Domains not working after installing Cerificates

Please help:
Issues: I am using Ubuntu 22.04 and Apache2. After installing the certificate, the domain shows Apache default home page for HTTP and shows ERR_SSL_PROTOCOL_ERROR for HTTPS.

When I run sudo apachectl -S, I got the following:

193.122.182.108:443    connexverse.com (/etc/apache2/sites-enabled/connexverse.com-le-ssl.conf:2)
193.122.182.108:80     connexverse.com (/etc/apache2/sites-enabled/connexverse.com.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33

It is clear the Main Document Root is not the one I configured in the conf file.
See below for conf files:

/etc/apache2/sites-enabled/connexverse.com.conf:

<VirtualHost connexverse.com:80>
    ServerAdmin admin@localhost
    ServerName connexverse.com
    ServerAlias www.connexverse.com
    DocumentRoot /home/jimin/mysite/        
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    Alias /static /home/jimin/static_env/static_root/
    <Directory /home/jimin/static_env/static_root/>
	Require all granted
    </Directory>

    Alias /media /home/jimin/static_env/media_root/
    <Directory /home/jimin/static_env/media_root/>
	Require all granted
    </Directory>

    <Directory /home/jimin/mysite/mysite/>
	<Files wsgi.py>
		Require all granted
	</Files>
    </Directory>

   WSGIDaemonProcess mysite python-path=/home/jimin/mysite  python-home=/home/jimin/venv
   WSGIProcessGroup mysite
   WSGIScriptAlias / /home/jimin/mysite/mysite/wsgi.py

RewriteEngine on
RewriteCond %{SERVER_NAME} =connexverse.com [OR]
RewriteCond %{SERVER_NAME} =www.connexverse.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

/etc/apache2/sites-enabled/connexverse.com-le-ssl.conf:

<IfModule mod_ssl.c>
<VirtualHost connexverse.com:443>
    ServerAdmin admin@localhost
    ServerName connexverse.com
    ServerAlias www.connexverse.com
    DocumentRoot /home/jimin/mysite/        
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    Alias /static /home/jimin/static_env/static_root/
    <Directory /home/jimin/static_env/static_root/>
	Require all granted
    </Directory>

    Alias /media /home/jimin/static_env/media_root/
    <Directory /home/jimin/static_env/media_root/>
	Require all granted
    </Directory>

    <Directory /home/jimin/mysite/mysite/>
	<Files wsgi.py>
		Require all granted
	</Files>
    </Directory>

   WSGIDaemonProcess mysites python-path=/home/jimin/mysite  python-home=/home/jimin/venv
   WSGIProcessGroup mysite
   WSGIScriptAlias / /home/jimin/mysite/mysite/wsgi.py

SSLEngine On
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/connexverse.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/connexverse.com/privkey.pem
</VirtualHost>
</IfModule>

My domain is: connexverse.com

I ran this command: sudo certbot renew --dry-run

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/connexverse.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for connexverse.com
http-01 challenge for www.connexverse.com
Waiting for verification...
Challenge failed for domain connexverse.com
Challenge failed for domain www.connexverse.com
http-01 challenge for connexverse.com
http-01 challenge for www.connexverse.com
Cleaning up challenges
Attempting to renew cert (connexverse.com) from /etc/letsencrypt/renewal/connexverse.com.conf produced an unexpected error: Some challenges have failed.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/connexverse.com/fullchain.pem (failure)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/connexverse.com/fullchain.pem (failure)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1 renew failure(s), 0 parse failure(s)

IMPORTANT NOTES:
 - The following errors were reported by the server:
    
   Domain: connexverse.com
   Type:   unauthorized
   Detail: 193.122.182.108: Invalid response from
   http://connexverse.com/.well-known/acme-challenge/vMThzepCpDD4zJgdOOc9bfjs1fE51QLTjOK7-VOWn-o:
   404

   Domain: www.connexverse.com
   Type:   unauthorized
   Detail: 193.122.182.108: Invalid response from
   http://www.connexverse.com/.well-known/acme-challenge/cH8y5sRNQQ0R-Q_6kwYohGEraEybA01tyrB9jmnbGvI:
   404

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version):

Apache2

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hi @hjm0525, and welcome to the LE community forum :slight_smile:

It seems like that is no longer your IP.
Please show the output of:
curl ifconfig.io

2 Likes

Please stop generating new certificates. I can see you've issued 4 certificates already recently: crt.sh | connexverse.com

If issuance is not the problem (clearly), but there is something else going on, you shouldn't try to re-issue the certificate and somehow think that's magically going to fix something it didn't fix 3 times before.

My guess is your Apache doesn't recognise the VirtualHost sections as it's showing the default Ubuntu Apache page on port 80 as well as port 443 using HTTP. Probably due to the fact you have your hostname hardcoded in the <VirtualHost> section.

It's probably a better idea to use <VirtualHost *:80> and <VirtualHost *:443>. Change that, reload Apache and see what it did.

5 Likes

And yet, it does show:

Agreed to that :slight_smile:

5 Likes

Yes, but Apache doesn't actually use those..

There's no HTTP to HTTPS redirect, no certificate in use and no fancy WSGI script output shown, only the default Apache page. Thus: those VirtualHost sections aren't actually used. They show up, they are configured, but not used when someone connects to it.

3 Likes

And (depending on the O/S which you failed to mention) something like:
ifconfig | grep net

4 Likes

@rg305 running ifconfig | grep net gives the following information:

    inet 10.0.0.184  netmask 255.255.255.0  broadcast 10.0.0.255
    inet6 fe80::17ff:fe11:4fae  prefixlen 64  scopeid 0x20<link>
    ether 02:00:17:11:4f:ae  txqueuelen 1000  (Ethernet)
    inet 127.0.0.1  netmask 255.0.0.0
    inet6 ::1  prefixlen 128  scopeid 0x10<host>

Well, there's your problem if you combine it with what I've mentioned ealier.

2 Likes

Running curl ifconfig.io gives me the follows.
193.122.182.108

Agreed, the vhosts are bound to an IP that is not found on the local system:

4 Likes

@Osiris

I changed to <VirtualHost *:80> and <VirtualHost *:443> . It works now. The issues is resolved. Thanks a lot.

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.