Certbot Unable to find a virtual host on port 80

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: tunefind.info

I ran this command: certbot certonly -d tunefind.info

It produced this output:

How would you like to authenticate with the ACME CA?

1: Apache Web Server plugin (apache)
2: Runs an HTTP server locally which serves the necessary validation files under
the /.well-known/acme-challenge/ request path. Suitable if there is no HTTP
server already running. HTTP challenge only (wildcards not supported).
(standalone)
3: Saves the necessary validation files to a .well-known/acme-challenge/
directory within the nominated webroot path. A separate HTTP server must be
running and serving files from the webroot path. HTTP challenge only (wildcards
not supported). (webroot)

Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Requesting a certificate for tunefind.info
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): apache (I don't know how to check the version)

The operating system my web server runs on is (include version): Redhat Linux Rocky 9.5

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 3.1.0

With that error message, I looked into the ERROR LOG.

2025-09-27 13:36:06,774:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 27 Sep 2025 04:36:06 GMT
Content-Type: application/json
Content-Length: 995
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY

Strange thing is my Web-server runs apache, but LOG say nginx. Why ?
Any possible help for fixing this request? Thanks, thanks, thanks.

I cannot reproduce this. It looks just fine.

$ curl -6IL tunefind.info/.well-known/acme-challenge/hi
curl: (6) Could not resolve host: tunefind.info

$ curl -4IL tunefind.info/.well-known/acme-challenge/hi
HTTP/1.1 404 Not Found
Date: Sat, 27 Sep 2025 09:54:08 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1

Because those are replies from Let's Encrypt server which is nginx

Dear Mike,

Thanks for your comment. I see that Let's Encrypt server is on nginx.

Any help for the following message? https is port 4xx (4 houndres someting), isn’t it? Virtual server setting is in the config script somewhere in httpd-apache config ? Or ssl.conf somewhere ?

Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

The message is self-explanatory, isn't it? Certbot needs to see a HTTP virtual host--one listening on port 80. You don't have one. You need to create one. It certainly wouldn't be in ssl.conf, as HTTPS isn't on port 80.

Apache has a default server defined in the httpd conf. And, some people even put explicit VirtualHost statements there. But, generally the best practice is to have each VirtualHost in their own file. Certbot's --apache option needs an explicit VirtualHost for your domain rather than relying just on the default.

Place all the needed configuration options (log files, DocumentRoot, ...) in that VirtualHost. If the Certbot request succeeds it will create another VirtualHost for port 443 with certificate settings and carry over the other settings from the port 80 VHost you made.

See this Apache docs page: VirtualHost Examples - Apache HTTP Server Version 2.4
Follow the section named "Running several name-based web sites on a single IP address"

On your o/s there is a /etc/httpd/conf.d/ where you place a file for each VirtualHost. Files in that directory are included by a reference in your base httpd config. See: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/deploying_different_types_of_servers/setting-apache-http-server_deploying-different-types-of-servers#apache-intro_setting-apache-http-server

Oops. I see Rocky uses the more common sites-available / sites-enabled directories. See: Apache Multiple Site - Documentation
It also has nicer examples of VirtualHost configs than RedHat link I provided

Dear danb35,

Thanks for your comment. I am still in vague what should I do to fix this error. I think my WEB servers, two of them, tunefind.info and tunefind.org are running with Apache with Port 80. May I ask <Virtual_Host> question? I haven’t edited any on ssl.conf at /etc/httpd/conf.d. In this ssl.conf there is a commented two lines,

#DocumentRoot "/var/www/html"
#ServerName www.example.com:443

Should I better to uncomment and write the real my WEB server domain name here,

DocumentRoot "/var/www/html"
ServerName tunefind.org (OR tunefind.info) :443

I have been running two domains, both of them encountered the same ERROR message : Unable to find a virtual host on port 80.

Excuse me my brain isn’t good enough to understand the ERROR message as well as your suggestion.

Let me post here the LOG MESSAGE as the entire. I can’t read well though ..

