I was able to use certbot on two of my domains, cloud.XXX.de and vault.XXX.de but on my third page that i want to create certbot fails with "Could not reverse map the HTTPS VirtualHost to the original".
- Certbot can Renew Certificates for the other pages successfully
- apache2ctl configtest returns Syntax OK
- apache2 starts without any visible errors
- Creating a Cert for md.XXX.de results in Could not reverse map the HTTPS VirtualHost to the original
- the http Version of md.XXX.de returns the path/page that was defined in the vhost file, the https version returns the website of Cloud.XXX.de - i dont know why but i suppose its because i didnt define a File for https so it just uses another one.
- I also tried to include ServerAlias www.md.xxx.de in the md.xxx.de config but it did not seem to change anything. This is the most minimal version of the vhost config i could think of and still its not working
- I also tried making another A DNS entry with another sub Domain and the same config but it still does not seem to work.
My Vhost Configs look like this:
000-default.conf
<VirtualHost *:80>
#htaccess bs
<Directory /var/www/html/empty>
AllowOverride All
Require all granted
</Directory>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/empty
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/empty
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
#own:
#https://upcloud.com/community/tutorials/install-lets-encrypt-apache/
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
cloud.XXX.de.conf
<VirtualHost *:80>
ServerName cloud.XXX.de
DocumentRoot /var/www/html/xxx-cloud
<Directory /var/www/html/xxx-cloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.cloud.XXX.de [OR]
RewriteCond %{SERVER_NAME} =cloud.XXX.de
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
cloud.XXX.de-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName cloud.XXX.de
DocumentRoot /var/www/html/xxx-cloud
<Directory /var/www/html/xxx-cloud/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
php_flag output_buffering off
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/cloud.xxx.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.xxx.de/privkey.pem
</VirtualHost>
</IfModule>
vault.xxx.de.conf
<VirtualHost *:80>
ServerName vault.xxx.de
DocumentRoot /var/www/html/test
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /notifications/hub(.*) ws://127.0.0.1:3012/$1 [P,L]
ProxyPass / http://127.0.0.1:1336/
ProxyPreserveHost On
ProxyRequests Off
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
RewriteCond %{SERVER_NAME} =vault.xxx.de
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
vault.xxx.de-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName vault.xxx.de
DocumentRoot /var/www/html/test
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /notifications/hub(.*) ws://<SERVER>:3012/$1 [P,L]
ProxyPass / http://127.0.0.1:1336/
ProxyPreserveHost On
ProxyRequests Off
RequestHeader set X-Real-IP %{REMOTE_ADDR}s
SSLCertificateFile /etc/letsencrypt/live/vault.xxx.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/vault.xxx.de/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
md.xxx.de.conf
<VirtualHost *:80>
ServerName md.xxx.de
DocumentRoot /var/www/html/test
</VirtualHost>
And the Certbot Log looks like this
/var/log/letsencrypt/letsencrypt.log
2021-12-29 12:55:05,875:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-12-29 12:55:05,877:DEBUG:certbot._internal.display.obj:Notifying user: Could not install certificate
2021-12-29 12:55:05,877:DEBUG:certbot._internal.display.obj:Notifying user: NEXT STEPS:
2021-12-29 12:55:05,877:DEBUG:certbot._internal.display.obj:Notifying user: - The certificate was saved, but could not be installed (installer: apache). After fixing the error shown below, try installing it again by running:
certbot install --cert-name md.xxx.de
2021-12-29 12:55:05,877:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/snap/certbot/1670/bin/certbot", line 8, in <module>
sys.exit(main())
File "/snap/certbot/1670/lib/python3.8/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/snap/certbot/1670/lib/python3.8/site-packages/certbot/_internal/main.py", line 1632, in main
return config.func(config, plugins)
File "/snap/certbot/1670/lib/python3.8/site-packages/certbot/_internal/main.py", line 1371, in run
raise installer_err
File "/snap/certbot/1670/lib/python3.8/site-packages/certbot/_internal/main.py", line 1355, in run
_install_cert(config, le_client, domains, new_lineage)
File "/snap/certbot/1670/lib/python3.8/site-packages/certbot/_internal/main.py", line 963, in _install_cert
le_client.deploy_certificate(domains, path_provider.key_path, path_provider.cert_path,
File "/snap/certbot/1670/lib/python3.8/site-packages/certbot/_internal/client.py", line 591, in deploy_certificate
self.installer.deploy_cert(
File "/snap/certbot/1670/lib/python3.8/site-packages/certbot_apache/_internal/configurator.py", line 509, in deploy_cert
vhosts = self.choose_vhosts(domain)
File "/snap/certbot/1670/lib/python3.8/site-packages/certbot_apache/_internal/configurator.py", line 535, in choose_vhosts
return [self.choose_vhost(domain, create_if_no_ssl)]
File "/snap/certbot/1670/lib/python3.8/site-packages/certbot_apache/_internal/configurator.py", line 712, in choose_vhost
vhost = self.make_vhost_ssl(vhost)
File "/snap/certbot/1670/lib/python3.8/site-packages/certbot_apache/_internal/configurator.py", line 1396, in make_vhost_ssl
raise errors.PluginError(
certbot.errors.PluginError: Could not reverse map the HTTPS VirtualHost to the original
2021-12-29 12:55:05,878:ERROR:certbot._internal.log:Could not reverse map the HTTPS VirtualHost to the original
Also:
apachectl configtest
Syntax OK
systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2021-12-29 11:48:29 CET; 1h 28min ago