPORTANT NOTES:

Unable to install the certificate

my kehrein-ssl.conf is a copy of the template (only changed things like server name) and therefore has SSLEngine on, SSLCertificateFile and SSLCertificateKeyFile in it.

So i tried to create only the certificates using:
certbot-auto --apache certonly
which worked pretty well. Now i've got the certificates in /etc/letsencryt/live/kehrein.eu/*.
So i edited my kehrein-ssl.conf to

SSL Virtual Host Context

<VirtualHost *:443>

General setup for the virtual host

DocumentRoot "/srv/www/htdocs"
ServerName kehrein.eu
#ServerAdmin webmaster@example.com
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log

SSL Engine Switch:

Enable/Disable SSL for this virtual host.

SSLEngine on

You can use per vhost certificates if SNI is supported.

SSLCertificateFile /etc/letsencrypt/live/kehrein.eu/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/kehrein.eu/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/kehrein.eu/fullchain.pem

Per-Server Logging:

The home of a custom SSL log file. Use this when you want a

compact non-error SSL logfile on a virtual host basis.

CustomLog /var/log/apache2/ssl_request_log ssl_combined

But when i try to open https://kehrein.eu in my browser (Safari) i get the Cant connect to server message
The software im using is apache 2.4.23 on opensuse 42.2 Leap

serverco · March 1, 2017, 6:24pm

Can you paste your config at pastebin.com or place three tick marks ` before and after the paste so that the code isn’t interpreted by the forum software please.

Also, have you got any firewall or anything blocking access to port 443?

Warfley · March 2, 2017, 3:11pm

Thanks for your reply,
this is the /etc/apache2/vhost.d/kehrein-ssl.conf file:
http://pastebin.com/PP8j8Ppb

and this is my /etc/apache2/listen.conf
http://pastebin.com/4Zw5c3Kv

Also this happens with a deactivated firewall as well.

serverco · March 2, 2017, 3:17pm

You have a basic config there ( see https://mozilla.github.io/server-side-tls/ssl-config-generator/ for some more appropriate values ) . I suspect that the various components for https are not enabled on your server.

what is the operating System that apache is running on ?

Also, have you enabled the packages etc for SSL on that machine ?

Warfley · March 2, 2017, 4:25pm

im running Apache 2.4.23 on OpenSuSe Leap 42.2.

When i am running

sudo a2enmod ssl

i get as result:

"ssl" already present

So i guess ssl is enabled, or is there anything else to do?

Here you can find my current httpd.conf file

serverco · March 2, 2017, 4:32pm

I think opensuse also uses flags - so you need " a2enflag SSL" and restart the apache server ( not just a reload ) if you haven’t done that,

system · April 1, 2017, 4:32pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.