I recently installed a Linux virtual machine (Ubuntu 18.04) with a MS Azure account. It runs Apache/2.4.29 (Ubuntu) and I installed certbot 1.13.0 with Snap. It creates the correct certificates, changes the configuration files stored in /etc/apache2/sites-available/my-domain.com.conf and my-domain.com-le-ssl.conf
I noticed that it does not create the challenge for my application (under /var/www/html/jmqap/.well-known/acme-challenge).
I checked the paths, the firewall configuration (ufw is disabled), the port 80 and 443, but I cannot figure out why the website is not loading. More details below.
Any idea?
Thanks in advance
- Domain: jmqap.com (the web server will also hosts some other domains once the issue I am experiencing will be solved)
- I ran this command: sudo certbot --apache
- It produced the output shown below:
Requesting a certificate for jmqap.com and www.jmqap.com
Created an SSL vhost at /etc/apache2/sites-available/jmqap.com-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/jmqap.com-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/jmqap.com-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/jmqap.com-le-ssl.conf
Redirecting vhost in /etc/apache2/sites-enabled/jmqap.com.conf to ssl vhost in /etc/apache2/sites-available/jmqap.com-le-ssl.conf
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/jmqap.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/jmqap.com/privkey.pem
Your certificate will expire on 2021-06-14. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again with the "certonly" option. To non-interactively
renew all of your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
*My web server is Apache/2.4.29
- OS: Ubuntu 18.04
- Hosting provider: MS Azure VM
- I can login to a root shell on my machine
- I'm not using a control panel to manage my site
- The version of my client is certbot 1.13.0 from Certbot Project (installed via snap)
- the ufw status is inactive
- I launched the command lsof -iTCP -sTCP:LISTEN -P and the port 443 is working (see below).
systemd-r 895 systemd-resolve 13u IPv4 18063 0t0 TCP localhost:53 (LISTEN)
sshd 1094 root 3u IPv4 22599 0t0 TCP *:22 (LISTEN)
sshd 1094 root 4u IPv6 22601 0t0 TCP *:22 (LISTEN)
mysqld 1129 mysql 32u IPv6 24687 0t0 TCP *:33060 (LISTEN)
mysqld 1129 mysql 37u IPv6 24691 0t0 TCP *:3306 (LISTEN)
apache2 3345 root 4u IPv6 44557 0t0 TCP *:80 (LISTEN)
apache2 3345 root 6u IPv6 44561 0t0 TCP *:443 (LISTEN)
apache2 3350 www-data 4u IPv6 44557 0t0 TCP *:80 (LISTEN)
apache2 3350 www-data 6u IPv6 44561 0t0 TCP *:443 (LISTEN)
apache2 3351 www-data 4u IPv6 44557 0t0 TCP *:80 (LISTEN)
apache2 3351 www-data 6u IPv6 44561 0t0 TCP *:443 (LISTEN)
apache2 3352 www-data 4u IPv6 44557 0t0 TCP *:80 (LISTEN)
apache2 3352 www-data 6u IPv6 44561 0t0 TCP *:443 (LISTEN)
apache2 3353 www-data 4u IPv6 44557 0t0 TCP *:80 (LISTEN)
apache2 3353 www-data 6u IPv6 44561 0t0 TCP *:443 (LISTEN)
apache2 3356 www-data 4u IPv6 44557 0t0 TCP *:80 (LISTEN)
apache2 3356 www-data 6u IPv6 44561 0t0 TCP *:443 (LISTEN)
- Finally, this is the /etc/apache2/sites-available/jmqap.com.conf content
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin claudio.oriani@gmail.com
ServerName jmqap.com
ServerAlias www.jmqap.com
DocumentRoot /var/www/html/jmqap
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
<Directory /var/www/html/jmqap>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.jmqap.com [OR]
RewriteCond %{SERVER_NAME} =jmqap.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
- And this is the jmqap.com-le-ssl.conf content:
ServerAdmin claudio.oriani@gmail.com
ServerName jmqap.com
ServerAlias www.jmqap.com
DocumentRoot /var/www/html/jmqap
#set the default action for all other requests
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
<Directory /var/www/html/jmqap>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/jmqap.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/jmqap.com/privkey.pem
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin claudio.oriani@gmail.com
ServerName jmqap.com
ServerAlias www.jmqap.com
DocumentRoot /var/www/html/jmqap
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
<Directory /var/www/html/jmqap>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
RewriteEngine on
#Some rewrite rules in this file were disabled on your HTTPS site,
#because they have the potential to create redirection loops.
#RewriteCond %{SERVER_NAME} =www.jmqap.com [OR]
#RewriteCond %{SERVER_NAME} =jmqap.com
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteCond %{SERVER_NAME} =jmqap.com [OR]
RewriteCond %{SERVER_NAME} =www.jmqap.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
