Could not reverse map the HTTPS VirtualHost to the original

Good morning. I have tried to get Let’s Encrypt SSLs via Certbot three times with three different server installs running every possible recommended configuration I can imagine or find via web.

I have tried using the various solutions given in here for the same error including creating my own example-ssl.conf files w/symlinks resulting in the inability for apache to restart. I am out of options… thus the need to create a new thread.

My domains are:
getcastlerock.com
tokolyphoto.com
truxitup.com

I ran this command: sudo certbot --apache
It produced this output: Could not reverse map the HTTPS VirtualHost to the original IMPORTANT NOTES:

  • Unable to install the certificate
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/getcastlerock.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/getcastlerock.com/privkey.pem
    My web server is (include version): Apache/2.4.34 (Ubuntu)
    The operating system my web server runs on is (include version): Ubuntu 18.10 (Cosmic Cuttlefish)
    I can login to a root shell on my machine (yes or no, or I don’t know): Yes
    I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

/etc/apache2/sites-available

drwxr-xr-x 2 root root 4096 Apr 29 09:52 .
drwxr-xr-x 8 root root 4096 Apr 29 09:52 …
-rw-r–r-- 1 root root 1332 Aug 3 2018 000-default.conf
-rw-r–r-- 1 root root 6354 Apr 26 18:03 default-ssl.conf
-rw-r–r-- 1 root root 1083 Apr 29 09:49 getcastlerock.conf
-rw-r–r-- 1 root root 997 Apr 26 11:18 tokoly.conf
-rw-r–r-- 1 root root 1069 Apr 29 09:48 tokolyphoto.conf
-rw-r–r-- 1 root root 510 Apr 26 17:28 truxitup.conf

NOTE Above… no example-ssl.conf files were created.

Virtual Host File:

<VirtualHost *:80>
ServerName tokolyphoto.com
ServerAlias www.tokolyphoto.com
DocumentRoot /var/www/html/tokolyphoto.com/public_html
<Directory /var/www/html/tokolyphoto.com/public_html>
Options Indexes FollowSymLinks
Require all granted
AllowOverride all


Header set X-XSS-Protection “1; mode=block”
Header always append X-Frame-Options SAMEORIGIN

UFW Status:

o Action From


443/tcp ALLOW Anywhere
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
Apache Full ALLOW Anywhere
OpenSSH ALLOW Anywhere
443/tcp (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)

          total        used        free      shared  buff/cache   available

Mem: 3.9Gi 366Mi 2.7Gi 57Mi 800Mi 3.2Gi
Swap: 2.0Gi 0B 2.0Gi

Running Fail2ban

Setup LAMP Stack with taskel


Please let me know what additional info I can provide to troubleshoot this error.

Thanks in advance! -Braden

Hi @btokoly

what says

apachectl configtest
apachectl fullstatus
apachectl -S

apachectl configtest
Syntax OK

apachectl fullstatus
/usr/sbin/apachectl: 113: /usr/sbin/apachectl: www-browser: not found

‘www-browser -dump http://localhost:80/server-status’ failed.

Maybe you need to install a package providing www-browser or you

need to adjust the APACHE_LYNX variable in /etc/apache2/envvars

apachectl -S
VirtualHost configuration:
*:80 is a NameVirtualHost
default server getcastlerock.com (/etc/apache2/sites-enabled/getcastlerock.conf:1)
port 80 namevhost getcastlerock.com (/etc/apache2/sites-enabled/getcastlerock.conf:1)
alias www.getcastlerock.com
port 80 namevhost tokolyphoto.com (/etc/apache2/sites-enabled/tokolyphoto.conf:1)
alias www.tokolyphoto.com
port 80 namevhost truxitup.com (/etc/apache2/sites-enabled/truxitup.conf:1)
alias www.truxitup.com
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33 not_used
Group: name=“www-data” id=33 not_used

sudo apt-get install lynx
apachectl fullstatus
www-browser -dump http://localhost:80/server-status' failed.

Maybe you need to install a package providing www-browser or you

need to adjust the APACHE_LYNX variable in /etc/apache2/envvars

sudo service apache2 status

● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset:
Active: active (running) since Mon 2019-04-29 09:36:07 CDT; 1h 36min ago
Process: 4856 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/S
Main PID: 835 (apache2)
Tasks: 23 (limit: 4659)
Memory: 177.2M
CGroup: /system.slice/apache2.service
├─ 835 /usr/sbin/apache2 -k start
├─4861 /usr/sbin/apache2 -k start
├─4862 /usr/sbin/apache2 -k start
├─4863 /usr/sbin/apache2 -k start
├─4864 /usr/sbin/apache2 -k start
├─4865 /usr/sbin/apache2 -k start
├─4866 /usr/sbin/apache2 -k start
├─4867 /usr/sbin/apache2 -k start
├─4868 /usr/sbin/apache2 -k start
├─4869 /usr/sbin/apache2 -k start
├─4870 /usr/sbin/apache2 -k start
├─4877 /usr/sbin/apache2 -k start
├─4878 /usr/sbin/apache2 -k start
├─4879 /usr/sbin/apache2 -k start

Resolved above error:

sudo apt-get install links

Now:
apachectl fullstatus

Castle Rock Renovations

Website: In the works!

