Certbot "successful", but still don't have an ssl certificate

Huh. Interesting

My world has been changed, lol

So should I uninstall Apache then?

If you want, I guess?

The advantage with Certbot + Apache is that Certbot can automatically configure your Apache’s SSL for you.

With lighttpd, you’re (a little bit more) on your own.

Just for kicks, you can try stop lighttpd and try start Apache in its place. For example:

sudo service lighttpd stop
sudo service apache2 start

and try see if your website still works the same.

If it does, you could consider uninstalling lighttpd and keeping Apache instead!

Yea! The website still works, so I’ll just uninstall lighttpd

You’ll also want to make sure Apache starts on boot:

sudo systemctl enable apache2

and once you get rid of lighttpd, you can also retry the Certbot installation from before:

sudo certbot --apache

It says it succeeded! Hopefully it is working (once again)

Thank you for your help with diagnosing the issue!

One issue I just noticed is that it doesn’t seem to auto upgrade http to https, which is honestly what I would prefer for my site. Is there something I can manually change with my Apache install?

I think Certbot can do it for you, something like:

sudo certbot enhance -d snreloaded.stream --redirect

snreloaded@Machina:~$ sudo certbot enhance -d snreloaded.stream --redirect
[sudo] password for snreloaded:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator None, Installer apache

Which certificate would you like to use to enhance your configuration?


1: snreloaded.stream


Press 1 [enter] to confirm the selection (press ‘c’ to cancel): 1

Which domain names would you like to enable the selected enhancements for?


1: snreloaded.stream


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Enhancement redirect was already set.
snreloaded@Machina:~$

Hmm. That’s weird. I wonder if you have duplicate virtual hosts.

What’s this show now:

sudo apachectl -t -D DUMP_VHOSTS

snreloaded@Machina:~$ sudo apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443 snreloaded.stream (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80 is a NameVirtualHost
default server Machina.mtu.edu (/etc/apache2/sites-enabled/000-default-le-ssl.conf:37)
port 80 namevhost Machina.mtu.edu (/etc/apache2/sites-enabled/000-default-le-ssl.conf:37)
port 80 namevhost Machina.mtu.edu (/etc/apache2/sites-enabled/000-default.conf:1)

I think the redirect is setup, but because there’s two duplicate virtual hosts for the same hostname, the one without the redirect is taking effect.

sudo a2dissite 000-default
sudo service apache2 reload

(If that’s the wrong one, we can switch it around after).

That did not auto upgrade

I think it might be because of the .edu domain hanging around. Not really sure.

Might be worth opening up /etc/apache2/sites-enabled/000-default-le-ssl.conf and seeing what’s going on in there, around line 37.

Maybe the redirect is there, but its setup for your .edu domain instead of the .stream one.

I’m not even using the edu domain anymore (I don’t remember setting it up tbh) so I could just toss that

Output ->
snreloaded@Machina:~$ less /etc/apache2/sites-enabled/000-default-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
ServerName snreloaded.stream
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/snreloaded.stream/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/snreloaded.stream/privkey.pem
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =snreloaded.stream
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]


</VirtualHost>
</IfModule>

How do I do code tags here?

Edit: thanks

I edited it for you. You either have to left-pad by 4 spaces, or use triple backticks:

```apache
<VirtualHost blah>
</VirtualHost>
```

Anyway, you can see near the bottom of the file where it says:

# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

If you uncomment the two lines after that and reload Apache, perhaps it will start working.

Edit: I’m guessing you got banhammered by the forum because this thread went so long, but glad to see you got it working. :laughing:

1 Like

Yea! Uncommenting those last two lines worked! (Ran out of posts, posting this 6 hours later due to having a new account)

This worked perfectly and is upgrading http to https perfectly

Thank you for your help and time!