Certbot Renew failure

Larchbold · October 25, 2022, 8:02am

Please see contents of /etc/apache2/sites-enabled/000-default.conf below updated

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =unificontroller.rockfieldit.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

MikeMcQ · October 25, 2022, 1:39pm

I do not think you are using a backtick (`) character and the formatting is still a problem. But, we see enough to identify a problem.

A test request to unificontroller.rockfieldit.com should redirect to HTTPS based upon your Apache config. But, it does not. In fact, as I noted earlier, it looks like your management program for your unifi controller is connected to port 80 and not your apache server.

Example

curl -I unificontroller.rockfieldit.com
HTTP/1.1 302
Location: /manage
Transfer-Encoding: chunked
Date: Tue, 25 Oct 2022 13:32:37 GMT

In above we see:

a 302 redirect but your apache config would do a 301
The Location: is not for HTTPS url
No "Server: Apache" header which I would expect from your basic apache config

You need to review your unifi settings to ensure port 80 (http) requests get to Apache. You may need to ask on a unifi forum about this.

Larchbold · November 15, 2022, 2:34pm

Hi MikeMcQ

Thanks for your post above. I have ran a "curl -I unificontroller.rockfieldit.com and I noticed that output is different compared to your output earlier.

HTTP/1.1 301 Moved Permanently
Date: Tue, 15 Nov 2022 14:33:46 GMT
Server: Apache/2.4.41 (Ubuntu)
Location: https://unificontroller.rockfieldit.com/
Content-Type: text/html; charset=iso-8859-1

rg305 · November 15, 2022, 3:06pm

You have to run that from outside your network.
From the Internet, we see:

curl -Ii unificontroller.rockfieldit.com
HTTP/1.1 302
Location: /manage
Transfer-Encoding: chunked
Date: Tue, 15 Nov 2022 15:06:38 GMT

system · December 15, 2022, 3:07pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.