2025-09-27 13:51:21,085:DEBUG:certbot._internal.main:certbot version: 3.1.0
2025-09-27 13:51:21,086:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/bin/certbot
2025-09-27 13:51:21,086:DEBUG:certbot._internal.main:Arguments: ['--apache']
2025-09-27 13:51:21,086:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEn>
2025-09-27 13:51:21,097:DEBUG:certbot._internal.log:Root logging level set at 30
2025-09-27 13:51:21,098:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2025-09-27 13:51:21,214:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.62
2025-09-27 13:51:21,478:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Authenticator, Installer, Plugin
Entry point: EntryPoint(name='apache', value='certbot_apache._internal.entrypoint:ENTRYPOINT', group='certbot.plugins')
Initialized: <certbot_apache._internal.override_fedora.FedoraConfigurator object at 0x7ff25ec0df10>
Prep: True
2025-09-27 13:51:21,479:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_fedora.FedoraConfigur>
2025-09-27 13:51:21,479:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2025-09-27 13:54:30,088:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2025-09-27 13:54:30,090:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2025-09-27 13:54:30,207:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 995
2025-09-27 13:54:30,209:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 27 Sep 2025 17:54:30 GMT
Content-Type: application/json
Content-Length: 995
Connection: keep-alive

No. Don't put your vhost in ssl.conf.

Hi ! There, everyone, I will post my recent efforts. I created a new file called ‘tunefind.info.conf’ at /etc/httpd/conf.d/ location. Because this error is Apache_httpd problem. Certbot is working fine and Certbot has already made a set of Certificate, PrivatePey, Chain_Certificate, and ca-bundle.crt. In my newly created “tunefind.info.conf”, I worte the following a few lines. Are they are O.K.?

<VirtualHost *:80>
ServerName www.tunefind.info
Redirect / https://www.tunefind.info/
</VirtualHost>

Then I also tried to edit as much the “ssl.conf” file at

/etc/httpd/conf.d/

=========

# 

Listen 443 https

## SSL Global Context

SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog

# Inter-Process Session Cache:

SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout  300

# 

# Use "SSLCryptoDevice" to enable any supported hardware

# 

SSLCryptoDevice builtin
#SSLCryptoDevice ubsec

## SSL Virtual Host Context

<VirtualHost _default_:443>
DocumentRoot "/var/www/html"
ServerName www.tunefind.info:443
#
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
#   SSL Engine Switch:
SSLEngine on


# SSL Engine Switch:

SSLEngine on

# 

# List the protocol versions which clients are allowed to connect with.

SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3

# 

SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateChainFile /etc/pki/tls/certs/ca_bundle.trust.crt
SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

#

# SSLOptions +StdEnvVars

#
#<Directory "/var/www/cgi-bin">

</FilesMatch>
#<Directory "/var/www/cgi-bin">
#    SSLOptions +StdEnvVars
#</Directory>
#
</VirtualHost>

Hello ! Everyone, I am a newbie about SSL_https, so I can’t do anything in confidence. I just did trial-and-error approach, and this my editing of ssl.conf could be messy. Any comments is appreciated. Thanks. I am so sorry about that the ssl.conf CODEs posting is messy. Which parameters should be the essential for successful Virtual Host configuration? Mitsuru Kido

Dear MikeMcQ,
Thank you for your long reply. I will tell you that my WEB server is just one domain name and one DNS number. Very simple one. I just want to figure it out for successful transfer of 80 to 443, and make it activated https communication. I wrote somewhere that all certificates and private key are successfully created. The last part is Virtual Host configuration. The simple error message didn’t make me understand which parts of configuration I have to fix. Thanks, everyone !

Yes, you did, but I see no history of a Let's Encrypt certificate ever issued for your domain name. What does this show

sudo certbot certificates

Hi ! MikeMcQ, Sorry for this late reply. I was busy for my language class study,

here is the answer. Now what should I suppose to do?

mkido@svr1$sudo certbot certificates
[sudo] password for mkido:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

No certificates found.

~

DEBUG LOG is,

debug log to /var/log/letsencrypt/letsencrypt.log

2025-10-17 04:44:24,831:DEBUG:certbot._internal.main:certbot version: 3.1.0
2025-10-17 04:44:24,831:DEBUG:certbot._internal.main:Location of certbot entry point: /bin/certbot
2025-10-17 04:44:24,831:DEBUG:certbot._internal.main:Arguments:

2025-10-17 04:44:24,832:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,>
2025-10-17 04:44:24,845:DEBUG:certbot._internal.log:Root logging level set at 30
2025-10-17 04:44:24,846:DEBUG:certbot._internal.display.obj:Notifying user: No certificates found.

Dear MikeMcQ,

Hello, How are you. Excuse me my sporadic, and slow reaction here. I am too busy to access here frequently. Now I clearly know that My VirtualHost configuration is not perfect. I mean the configuration has an error part, so I must fix it at first, then I will run again,

#certbot –apache

When I modified my VIRTUALHOST configuration CODEs inside, I always get various different error comments. So I will contune here to show what is going on with my VIRTUALHOST configuration. Thanks everyone. Shortly, Mitsuru Kido

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.