Could not reverse map the HTTPS VirtualHost to the original

rg305 · November 29, 2023, 10:04am

This needs to be fixed:

benaustralia:

Deploying certificate
Some rewrite rules copied from /etc/apache2/sites-enabled/000-default.conf were disabled in the vhost for your HTTPS site located at 
/etc/apache2/sites-available/000-default-le-ssl.conf because they have the potential to create redirection loops.
Could not install certificate

Then do this:

benaustralia:

NEXT STEPS:
- The certificate was saved, but could not be installed (installer: apache). After fixing the error shown below, try installing it ag
ain by running:
  certbot install --cert-name 8teeth.com

NOT this:
[anymore]

rg305 · November 29, 2023, 10:05am

benaustralia · November 29, 2023, 10:25am

ubuntu@ip-172-26-1-129:~$ sudo certbot install --cert-name 8teeth.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Deploying certificate
Some rewrite rules copied from /etc/apache2/sites-enabled/000-default.conf were disabled in
 the vhost for your HTTPS site located at /etc/apache2/sites-available/000-default-le-ssl.c
onf because they have the potential to create redirection loops.
Could not install certificate
Could not reverse map the HTTPS VirtualHost to the original
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile 
/var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

benaustralia · November 29, 2023, 10:26am

ubuntu@ip-172-26-1-129:~$ sudo apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:80                   8teeth.com (/etc/apache2/sites-enabled/000-default.conf:1)

rg305 · November 29, 2023, 10:28am

You skipped step one?
[step two won't work without its' completion]

rg305:

This needs to be fixed:

benaustralia:

Deploying certificate
Some rewrite rules copied from /etc/apache2/sites-enabled/000-default.conf were disabled in the vhost for your HTTPS site located at 
/etc/apache2/sites-available/000-default-le-ssl.conf because they have the potential to create redirection loops.
Could not install certificate

rg305 · November 29, 2023, 10:30am

Please show these two files [if they exist]:

note: they are shown in two different locations

benaustralia · November 29, 2023, 10:31am

benaustralia:

Deploying certificate
Some rewrite rules copied from /etc/apache2/sites-enabled/000-default.conf were disabled in the vhost for your HTTPS site located at 
/etc/apache2/sites-available/000-default-le-ssl.conf because they have the potential to create redirection loops.
Could not install certificate

Yes, I thought ii was was simply information. Sorry, how to do this?

rg305 · November 29, 2023, 10:34am

I seem to have already posted my reply to your most recent request:

Let's start here:

benaustralia · November 29, 2023, 10:36am

Seems only '000-default.conf' exists:

ubuntu@ip-172-26-1-129:/etc/apache2/sites-enabled$ pwd
/etc/apache2/sites-enabled
ubuntu@ip-172-26-1-129:/etc/apache2/sites-enabled$ ls
000-default.conf

Contents of '000-default.conf':

<VirtualHost *:80>
 # The ServerName directive sets the request scheme, hostname and port that
 # the server uses to identify itself. This is used when creating
 # redirection URLs. In the context of virtual hosts, the ServerName
 # specifies what hostname must appear in the request's Host: header to
 # match this virtual host. For the default virtual host (this file) this
 # value is not decisive as it is used as a last resort host regardless.
 # However, you must set it for any further virtual host explicitly.
 #ServerName www.example.com

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

 # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
 # error, crit, alert, emerg.
 # It is also possible to configure the loglevel for particular
 # modules, e.g.
 #LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

 # For most configuration files from conf-available/, which are
 # enabled or disabled at a global level, it is possible to
 # include a line for only one particular virtual host. For example the
 # following line enables the CGI configuration for this host only
 # after it has been globally disabled with "a2disconf".
 #Include conf-available/serve-cgi-bin.conf

ServerName 8teeth.com
ServerAlias www.8teeth.com
RewriteEngine on
RewriteCond %{HTTP_HOST} ^8teeth.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.8teeth.com$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

rg305 · November 29, 2023, 10:42am

Ok, let's start by cleaning up that vhost config:

remove all the remarks [the lines that begin with #]
remove all the blank lines
indent for ease of human legibility
reorder lines [more human related stuff]

Should look like this:

<VirtualHost *:80>
    ServerName 8teeth.com
    ServerAlias www.8teeth.com
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^8teeth.com$ [OR]
    RewriteCond %{HTTP_HOST} ^www.8teeth.com$
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Then try (again):

`certbot install --cert-name 8teeth.com`

If that fails ...
[let me pause on that - with just one instruction at a time - OR was that already two? - LOL]

benaustralia · November 29, 2023, 11:13am

Oh, I messed up. Sorry. Both files are present.

