Certbot Auto Selects Apache Plugin and Generates "No vhost selected" Error


#1

Please fill out the fields below so we can help you better.

My domain is: mdebmwiki.com

I ran this command:

It produced this output:

My operating system is (include version): wheezy 7

My web server is (include version): Apache/2.2.22 (Debian)

My hosting provider, if applicable, is: godaddy.com ,hosted on my own PC.

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

  1. I installed via SSH. I put “mdebmwiki.com” and auto-redirect to the secure version (option 2) in the certbot installer, and it seemed to install OK.

  2. I did run ./certbot-auto again and added “www.mdebmwiki.com” but it seemed to refuse that.

  3. when I run the test on https://www.whynopadlock.com/check.php, it looks OK but shows only 0 images downloaded, so I am not sure its testing anything after my initial page (which redirects to “http://www.mdebmwiki.com/mediawiki/index.php/Main_Page

  4. When I run whynopadlock.com again on “http://www.mdebmwiki.com/mediawiki/index.php/Main_Page” it says SSL verification issue (possibly mismatchd url or bad intermediate cert.) details error no certificate subject alternative name matches" On opera typing “https://www.mdebmwiki.com” a pop-up states that the site may be insecure and trying to trick me.

My ?s - 1) How can I have typing “mdebmwiki.com” into the address bar on a browse,r automatically redirect to https

  1. Do I need to edit my certificate and remove the “www.mdebmwiki.com” domain ?

thanks for the insight.


#2

hi @pablitoescobar

from the certificates you certificate is only valid for your top level domain not your www. domains

https://crt.sh/?id=109176961

did run ./certbot-auto again and added “www.mdebmwiki.com” but it seemed to refuse that.

what was the error that you reeived

  1. When I run whynopadlock.com again on “http://www.mdebmwiki.com/mediawiki/index.php/Main_Page” it says SSL verification issue (possibly mismatchd url or bad intermediate cert.) details error no certificate subject alternative name matches" On opera typing “https://www.mdebmwiki.com” a pop-up states that the site may be insecure and trying to trick me.

no, you do not have a valid certificate for www.mdebmwiki.com

ANdrei


#3

Said it couldnt find the vhost?

here is my log

2017-03-27 02:57:31,387:DEBUG:certbot.main:Root logging level set at 20
2017-03-27 02:57:31,389:INFO:certbot.main:Saving debug log to /var/log/letsencr$
2017-03-27 02:57:31,391:DEBUG:certbot.main:certbot version: 0.12.0
2017-03-27 02:57:31,392:DEBUG:certbot.main:Arguments: [’–apache’, ‘-d’, 'mdebm$
2017-03-27 02:57:31,393:DEBUG:certbot.main:Discovered plugins: PluginsRegistry($
2017-03-27 02:57:31,397:DEBUG:certbot.plugins.selection:Requested authenticator$
2017-03-27 02:57:35,476:DEBUG:certbot.plugins.selection:Single candidate plugin$
Description: Apache Web Server plugin - Beta
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache.configurator:ApacheConfigurator
Initialized: <certbot_apache.configurator.ApacheConfigurator object at 0x2fbfb1$
Prep: True
2017-03-27 02:57:35,480:DEBUG:certbot.plugins.selection:Selected authenticator $
2017-03-27 02:57:35,520:DEBUG:certbot.main:Picked account: <Account(f3c3d153672$
2017-03-27 02:57:35,526:DEBUG:acme.client:Sending GET request to https://acme-v$
2017-03-27 02:57:35,567:DEBUG:requests.packages.urllib3.connectionpool:Starting$
2017-03-27 02:57:37,934:DEBUG:requests.packages.urllib3.connectionpool:https://$
2017-03-27 02:57:37,943:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Content-Type: application/json
Content-Length: 352
Boulder-Request-Id: G–k-ZsDLUlasEQIxvocBbR7OeSafEh5yJWgXVHyB6U
Replay-Nonce: 3C0np7728qtQUupiM8hZMpGRuHCQlHBWWRB2MBDmKm0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
Expires: Mon, 27 Mar 2017 02:57:37 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 27 Mar 2017 02:57:37 GMT
Connection: keep-alive

{
“key-change”: “https://acme-v01.api.letsencrypt.org/acme/key-change”,
“new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”,
“new-cert”: “https://acme-v01.api.letsencrypt.org/acme/new-cert”,

