Enabling https rerouting apache freebsd certbot

My domain is: calvinundergroundpoker.com

Please ignore the red block out on the screenshots. Those were redacted to upload in a different forum.

I got to step 4 of the certbot instructions and am struggling with installing the cert. I got the pem files successfully.

I have changed httpd.conf with these two lines:
SSLCertificateFile "/pathtofile/fullchain.pem"
SSLCertificateKeyFile "/pathtofile/privatekey.pem"

And modified httpd-vhosts like so:

It still isn't redirecting to the https site. Any suggestions? Yes I did resart apache after the changes...

My web server is (include version): Apache 2.4.46

The operating system my web server runs on is (include version): FreeBSD 11.4-RELEASE in freenas

My hosting provider, if applicable, is: google domains

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.10.1

Did you reload your Apache? Any configuration change to the Apache configuration files are only active after a reload or restart.

yes I did. I ran service apache24 resart. Would this be a port forwarding issue? I'm forwarding port 80 and port 443 traffic in my router to the ip of my apache instance

I don't think so, I'm getting a "Connection refused":

curl: (7) Failed to connect to calvinundergroundpoker.com port 443: Connection refused

This usually means the packets are getting through to the server, but there isn't any service listening on port 443.

Did you, besides the VirtualHost, also add a Listen 443 in your Apache configuration? Without it, it won't listen on port 443, even if you add a port 443 VirtualHost.

I added Listen 443 below the Listen 80 line and ServerName calvinundergroundpoker.com:443 below the line with ServerName calvinundergroundpoker.com:80 in httpd.conf and restarted and no luck. httpd-ssl.conf is also listening on port 443

Neither of those sounds right.
Please show the modified file.

Hostnames don't use port numbers:

Change that to just one line:
ServerName calvinundergroundpoker.com

Please show the output of:
apachectl -S

1 Like

Alright. I was just following the default values in the file that they give you. They had it with the port number after the hostname...

I changed those two lines to ServerName calvinundergroundpoker.com

Here's the output of apachectl -S

Restarted and still isn't redirecting to the https site...

It seems that your httpd-vhosts.conf file isn't being used.
Please show the output of:
grep -Ei 'include|servername|listen|config|ssl|virtual|root' /etc/httpd/httpd.conf

[if file not found in /etc/httpd/, then replace that with your actual file location]
If you don't know exactly where that file is, try:
find / -name httpd.conf

The file is in a different directory than you specified so I modified it and ran
grep -Ei 'grep -Ei 'include|servername|listen|config|ssl|virtual|root' /usr/local/etc/apache24/httpd.conf >> file.txt and got this output:

I see lines in the 60s range are commented out including line 62. Is that my problem?

That is a definite deal-breaker.
Your code is mainly in line 62 - and that is excluded from the main config.

I uncommented the line with
#Include blablah httpd.vhosts.conf, restarted apache, and got this error:
root@poker service apache24 restart Performing sanity check on apache24 configuration: Syntax OK Stopping apache24. Waiting for PIDS: 71338. Performing sanity check on apache24 configuration: Syntax OK Starting apache24. /usr/local/etc/rc.d/apache24: WARNING: failed to start apache24 root@poker apache24 #

Is there anything else I need to uncomment out to get this to work?

I can't say for certain without seeing the entire file:

And be sure the included line #62 has a slash before etc

1 Like

At some point these ports will need some attention.

80/tcp  filtered http
443/tcp filtered https

1 Like

Here's a link to a folder with a copy of my conf files. Hopefully seeing the whole file helps.

Restarting the service with the files as they are in the folder renders this output:

I'm not sure why its throwing an error since I'm only listening on port 443 in the ssl config file...

Your image explains the issue for you.
You have a "Listen 443" in httpd-ssl.conf.txt


And you also have another "Listen 443" directive in httpd.conf.txt


One should be removed or "#commented out". Personally, I like to keep similar, or related directives close in the same file.


Okay. Commented one out. Here's what I get. The files in the folder here have been updated

Why not look to see if another apache is running or possibly not totally stopped...

ps aux | grep "apache2"

1 Like