CertBot unable to install certificate on fresh apache2 installation

nope i'm just bad at pasting

$ sudo ls -la /etc/apache2/sites-available
total 16
drwxr-xr-x 2 root root 4096 Apr  4 06:08 .
drwxr-xr-x 8 root root 4096 Apr  4 02:50 ..
-rw-r--r-- 1 root root 1089 Apr  4 02:50 2darkpark.net-le-ssl.conf
-rw-r--r-- 1 root root  483 Apr  4 06:08 2darkpark.net.conf

Let's try this:

sudo a2dissite 2darkpark.net.conf

sudo a2ensite 2darkpark.net.conf

sudo apachectl -k restart

sudo cat /etc/apache2/sites-enabled/2darkpark.net.conf

$ sudo a2dissite 2darkpark.net.conf
Site 2darkpark.net disabled.
To activate the new configuration, you need to run:
  systemctl reload apache2
$ sudo a2ensite 2darkpark.net.conf
Enabling site 2darkpark.net.
To activate the new configuration, you need to run:
  systemctl reload apache2
$ sudo apachectl -k restart
'AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
$ sudo cat /etc/apache2/sites-enabled/2darkpark.net.conf
<VirtualHost *:80>
	ServerName 2darkpark.net
	ServerAlias www.2darkpark.net
	ServerAdmin nat@2darkpark.net
	DocumentRoot /var/www/html
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	
	Redirect permanent "/" "https://www.2darkpark.net/"

	#RewriteEngine on
	#RewriteCond %{SERVER_NAME} =www.2darkpark.net [OR]
	#RewriteCond %{SERVER_NAME} =2darkpark.net
	#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Are you actually using tab characters in your conf file?

Er, yes, is that a problem?

Replace them all with spaces if you would. Please put 4 spaces at the beginning of each line in the conf file (except for the blank lines, which should have no characters at all).

Show me this again once you're done:

sudo cat /etc/apache2/sites-enabled/2darkpark.net.conf

edit:
put no spaces before the virtualhost lines

Erk, didn't know that tabs were an issue. If it wasn't already obvious, I have much to learn.

$ sudo cat /etc/apache2/sites-enabled/2darkpark.net.conf
<VirtualHost *:80>
    ServerName 2darkpark.net
    ServerAlias www.2darkpark.net
    ServerAdmin nat@2darkpark.net
    DocumentRoot /var/www/html/
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Redirect permanent "/" "https://www.2darkpark.net/"

    #RewriteEngine on
    #RewriteCond %{SERVER_NAME} =www.2darkpark.net [OR]
    #RewriteCond %{SERVER_NAME} =2darkpark.net
    #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

One moment... checking something...

And again now...

sudo apachectl -k restart

Still defaults http! This is getting somewhat absurd.

hmm... one moment...

Are you using a Digital Ocean load balancer?

Er, no idea. if it's on by default, then probably yes. I'm only paying for one CPU core though, so I would think it's not enabled?

I wonder...

sudo apachectl -S

sudo cat /etc/apache2/sites-enabled/2darkpark.net-le-ssl.conf

$ sudo apachectl -S
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443                  www.2darkpark.net (/etc/apache2/sites-enabled/2darkpark.net-le-ssl.conf:2)
*:80                   is a NameVirtualHost
         default server 2darkpark.net (/etc/apache2/sites-enabled/2darkpark.net-le-ssl.conf:17)
         port 80 namevhost 2darkpark.net (/etc/apache2/sites-enabled/2darkpark.net-le-ssl.conf:17)
                 alias www.2darkpark.net
         port 80 namevhost 2darkpark.net (/etc/apache2/sites-enabled/2darkpark.net.conf:1)
                 alias www.2darkpark.net
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
Mutex watchdog-callback: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

$ sudo cat /etc/apache2/sites-enabled/2darkpark.net-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName www.2darkpark.net
    ServerAlias www.2darkpark.net
    ServerAdmin nat@2darkpark.net
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias 2darkpark.net
SSLCertificateFile /etc/letsencrypt/live/www.2darkpark.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.2darkpark.net/privkey.pem
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:80>
    ServerName 2darkpark.net
    ServerAlias www.2darkpark.net
    ServerAdmin nat@2darkpark.net
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =www.2darkpark.net [OR]
# RewriteCond %{SERVER_NAME} =2darkpark.net
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>
</IfModule>

and there it is..

Edit /etc/apache2/sites-available/2darkpark.net-le-ssl.conf

Remove everything from the second copy of the following line to the end of the file (including this line):

<IfModule mod_ssl.c>

Then run these:

sudo apachectl -k restart

sudo apachectl -S

edit:
In essence you're removing the second virtualhost and the surrounding "if" lines.

Oh my lord I should have been able to figure that one out myself

Thank you so much for your help!

Redirects are working now!

hang on, what the hell? navigating to 2darkpark.net defaults to https, but www.2darkpark.net does not.