Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: bree.org.uk
I ran this command:
certbot -v --apache -d bree.org.uk
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Requesting a certificate for bree.org.uk
Performing the following challenges:
http-01 challenge for bree.org.uk
Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Snippet from the certbot error log:
2023-04-20 12:47:12,518:DEBUG:acme.client:Storing nonce: F9779Bm_4QGGQgbpAODhCeHouEG9L4rdMHY1WTgTkixofps
2023-04-20 12:47:12,519:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-04-20 12:47:12,519:INFO:certbot._internal.auth_handler:http-01 challenge for bree.org.uk
2023-04-20 12:47:12,528:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3.11/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
resps = self.auth.perform(achalls)
File "/usr/lib/python3.11/site-packages/certbot_apache/_internal/configurator.py", line 2474, in perform
http_response = http_doer.perform()
File "/usr/lib/python3.11/site-packages/certbot_apache/_internal/http_01.py", line 66, in perform
File "/usr/lib/python3.11/site-packages/certbot_apache/_internal/http_01.py", line 102, in _mod_config
selected_vhosts += self._relevant_vhosts()
File "/usr/lib/python3.11/site-packages/certbot_apache/_internal/http_01.py", line 145, in _relevant_vhosts
certbot.errors.PluginError: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
Thanks. Fedora has apachectl (not apache2ctl) but I get:
$ apachectl -t -D DUMP_VHOSTS
Passing arguments to httpd using apachectl is no longer supported.
You can only start/stop/restart httpd using this script.
To pass extra arguments to httpd, see the httpd.service(8)
The httpd.service man page is unenlightening about how to do this.
I should mention that httpd is running and I can browse to port 80 manually, including from outside my local net.
It's also surprising that the Certbot error gives a trace dump in the log, which to me would indicate a code bug of some sort. Maybe I'm wrong about that.
Yes, I noticed that. Nevertheless, port 80 is open and I can browse to it. I assume there's something wrong with my httpd config file but can't see what it is. I'm basically following the instructions at:
The firewall directs 80->80 and 443->443. I notice that the netstat output shows port 80 for tcp6, which as far as I know I don't run. The fact remains that from outside the network I can browse to port 80, and port 443 gives me an SSL challenge as it should.