Could not reverse map the HTTPS VirtualHost to the original

This seems like a common problem with few or no solutions provided. Other than filling out the form, I have also provided my site config at the end of this post.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: skytoground.org

I ran this command: certbot install --cert-name skytoground.org

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Deploying certificate
Could not install certificate
Could not reverse map the HTTPS VirtualHost to the original
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): apache2

The operating system my web server runs on is (include version): ubuntu 20.04

My hosting provider, if applicable, is: n/a (Linode)

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.32.2

000-default.conf

WSGIApplicationGroup %{GLOBAL}
WSGIScriptAlias / /var/www/skydiving_tools/skydiving_tools/skydiving_tools/wsgi.py
WSGIPythonPath /var/www/skydiving_tools/skydiving_tools

<VirtualHost *:80>
  ServerName skytoground.org
  ServerAlias www.skytoground.org

  ServerAdmin webmaster@localhost
  DocumentRoot /var/www/html

  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  
  Alias /static/ /var/www/skydiving_tools/static_files/
  Alias /media/ /var/www/skydiving_tools/media_files/

  <Directory /var/www/skydiving_tools/static_files/>
  Require all granted
  Order allow,deny
  Allow from all
  </Directory>

  <Directory /var/www/skydiving_tools/media_files/>
  Require all granted
  Order allow,deny
  Allow from all
  </Directory>
</VirtualHost>

        

<Directory /var/www/skydiving_tools/skydiving_tools/skydiving_tools>
  <Files wsgi.py>
    Require all granted
  </Files>
</Directory>

You have the certificate. Your best option is to manually install it. Mozilla offers a great tool: https://ssl-config.mozilla.org/

Your problem is almost definitely due to the presence of mod_wsgi. Certbot's installation is essentially incompatible with many Apache modules mostly due to either: (i) an inability to parse apache configuration files that contain module specific syntax or directives; or (ii) the way certbot creates a new HTTPS host will duplicate a configuration directive that needs to be unique.

I think you are running into the latter problem, because IIRC Certbot will duplicate the entire file including those 3 mod_wsgi directives.

Here is a related question on Stack Overflow and some similar Certbot tickets.

Hi @SkyToGround, and welcome to the LE community forum

Let's begin to correct the problem by reviewing the Apache config, with:
sudo apachectl -t -D DUMP_VHOSTS

Sure:

*:80                   skytoground.org (/etc/apache2/sites-enabled/000-default.conf:5)

Is that the only output?

Except for the fluff, it sure is:

$ sudo apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:80                   skytoground.org (/etc/apache2/sites-enabled/000-default.conf:5)
$ 

Let's have a look at this file:

That file is posted in its entirety in my first post.

hmm...
It seems that certbot is being thrown off by the WSGI.

Can you manually create the HTTPS vhost?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.