Certbot - Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection

My domain is: sketchframer.net

I ran this command: certbot --apache

It produced this output:

Which names would you like to activate HTTPS for?


1: proxy-subdomains-vhost.localhost
2: sketchframer.net
3: sketchframer.com
4: cpanel.sketchframer.net
5: cpcalendars.sketchframer.net
6: cpcontacts.sketchframer.net
7: mail.sketchframer.net
8: mail.sketchframer.com
9: server.sketchframer.com
10: sketchframer.sketchframer.com
11: www.sketchframer.sketchframer.com
12: webdisk.sketchframer.net
13: webmail.sketchframer.net
14: www.sketchframer.com
15: www.sketchframer.net


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 2 15
Requesting a certificate for sketchframer.net and www.sketchframer.net

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/sketchframer.net/fullchain.pem
Key is saved at: /etc/letsencrypt/live/sketchframer.net/privkey.pem
This certificate expires on 2022-09-20.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for sketchframer.net to /etc/apache2/conf/httpd.conf
Successfully deployed certificate for www.sketchframer.net to /etc/apache2/conf/httpd.conf
Failed redirect for sketchframer.net
Unable to set the redirect enhancement for sketchframer.net.

NEXT STEPS:

  • The certificate was saved, but could not be installed (installer: apache). After fixing the error shown below, try installing it again by running:
    certbot install --cert-name sketchframer.net

Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): Django 3.12 on Apache/2.4.54 (cPanel)

The operating system my web server runs on is (include version): CentOS 7

My hosting provider, if applicable, is: Bluehost

I can login to a root shell on my machine: yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.28.0

More info: apachectl - S

VirtualHost configuration:
127.0.0.1:80 is a NameVirtualHost
default server server.sketchframer.com (/etc/apache2/conf/httpd.conf:300)
port 80 namevhost server.sketchframer.com (/etc/apache2/conf/httpd.conf:300)
port 80 namevhost proxy-subdomains-vhost.localhost (/etc/apache2/conf/httpd.conf:663)
wild alias cpanel.*
wild alias whm.*
wild alias webmail.*
wild alias webdisk.*
wild alias cpcalendars.*
wild alias cpcontacts.*
127.0.0.1:443 is a NameVirtualHost
default server server.sketchframer.com (/etc/apache2/conf/httpd.conf:771)
port 443 namevhost server.sketchframer.com (/etc/apache2/conf/httpd.conf:771)
wild alias cpanel.*
wild alias whm.*
wild alias webmail.*
wild alias webdisk.*
wild alias cpcalendars.*
wild alias cpcontacts.*
port 443 namevhost server.sketchframer.com (/etc/apache2/conf/httpd.conf:913)
162.241.177.72:80 is a NameVirtualHost
default server server.sketchframer.com (/etc/apache2/conf/httpd.conf:321)
port 80 namevhost server.sketchframer.com (/etc/apache2/conf/httpd.conf:321)
port 80 namevhost sketchframer.com (/etc/apache2/conf/httpd.conf:382)
alias mail.sketchframer.com
alias www.sketchframer.com
port 80 namevhost sketchframer.sketchframer.com (/etc/apache2/conf/httpd.conf:463)
alias mail.sketchframer.net
alias sketchframer.net
alias www.sketchframer.net
alias www.sketchframer.sketchframer.com
port 80 namevhost proxy-subdomains-vhost.localhost (/etc/apache2/conf/httpd.conf:663)
wild alias cpanel.*
wild alias whm.*
wild alias webmail.*
wild alias webdisk.*
wild alias cpcalendars.*
wild alias cpcontacts.*
162.241.177.72:443 is a NameVirtualHost
default server sketchframer.sketchframer.com (/etc/apache2/conf/httpd.conf:530)
port 443 namevhost sketchframer.sketchframer.com (/etc/apache2/conf/httpd.conf:530)
alias mail.sketchframer.net
alias sketchframer.net
alias www.sketchframer.net
alias www.sketchframer.sketchframer.com
alias cpcalendars.sketchframer.net
alias webdisk.sketchframer.net
alias cpcontacts.sketchframer.net
alias cpanel.sketchframer.net
alias webmail.sketchframer.net
port 443 namevhost server.sketchframer.com (/etc/apache2/conf/httpd.conf:771)
wild alias cpanel.*
wild alias whm.*
wild alias webmail.*
wild alias webdisk.*
wild alias cpcalendars.*
wild alias cpcontacts.*
port 443 namevhost server.sketchframer.com (/etc/apache2/conf/httpd.conf:913)
: server.sketchframer.com (/etc/apache2/conf/httpd.conf:351)
*:443 server.sketchframer.com (/etc/apache2/conf/httpd.conf:913)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/etc/apache2/htdocs"
Main ErrorLog: "/etc/apache2/logs/error_log"
Mutex rewrite-map: dir="/run/apache2" mechanism=fcntl
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: dir="/run/apache2" mechanism=fcntl
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/run/apache2/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: MODSEC_2.5
Define: MODSEC_2.9
User: name="nobody" id=99
Group: name="nobody" id=99

1 Like

Don't use Certbot on cPanel servers. It's not going to work out.

Use cPanel's AutoSSL feature.

5 Likes

oh, didn't know it.

Thanks!

3 Likes

These two name:port overlap/conflict:

port 80 namevhost server.sketchframer.com (/etc/apache2/conf/httpd.conf:300)
port 80 namevhost server.sketchframer.com (/etc/apache2/conf/httpd.conf:321)

These five name:port overlap/conflict:

port 443 namevhost server.sketchframer.com (/etc/apache2/conf/httpd.conf:913)
port 443 namevhost server.sketchframer.com (/etc/apache2/conf/httpd.conf:771)

port 443 namevhost server.sketchframer.com (/etc/apache2/conf/httpd.conf:913)

: server.sketchframer.com (/etc/apache2/conf/httpd.conf:351)

*:443 server.sketchframer.com (/etc/apache2/conf/httpd.conf:913)

These seem very extreme OR near impossible to implement correctly:
[although I can't seem to find any documentation on "Apache wild alias" to confirm]

wild alias cpanel.*
wild alias whm.*
wild alias webmail.*
wild alias webdisk.*
wild alias cpcalendars.*
wild alias cpcontacts.*
6 Likes

Thanks @rg305 for answer!

Do you think is possible to turn on SSL with Certbot on this server?
What should I do next?
Is it cleaning the vhost configuration?
(any suggestion where to start?)

I would definitely clean the vhost configuration first.

6 Likes