However, it did not fix the problem... can we further troubleshoot?

Thanks! -Braden

I’m about to wipe this server and start over. I’m just guessing that the problem I’m having has something to do with the fact I’m using Ubuntu 18.10 or that I did a quick LAMP install with unknown taskel configurations (or a combination there of).

Can anyone give me some last thoughts or advise on this? I’m surprised I have not received more responses for support / troubleshooting.

Thanks. -Braden

There are other threads with the same message.

The problem was that in sites-enabled/mysite.com (or in other one, or in htaccess too) there was forced redirection from non-https to https version (using RewriteRule ^ ..... ) . So, while site is till not using HTTPS, that forced redirection makes the problem, comment those lines before your site has SSL.

You have one certificate with three domains and six domain names.

That may be part of the problem.

The easier situation:

One port 80 vHost per domain.

One certificate per domain with non-www and www, so Certbot can create one vHost per domain.

“There are other threads with the same message.”
Again, I have read these other threads and they are either non applicable to my setup/configuration or I tried to replicate their solutions without success. The Digital Ocean thread you quoted is not applicable as my VirtualHost config already has all RewriteRules commented out. Please correct me if I am wrong on this.

“You have one certificate with three domains and six domain names.”
I selected all 6 domains as per instructions… why would only one certificate have been created? Again, why was did Certbot not create -ssl.conf files for each domain… for any domain?

“One port 80 vHost per domain.
One certificate per domain with non-www and www, so Certbot can create one vHost per domain.”

I have a separate port 80 VirtualHost .conf file for each domain.
-rw-r–r-- 1 root root 1083 Apr 29 09:49 getcastlerock.conf
-rw-r–r-- 1 root root 1069 Apr 29 09:48 tokolyphoto.conf
-rw-r–r-- 1 root root 510 Apr 26 17:28 truxitup.conf

Each website is live and running.

I am admittedly new to this and would appreciate any further elaboration on your above suggestions. What am I missing?

Thanks. -Braden

Looks like you have used the wrong command.

If you start certbot manual and confirm "All certificates", then this command is wrong.

Check

https://certbot.eff.org/docs/using.html

and use something like

certbot -d example.com -d www.example.com

to create one certificate per vHost.

Run:
sudo certbot --apache -d truxitup.com -d www.truxitup.com

Result:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Could not reverse map the HTTPS VirtualHost to the original

IMPORTANT NOTES:

  • Unable to install the certificate
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/truxitup.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/truxitup.com/privkey.pem
    Your cert will expire on 2019-07-29. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

NOTE: still no truxitup-ssl.conf file added

Are both truxitup.com and www.truxitup.com is the same existing HTTP virtualhost (without any other names on that virtualhost)?

Yes.

<VirtualHost *:80>
ServerName truxitup.com
ServerAlias www.truxitup.com

no other names on this virtualhost

What happens if you use webroot?

certbot run -a webroot -i apache -w webrootOfThatHost -d www.truxitup.com -d truxitup.com

PS: How old ist your certbot?

certbot --version

I have decided to wipe the server and start over with Ubuntu 18.04 LTS. I will update this thread once I am up and running… hopefully with a better outcome.

Thanks. - Braden

Question: Could my problem (detailed above) specifically the issue with the -ssl.conf files not being created be due to my directory structure?

I’ve been using the structure (recommended by Linode) when running multiple sites:
/var/www/html/example1.com/public_html

However, I’ve found a different directory structure (suggested by Digital Ocean):
/var/www/example.com/html/index.html

Which should I use? Does it even matter? (Just trying to leave no stone unturned this time)

Thanks!
-Braden

UPDATE:

  • I created a new server (Ubuntu 18.04 LTS)
  • LAMP stack via tasksel
  • sudo certbot --apache certonly (certification created successfully / no errors)
  • certbot --apache -d truxitup.com -d www.truxitup.com (successfully enabled)

I believe the problem was with Ubuntu 18.10 but, I cannot be sure.

Regardless, thanks again for the support!
-Braden

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.