Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: theboilingfrog.net
I ran this command: sudo certbot certonly --apache -v
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('There has been an error in parsing the file /etc/apache2/sites-enabled/frog-le-ssl.conf on line 35: Syntax error')
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version):
Server version: Apache/2.4.38 (Debian)
Server built: 2021-12-21T16:50:43
The operating system my web server runs on is (include version):
debian 10
My hosting provider, if applicable, is: hostwinds.com (VPS)
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.26.0
Great idea on prompting people to provide info via a template. I wish more sites did that.
Additional info: I have my apache sites configured through pairs of files in /etc/apache2/sites-enabled. For example, frog.conf and frog-le-ssl.conf.
The first file, frog.conf, handles the redirect to https:
<VirtualHost *:80>
ServerName theboilingfrog.net
ServerAlias www.theboilingfrog.net
Redirect permanent / https://www.theboilingfrog.net/
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.theboilingfrog.net [OR]
RewriteCond %{SERVER_NAME} =theboilingfrog.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
The second file handles everything else, including referencing the letsencrypt certificate:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin mark@arcabama.com
ServerName theboilingfrog.net
ServerAlias www.theboilingfrog.net
DocumentRoot /var/www/theboilingfrog.net/frog/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/theboilingfrog.net/frog/public_html>
Require all granted
# Allow local .htaccess to override Apache configuration settings
AllowOverride all
</Directory>
# Enable RewriteEngine (disabled 8/27/2021 because caused error)
RewriteEngine on
RewriteOptions inherit
# Block .svn, .git
RewriteRule \.(svn|git)(/)?$ - [F]
# Recommended: XSS protection
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
</IfModule>
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias mail.theboilingfrog.net
SSLCertificateFile /etc/letsencrypt/live/theboilingfrog.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/theboilingfrog.net/privkey.pem
</VirtualHost>
I'm unclear of why this approach was used (I was following instructions on installing multiple wordpress sites on a single debian 10 LAMP setup). I'm happy to use a different approach.
