Config Files Not Created when Terminal Messages Say They Have Been

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: lightbe.lightbe.com

I ran these commands:

brew install certbot
sudo apachectl restart
sudo certbot --apache

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?

1: lightbe.lightbe.com

Select the appropriate numbers separated by commas and/or spaces, or leave input

blank to select all options shown (Enter ‘c’ to cancel):

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for lightbe.lightbe.com

Error while running apachectl configtest.

AH00526: Syntax error on line 1 of /private/etc/apache2/other/le_http_01_challenge_pre.conf:

Invalid command ‘RewriteEngine’, perhaps misspelled or defined by a module not included in the server configuration

Cleaning up challenges

Error while running apachectl configtest.

AH00526: Syntax error on line 1 of /private/etc/apache2/other/le_http_01_challenge_pre.conf:

Invalid command ‘RewriteEngine’, perhaps misspelled or defined by a module not included in the server configuration

File /private/etc/apache2/other/le_http_01_challenge_pre.conf was not created.

My web server is (include version): Apache 2.4.33

The operating system my web server runs on is (include version): MacOS 10.13.6

My hosting provider, if applicable, is: my MacMini Server development machine

I can login to a root shell on my machine (yes or no, or I don’t know): ?

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.32.0

2

Hi @lightbe

is mod_rewrite working?

Check mods-enabled:

/etc/apache2/
|-- apache2.conf
|       `--  ports.conf
|-- mods-enabled
|       |-- *.load
|       `-- *.conf
|-- conf-enabled
|       `-- *.conf
|-- sites-enabled
|       `-- *.conf
3

This is my first time doing this. I don't have apache2.conf on my computer. I have httpd.conf. I removed the # on the following statement.

LoadModule rewrite_module libexec/apache2/mod_rewrite.so

When I ran sudo certbot --apache again, I got the following terminal messages.

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

1: lightbe.lightbe.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Select the appropriate numbers separated by commas and/or spaces, or leave input

blank to select all options shown (Enter 'c' to cancel): 

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for lightbe.lightbe.com

Waiting for verification...

Cleaning up challenges

Created an SSL vhost at /private/etc/apache2/extra/httpd-vhosts-le-ssl.conf

Cannot find an SSLCertificateFile directive in /files/private/etc/apache2/extra/httpd-vhosts-le-ssl.conf/IfModule/VirtualHost. VirtualHost was not modified

Unable to find an SSLCertificateFile directive

**IMPORTANT NOTES:**

 **- Unable to install the certificate**

 - Congratulations! Your certificate and chain have been saved at:

/etc/letsencrypt/live/lightbe.lightbe.com/fullchain.pem

Your key file has been saved at:

/etc/letsencrypt/live/lightbe.lightbe.com/privkey.pem

Your cert will expire on 2019-06-10. To obtain a new or tweaked

version of this certificate in the future, simply run certbot again

with the "certonly" option. To non-interactively renew *all* of

your certificates, run "certbot renew"

[~]$ sudo apachectl restart

Password:

[~]$ sudo certbot renew --dry-run

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Processing /etc/letsencrypt/renewal/lightbe.lightbe.com.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Cert not due for renewal, but simulating renewal for dry run

Plugins selected: Authenticator apache, Installer apache

Renewing an existing certificate

Performing the following challenges:

http-01 challenge for lightbe.lightbe.com

Waiting for verification...

Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

new certificate deployed with reload of apache server; fullchain is

/etc/letsencrypt/live/lightbe.lightbe.com/fullchain.pem

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

** DRY RUN: simulating 'certbot renew' close to cert expiry

** (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:

/etc/letsencrypt/live/lightbe.lightbe.com/fullchain.pem (success)

** DRY RUN: simulating 'certbot renew' close to cert expiry

** (The test certificates above have not been saved.)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

**IMPORTANT NOTES:**

 - Your account credentials have been saved in your Certbot

configuration directory at /etc/letsencrypt. You should make a

secure backup of this folder now. This configuration directory will

also contain certificates and private keys obtained by Certbot so

making regular backups of this folder is ideal.

[~]$ certbot -v

The following error was encountered:

[Errno 13] Permission denied: '/var/log/letsencrypt/.certbot.lock'

Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.

The file I mentioned in my question was still not created. I need help on how to check the rest of this.

4

You have created a valid certificate. So that works.

But certbot can't install it, your configuration looks very unusual.

Perhaps you have to install the certificate manual.

What says

apachectl configtest

now, when you have activated mod_rewrite?

Normally, there are only max. three lines in the ssl config:

    SSLCertificateFile /usr/local/ssl/crt/public.crt
    SSLCertificateKeyFile /usr/local/ssl/private/private.key
    SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt

But it's possible that SSLCertificateChainFile is missing. So check your config to find your standard ssl config and replace these filenames with

/etc/letsencrypt/live/lightbe.lightbe.com/fullchain.pem
/etc/letsencrypt/live/lightbe.lightbe.com/privkey.pem

then restart your Apache.

5

PS: You don't have a working configuration, but you have already a redirect http -> https.

But your server blocks https ( https://check-your-website.server-daten.de/?q=lightbe.lightbe.com ):

Domainname Http-Status redirect Sec. G
http://lightbe.lightbe.com/
99.189.103.174 301 https://lightbe.lightbe.com/ 0.324 A
https://lightbe.lightbe.com/
99.189.103.174 -2 1.477 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 99.189.103.174:443
http://lightbe.lightbe.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
99.189.103.174 301 https://lightbe.lightbe.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 0.354 A
Visible Content:
https://lightbe.lightbe.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de -2 1.470 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 99.189.103.174:443
Visible Content:

You should only add a redirect http -> https if you have a valid configuration with a working https - vHost.

6

The command said Syntax OK. I just updated SSLCertificateKeyFile & SSLCertificateChainFile and restarted Apache.

7

Does it work? I see only a redirect http -> https and a blocking firewall.

https://lightbe.lightbe.com/
99.189.103.174
	-2
	
	1.466
	V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 99.189.103.174:443
8

It’s not working. I’m trying to find where I would have a redirect. I did this years ago but I don’t remember how. I don’t do this regularly.

I’m attempting to add a certificate to a Ruby on Rails application. The production version is hosted on Heroku. The only possible redirect might be in the app’s config file where it forces SSL. On Heroku it uses Let’s Encrypt for free SSL.

9

I have port forwarding on for port 443 on my router.

10

The redirection is not a problem.
The problem seems to be that port 443 is being blocked.

curl -Iki https://lightbe.lightbe.com/
curl: (7) Failed to connect to lightbe.lightbe.com port 443: Connection refused

wget https://lightbe.lightbe.com/
--2019-03-12 18:20:35--  https://lightbe.lightbe.com/
Resolving lightbe.lightbe.com (lightbe.lightbe.com)... 99.189.103.174
Connecting to lightbe.lightbe.com (lightbe.lightbe.com)|99.189.103.174|:443... failed: Connection refused.
11

I’m using an AT&T U-verse router. When I check the router settings it says it’s open. Where else can I look to see where the port is being blocked?

12

Maybe your router, maybe a firewall one step later, that blocks incoming requests.

13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.