Certbot "successful", but still don't have an ssl certificate

Yeah, I agree. In the previous error stack, it says it rolled back the changes, which would explain why it’s the same.

Can we try stop the webserver? This would help narrow down why Certbot can’t restart it.

sudo service apache2 stop

and then verify nothing’s running on port 80:

sudo ss -tlnp | grep ":80"

snreloaded@Machina:~ sudo service apache2 stop snreloaded@Machina:~ sudo ss -tlnp | grep “:80”
LISTEN 0 128 0.0.0.0:80 0.0.0.0:* users:((“lighttpd”,pid=2104,fd=4)) LISTEN 0 128 [::]:80 [::]:* users:((“lighttpd”,pid=2104,fd=5))

Makes sense.

So, you have two webservers installed:

  • Apache
  • lighttpd

They’re both configured to listen to port 80 - which isn’t going to work. Apache can’t start because lighttpd stole its port.

Do you know what you need lighttpd for? You probably only want one of the webservers at the end of the day.

I don’t think I’m using lighttpd for anything, so I can uninstall it and restart my system, try the reinstall again

Your current website at http://snreloaded.stream/ is being served by lighttpd.

Perhaps be a little careful if you intend to uninstall it - you don’t want to lose any of your work!

Odd, because when I first created the site I had to remove the default Apache page.

My web root is /var/www/html/, and I remember moving the default index.html over (I do have it on GitHub as well)

Total speculation, but perhaps your lighttpd configuration is also using /var/www/html to serve up your website?

If Apache dropped its default page in there when it was installed, it may have given the wrong impression that you were hosting using Apache.

Edit: Just checked, and the default document root on Ubuntu for lighttpd is indeed /var/www/html:

server.document-root        = "/var/www/html"

Do you happen to know what Ubuntu server uses by default? Because I started editing the HTML files on a fresh Ubuntu server install

Do you mean what webserver it uses by default? I’m not sure - there’s a lot of “flavors”. But we definitely know you’re using lighttpd right now because it’s revealed in a response header (last line):

$ curl -X GET -I http://snreloaded.stream/
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/html
Accept-Ranges: bytes
ETag: "837399829"
Last-Modified: Sat, 27 Apr 2019 09:54:38 GMT
Content-Length: 1815
Date: Wed, 15 Jan 2020 06:11:13 GMT
Server: lighttpd/1.4.45

Just restarted my server, can you try that command again?

Same result - lighttpd.

Huh. Interesting

My world has been changed, lol

So should I uninstall Apache then?

If you want, I guess?

The advantage with Certbot + Apache is that Certbot can automatically configure your Apache’s SSL for you.

With lighttpd, you’re (a little bit more) on your own.

Just for kicks, you can try stop lighttpd and try start Apache in its place. For example:

sudo service lighttpd stop
sudo service apache2 start

and try see if your website still works the same.

If it does, you could consider uninstalling lighttpd and keeping Apache instead!

Yea! The website still works, so I’ll just uninstall lighttpd

You’ll also want to make sure Apache starts on boot:

sudo systemctl enable apache2

and once you get rid of lighttpd, you can also retry the Certbot installation from before:

sudo certbot --apache

It says it succeeded! Hopefully it is working (once again)

Thank you for your help with diagnosing the issue!

One issue I just noticed is that it doesn’t seem to auto upgrade http to https, which is honestly what I would prefer for my site. Is there something I can manually change with my Apache install?

I think Certbot can do it for you, something like:

sudo certbot enhance -d snreloaded.stream --redirect

snreloaded@Machina:~$ sudo certbot enhance -d snreloaded.stream --redirect
[sudo] password for snreloaded:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator None, Installer apache

Which certificate would you like to use to enhance your configuration?


1: snreloaded.stream


Press 1 [enter] to confirm the selection (press ‘c’ to cancel): 1

Which domain names would you like to enable the selected enhancements for?


1: snreloaded.stream


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Enhancement redirect was already set.
snreloaded@Machina:~$

Hmm. That’s weird. I wonder if you have duplicate virtual hosts.

What’s this show now:

sudo apachectl -t -D DUMP_VHOSTS