“new-authz”: “https://acme-v01.api.letsencrypt.org/acme/new-authz”,
“new-cert”: “https://acme-v01.api.letsencrypt.org/acme/new-cert”,
“new-reg”: “https://acme-v01.api.letsencrypt.org/acme/new-reg”,
“revoke-cert”: “https://acme-v01.api.letsencrypt.org/acme/revoke-cert
}
2017-03-27 02:57:38,158:INFO:certbot.renewal:Cert not yet due for renewal
2017-03-27 02:57:46,535:INFO:certbot.main:Keeping the existing certificate
2017-03-27 02:57:46,542:DEBUG:certbot.reporter:Reporting to user: Congratulatio$
2017-03-27 02:57:47,551:INFO:certbot_apache.configurator:Deploying Certificate $
2017-03-27 02:57:47,554:DEBUG:certbot_apache.configurator:Apache version is 2.2$
2017-03-27 02:57:47,930:DEBUG:certbot.reverter:Creating backup of /etc/apache2/$
2017-03-27 02:58:06,279:ERROR:certbot_apache.configurator:No vhost exists with $
2017-03-27 02:58:06,292:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbo$
fullchain_path=fullchain_path)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbo$
vhost = self.choose_vhost(domain)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbo$
return self._choose_vhost_from_list(target_name, temp)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbo$
raise errors.PluginError(“No vhost selected”)
PluginError: No vhost selected

2017-03-27 02:58:06,294:DEBUG:certbot.error_handler:Calling registered functions
2017-03-27 02:58:06,404:DEBUG:certbot.reporter:Reporting to user: Unable to ins$
2017-03-27 02:58:06,416:DEBUG:certbot.main:Exiting abnormally:
Traceback (most recent call last):
File “/root/.local/share/letsencrypt/bin/letsencrypt”, line 11, in
sys.exit(main())
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbo$
return config.func(config, plugins)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbo$
install_cert(config, le_client, domains, new_lineage)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbo$
path_provider.cert_path, path_provider.chain_path, path_provider.fullchain
$

File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbo$
path_provider.cert_path, path_provider.chain_path, path_provider.fullchain_$
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbo$
fullchain_path=fullchain_path)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbo$
vhost = self.choose_vhost(domain)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbo$
return self._choose_vhost_from_list(target_name, temp)
File "/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/certbo$
raise errors.PluginError(“No vhost selected”)
PluginError: No vhost selected


#4

the most likely reason is the way that the Apache Installer works (i.e. it requires a VHOST file per domain)

review here: https://certbot.eff.org/docs/using.html#apache


#5

But really its only 1 domain, “mdebmwiki.com” correct?


#6

root@lemaker:/home/bananapi# ./certbot-auto certificates
WARNING: unable to check for updates.
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Found the following certs:
Certificate Name: mdebmwiki.com-0001
Domains: mdebmwiki.com
Expiry Date: 2017-06-24 23:37:00+00:00 (VALID: 86 days)
Certificate Path: /etc/letsencrypt/live/mdebmwiki.com-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mdebmwiki.com-0001/privkey.pem
Certificate Name: mdebmwiki.com
Domains: mdebmwiki.com www.mdebmwiki.com
Expiry Date: 2017-06-24 23:29:00+00:00 (VALID: 86 days)
Certificate Path: /etc/letsencrypt/live/mdebmwiki.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mdebmwiki.com/privkey.pem

in my /var/www I have an “index.html” file that i believe is mdebmwiki.com and it redirects to my wiki…in some other folder… /var/lib/mediawiki


#7

Deleted both certificates to try a re-install, now am getting…

"./certbot-auto --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error while running apache2ctl configtest.
Action ‘configtest’ failed.
The Apache error log may have more information.

Syntax error on line 32 of /etc/apache2/sites-enabled/default-le-ssl.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/mdebmwiki.com-0001/cert.pem’ does not exist or is empty

The apache plugin is not working; there may be problems with your existing configuration.
The error was: MisconfigurationError(“Error while running apache2ctl configtest.\nAction ‘configtest’ failed.\nThe Apache error log may have more information.\n\nSyntax error on line 32 of /etc/apache2/sites-enabled/default-le-ssl.conf:\nSSLCertificateFile: file ‘/etc/letsencrypt/live/mdebmwiki.com-0001/cert.pem’ does not exist or is empty\n”,)"

and now I get this …with my website being down…

root@lemaker:/etc/apache2/sites-enabled# apachectl configtest
Syntax error on line 32 of /etc/apache2/sites-enabled/default-le-ssl.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/mdebmwiki.com-0001/cert.pem’ does not exist or is empty
Action ‘configtest’ failed.
The Apache error log may have more information.
root@lemaker:/etc/apache2/sites-enabled#

…removed the default-le-ssl.conf file and the site is backup…how should I start over?


#8

Hi @pablitoescobar

Mozilla TLS Configurator should give you good examples of how to configure TLS properly

https://wiki.mozilla.org/Security/TLS_Configurations

Andrei


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.