My domain is: xyz-market.fr
I ran this command:
It produced this output:
My web server is (include version): CT on proxmox
The operating system my web server runs on is (include version): CentOs 7
My hosting provider, if applicable, is: My self on dedicated
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.5.0
other details:
I can’t get the certificate working or beiing detected here the config from httpd conf file:
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /var/www/html/
ServerName xyz-market.fr
RewriteEngine on
RewriteCond %{SERVER_NAME} =xyz-market.fr
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /var/www/html/
ServerName www.xyz-market.fr
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.xyz-market.fr
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Include /etc/httpd/conf/httpd-le-ssl.conf
Here the ssl conf:
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /var/www/html/
ServerName xyz-market.fr
SSLCertificateFile /etc/letsencrypt/live/xyz-market.fr/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/xyz-market.fr/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/xyz-market.fr/chain.pem
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /var/www/html/
ServerName www.xyz-market.fr
SSLCertificateFile /etc/letsencrypt/live/xyz-market.fr/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/xyz-market.fr/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/xyz-market.fr/chain.pem
</VirtualHost>
</IfModule>
if you have any idea to get this situation solved i’ll try thx.
Osiris
July 21, 2020, 12:07pm
2
If you put the code between three backticks (```), it would format perfectly with all the < and >.
Also, I'm not sure what the issue is here: If I go to www.xyz-market.fr , I'm seeing a green lock without any TLS error of any kind? So the LE certificate has been installed properly and is also being used.
Hi, thx for the tip.
the problem is on xyz-market.fr without the www i getting a red lock
Hi @ronylicha
why do you have two different port 80 vHosts, one with the non-www, one with the www?
Create one port 80 vHost with both domain names. Your certificate has already both domain names.
Then create one port 443 vHost - again with both domain names.
When i write two serverName in the same vhost, only the first is taken
Maybe you Can explain how to write it?
Osiris
July 21, 2020, 1:53pm
6
That's because that's not how Apache works. See the documentation: core - Apache HTTP Server Version 2.4
There you can also read how you could add more hostnames to the same VirtualHost section.
It's expected that you read the documentation instead of doing trial and error.
Hi,
I already read this doc long time ago, it’s not my first try of web server…
<VirtualHost *:80>
DocumentRoot /var/www/html/
ServerName xyz-market.fr
ServerAlias www.xyz-market.f
RewriteEngine on
RewriteCond %{SERVER_NAME} =xyz-market.fr [OR]
RewriteCond %{SERVER_NAME} =www.xyz-market.fr
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
And not working, i ust reconfig the server removed and reissue the certificat, same problem.
Maybe i just dont understand something, i’m just a human and dont know everything, that what i’m asking here…
I spend the last 40hours on this problem rebuilding end testing on different CT to check with a lot of apache version, Certbot version, SSL version and else, i have the same problem every time.
So if you can help me find what the point i did’nt uderstant thx.
Osiris
July 21, 2020, 3:01pm
9
What’s the output of apachectl -S?
Osiris:
apachectl -S
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/httpd.conf:358
VirtualHost configuration:
*:80 xyz-market.fr (/etc/httpd/conf/httpd.conf:360)
*:443 is a NameVirtualHost
default server xyz-market.fr (/etc/httpd/conf.d/ssl.conf:58)
port 443 namevhost xyz-market.fr (/etc/httpd/conf.d/ssl.conf:58)
port 443 namevhost xyz-market.fr (/etc/httpd/conf/httpd-le-ssl.conf:2)
alias www.xyz-market.fr
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/etc/httpd/run/" mechanism=default
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
PidFile: "/etc/httpd/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
Here the outpout thx
Osiris
July 21, 2020, 4:39pm
11
It seems you’ve got to possibly conflicting TLS configurations now:
/etc/httpd/conf.d/ssl.conf
/etc/httpd/conf/httpd-le-ssl.conf
It looks like /etc/httpd/conf/httpd-le-ssl.conf is working, because the www subdomain works nicely. Certbot used httpd.conf as a template for this httpd-le-ssl.conf file and for some reason didn’t notice there already was a TLS virtualhost in ssl.conf. (Perhaps because it’s located in the conf.d directory? I don’t know, I’m not using this Linux distribution…)
You should try to integrate those two files into one with both the hostnames in it.
Found the right way,
had to call httpd-le-ssl.conf before other conf and finally work
That's wrong. You have to remove your duplicated definitions.
Osiris
July 21, 2020, 5:50pm
14
ronylicha:
Found the right way,
It's more a workaround and leaves your Apache configuration in essence misconfigured.
