I need assistance. Here is what I have done so far.
-Installed letsencrypt with homebrew
-Installed certbot with homebrew
-Started the process on https://certbot.eff.org/lets-encrypt/osx-apache
When I run sudo certbot certonly --apache I get the following message
“No names were found in your configuration files. Please enter in your domain”
So I enter www.intdevices.com
This is when I receive the error
“Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80”
Upon reviewing this site and reading similar posts I have:
-Added an entry into httpd-vhosts.conf that reflects my site info
-Edited httpd-ssl.conf and commented out the default entry
I’d appreciate any help with this.
My domain is: intdevices.com
I ran this command: sudo certbot certonly --apache
It produced this output: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80
My web server is (include version): apache/ 2.4.16
The operating system my web server runs on is (include version): Mac os 10.10.5
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): Certbot 0.35.1
Checking your domain there is no older certificate, so it's your first certificate ( https://check-your-website.server-daten.de/?q=intdevices.com ).
But you have a 443 vHost and redirects http -> https.
Good: Port 80 is open and answers.
Perhaps share your 443 vHost configuration and use the DocumentRoot as webroot.
Apachectl -S says:
Main DocumentRoot: “/Library/Server/Web/Data/Sites/Default”
Main ErrorLog: “/private/var/log/apache2/error_log”
Mutex default: dir=/private/var/run/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex proxy-balancer-shm: using_defaults
User: name="_www" id=70 not_used
Group: name=_www" id=70 not_used
We had a certificate for it previously through Rapid SSL but it has expired so for now it is self signed. I really would like to decommission this server but server is out of the country for a month so my plan was to use letsencrypt for the time being.
There is no vHost listed. Did you use
a2enconf to enable the config file?
The standard page:
apache2.conf is the main configuration file. It puts the pieces together by including all remaining configuration files when starting up the web server.
ports.conf is always included from the main configuration file. It is used to determine the listening ports for incoming connections, and this file can be customized anytime.
< Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ directories contain particular configuration snippets which manage modules, global configuration fragments, or virtual host configurations, respectively.
They are activated by symlinking available configuration files from their respective *-available/ counterparts. These should be managed by using our helpers a2enmod, a2dismod, a2ensite, a2dissite, and a2enconf, a2disconf . See their respective man pages for detailed information.
Sorry, I didn’t see the last line. I actually don’t have any 443 entries in my vhosts file. Also please forgive me as I don’t have much experience configuring webservers.
Where does the a2enconf entry go?
In order to autoconfigure your web server, Certbot expects to find an existing HTTP VirtualHost stanza referring to the specific domain name that you want a certificate for. It seems like your might be using Apache in a default mode where you didn’t configure individual VirtualHosts but are instead using the default VirtualHost for your site. Certbot can’t autoconfigure servers in this configuration.
- Read some more Apache documentation/tutorials to see about how to create VirtualHosts, then create one (for HTTP/port 80 only) for your existing site, and then Certbot should recognize and understand this and be able to work with it.
- Alternatively, if you serve static files out of your webroot (DocumentRoot) directory, you can instead use
certbot certonly --webroot and tell Certbot where that directory is. In that case, it won’t install the certificate into your Apache configuration for you, but it can at least automatically obtain the certificate and then you can install it yourself in much the way that you did with your RapidSSL certificate.
Thanks a ton sir! Option 2 did the trick. One thing to note, the location of the certs that certbot led me to were actually aliases. Navigating to the folder where the certs actually were, I had to paste them to the desktop before I could actually successfully import them. But once that was all said and done, it worked like a charm. I really appreciate your help with this!
That's intentional because Certbot can renew certificates automatically (if
certbot renew is run frequently); there should be a new version generated every 60 days. That alias (symlink) always points to the current version of each associated file.
Good to know, so every time I need to renew certs would I have to copy them back to the desktop and re-import them?
Yes, unless you can get your web server to look at the aliases (which is our intended design but might not work in your environment).
If you’re using the macOS Keychain thing, I believe there is a way to automate the integration between that and Certbot with respect to certificate renewals, but I’m not familiar with that; if so, you could try searching the forum or start a new topic about how to get them to work together more conveniently.
Okay got it. Thanks again for all of your help!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.