(a) Below is /etc/apache2/sites-enabled/000-default.conf updated as you suggested (only your code):

<VirtualHost *:80>
ServerName 8teeth.com
ServerAlias www.8teeth.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{HTTP_HOST} ^8teeth.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.8teeth.com$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

(b) The contents of /etc/apache2/sites-available/000-default-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
 # The ServerName directive sets the request scheme, hostname and port that
 # the server uses to identify itself. This is used when creating
 # redirection URLs. In the context of virtual hosts, the ServerName
 # specifies what hostname must appear in the request's Host: header to
 # match this virtual host. For the default virtual host (this file) this
 # value is not decisive as it is used as a last resort host regardless.
 # However, you must set it for any further virtual host explicitly.
 #ServerName www.example.com

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

 # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
 # error, crit, alert, emerg.
 # It is also possible to configure the loglevel for particular
 # modules, e.g.
 #LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

 # For most configuration files from conf-available/, which are
 # enabled or disabled at a global level, it is possible to
 # include a line for only one particular virtual host. For example the
 # following line enables the CGI configuration for this host only
 # after it has been globally disabled with "a2disconf".
 #Include conf-available/serve-cgi-bin.conf

Also, I ran 'certbot install --cert-name 8teeth.com' and got this error:

ubuntu@ip-172-26-1-129:~$ certbot install --cert-name 8teeth.com
The following error was encountered:
[Errno 13] Permission denied: '/var/log/letsencrypt/.certbot.lock'
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/certbot-log-2wh_jg5i/
log or re-run Certbot with -v for more details.
ubuntu@ip-172-26-1-129:~$

So I ran 'sudo certbot install --cert-name 8teeth.com' and got this output:

ubuntu@ip-172-26-1-129:~$ sudo certbot install --cert-name 8teeth.com
 Saving debug log to /var/log/letsencrypt/letsencrypt.log
 Deploying certificate
 Some rewrite rules copied from /etc/apache2/sites-enabled/000-default.conf were disabled in the vhost for your HTTPS 
 site located at /etc/apache2/sites-available/000-default-le-ssl.conf because they have the potential to create redire
 ction loops.
 Could not install certificate
 Could not reverse map the HTTPS VirtualHost to the original
 Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letse
 ncrypt.log or re-run Certbot with -v for more details.
 ubuntu@ip-172-26-1-129:~$

Perhaps I should ask your suggestions for the contents of '/etc/apache2/sites-available/000-default-le-ssl.conf'

rg305 · November 29, 2023, 11:34am

That file seems useless.
I would delete it and retry:

rg305 · November 29, 2023, 11:35am

benaustralia:

Below is /etc/apache2/sites-enabled/000-default.conf updated as you suggested (only your code):

<VirtualHost *:80>
ServerName 8teeth.com
ServerAlias www.8teeth.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{HTTP_HOST} ^8teeth.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.8teeth.com$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

What happened to the indentation? - LOL

rg305:

Should look like this:

<VirtualHost *:80>
    ServerName 8teeth.com
    ServerAlias www.8teeth.com
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^8teeth.com$ [OR]
    RewriteCond %{HTTP_HOST} ^www.8teeth.com$
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

benaustralia · November 29, 2023, 11:48am

Not sure what happened with my cutting and pastingness, but it looks like this:

benaustralia · November 29, 2023, 11:52am

Seems much more successful:

ubuntu@ip-172-26-1-129:~$ sudo certbot install --cert-name 8teeth.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Deploying certificate
Some rewrite rules copied from /etc/apache2/sites-enabled/000-default.conf were disabled in
 the vhost for your HTTPS site located at /etc/apache2/sites-available/000-default-le-ssl.c
onf because they have the potential to create redirection loops.
Successfully deployed certificate for 8teeth.com to /etc/apache2/sites-available/000-defaul
t-le-ssl.conf
Successfully deployed certificate for www.8teeth.com to /etc/apache2/sites-available/000-de
fault-le-ssl.conf
Added an HTTP->HTTPS rewrite in addition to other RewriteRules; you may wish to check for o
verall consistency.

benaustralia · November 29, 2023, 11:56am

This is the debug test:

Maybe time to ask AWS?

rg305 · November 29, 2023, 12:27pm

That looks good.
What shows?:
sudo apachectl -t -D DUMP_VHOSTS

rg305 · November 29, 2023, 12:30pm

HTTP is being allowed and correctly redirected.
HTTPS, however, is not allowed.
AWS should have "access rules" that need to be adjusted accordingly.

benaustralia · November 29, 2023, 12:31pm

VirtualHost configuration:
*:443                  8teeth.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80                   8teeth.com (/etc/apache2/sites-enabled/000-default.conf:1)

rg305 · November 29, 2023, 12:32pm

That looks better

Topic		Replies	Views
Could not reverse map the HTTPS VirtualHost to the original Help	19	8133	August 29, 2018
Bug: Could not reverse map the HTTPS VirtualHost to the original Help	29	1875	July 23, 2019
Could not reverse map the HTTPS VirtualHost to the original Help	7	454	November 13, 2023
Could not reverse map the HTTPS VirtualHost to the original : Ubuntu 18.04.1 LTS (BIONIC) Help	23	3056	December 13, 2018
Failed redirect Help	55	3047	November 14, 2021

Could not reverse map the HTTPS VirtualHost to the original

certbot install --cert-name 8teeth.com

Related topics

`certbot install --cert-name 8teeth.com`