Failed redirect for deutsche-dienstrad.de Unable to set the redirect enhancement for deutsche-dienstrad.de

My domain is: deutsche-dienstrad.de

I ran this command: sudo certbot

It produced this output:

Deploying certificate

Successfully deployed certificate for deutsche-dienstrad.de to /etc/apache2/sites-enabled/000-default-le-ssl.conf

Successfully deployed certificate for api.deutsche-dienstrad.de to /etc/apache2/sites-enabled/000-default-le-ssl.conf

Successfully deployed certificate for jobbike-bayern.deutsche-dienstrad.de to /etc/apache2/sites-enabled/000-default-le-ssl.conf

Successfully deployed certificate for rheinland-pfalz.deutsche-dienstrad.de to /etc/apache2/sites-enabled/000-default-le-ssl.conf

Successfully deployed certificate for rlp.deutsche-dienstrad.de to /etc/apache2/sites-enabled/000-default-le-ssl.conf

Successfully deployed certificate for www.deutsche-dienstrad.de to /etc/apache2/sites-enabled/000-default-le-ssl.conf

Successfully deployed certificate for jobbike-bayern.de to /etc/apache2/sites-enabled/000-default-le-ssl.conf

Successfully deployed certificate for www.jobbike-bayern.de to /etc/apache2/sites-enabled/000-default-le-ssl.conf

Successfully deployed certificate for rlp.deutsche-dienstrad.medienreaktor-kunden.de to /etc/apache2/sites-enabled/000-default-le-ssl.conf

Failed redirect for deutsche-dienstrad.de

Unable to set the redirect enhancement for deutsche-dienstrad.de.

NEXT STEPS:

  • The certificate was saved, but could not be installed (installer: apache). After fixing the error shown below, try installing it again by running:

certbot install --cert-name deutsche-dienstrad.de

Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection

My web server is (include version): apache2 2.4.52

The operating system my web server runs on is (include version): Ubuntu 22.04.5

My hosting provider, if applicable, is: digital ocean

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 3.1.0

Hey guys, I am getting this error. I don't understand it, because there are redirects and a corresponding vhost in my apache configuration. What exactly is the problem?

Welcome @robinroloff

I am guessing it is because Certbot created (or updated?) VirtualHosts for port 443 with the new certificates. When it does that it assumes a "fresh" install so tries updating the port 80 VirtualHost with the redirect. But, those seem to already be in place so Certbot says it cannot do it. Which is right ... it wouldn't want to change something you had done manually.

Both HTTP and HTTPS requests to your domain work fine.

Instead of guessing we could look more at your Apache config. I don't know that there is much value given it looks to be working right. But, to start please show output of:

sudo apache2ctl -t -D DUMP_VHOSTS

And the contents of this file

/etc/apache2/sites-enabled/000-default-le-ssl.conf
2 Likes

Hey @MikeMcQ,

this could definitely be true.

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.19.0.48. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443                  deutsche-dienstrad.de (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80                   deutsche-dienstrad.de (/etc/apache2/sites-enabled/000-default.conf:1)

this is the output of the command.


<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerAdmin webmaster@localhost
        ServerName deutsche-dienstrad.de
	ServerAlias www.deutsche-dienstrad.de
	ServerAlias rlp.deutsche-dienstrad.de
        ServerAlias rlp.deutsche-dienstrad.medienreaktor-kunden.de
	ServerAlias jobbike-bayern.deutsche-dienstrad.de
	ServerAlias jobbike-bayern.de
	ServerAlias www.jobbike-bayern.de
	ServerAlias rheinland-pfalz.deutsche-dienstrad.de
	ServerAlias api.deutsche-dienstrad.de
        DocumentRoot /var/www/neos/Web
        <Directory /var/www/neos/Web/>
	Options Indexes FollowSymLinks
	AllowOverride All
	Require all granted
        </Directory>
        ErrorLog /error.log
        CustomLog /access.log combined
        ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/neos/Web/
        <IfModule mod_dir.c>
            DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
        </IfModule>

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/deutsche-dienstrad.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/deutsche-dienstrad.de/privkey.pem
</VirtualHost>
</IfModule>

And this is the content of my file. So what do I do now? Should I just delete the 000-default.conf and rerun it?

Please also now show contents of this file. I think you can just ignore that warning message but want to be sure once I see contents of this one too. Thanks

1 Like

This is the content:

    <VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName deutsche-dienstrad.de
        ServerAlias www.deutsche-dienstrad.de
        DocumentRoot /var/www/neos/Web
        ServerAlias jobbike-bayern.deutsche-dienstrad.de
        ServerAlias rheinland-pfalz.deutsche-dienstrad.de
	ServerAlias jobbike-bayern.de
        ServerAlias rlp.deutsche-dienstrad.medienreaktor-kunden.de
	ServerAlias www.jobbike-bayern.de
        ServerAlias api.deutsche-dienstrad.de
        <Directory /var/www/neos/Web/>
	        Options Indexes FollowSymLinks
        	AllowOverride All
        	Require all granted
        </Directory>
        ErrorLog /error.log
        CustomLog /access.log combined
        ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/neos/Web/
        <IfModule mod_dir.c>
            DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm
        </IfModule>
    </VirtualHost>

Sadly, I can't ignore it, as it results in automatic renewing not working

I am pretty sure the automatic redirect install failed because of the mismatch in ServerAlias names. You requested and got a cert which also included rlp.deutsche-dienstrad.de which is in your HTTPS VirtualHost now but was not listed in the HTTP (port 80) VHost.

Since your HTTPS (port 443) server block has all the right config you could manually change your port 80 server block to look like this:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName deutsche-dienstrad.de
    ServerAlias www.deutsche-dienstrad.de
    ServerAlias rlp.deutsche-dienstrad.de
    ServerAlias rlp.deutsche-dienstrad.medienreaktor-kunden.de
    ServerAlias jobbike-bayern.deutsche-dienstrad.de
    ServerAlias jobbike-bayern.de
    ServerAlias www.jobbike-bayern.de
    ServerAlias rheinland-pfalz.deutsche-dienstrad.de
    ServerAlias api.deutsche-dienstrad.de
    DocumentRoot /var/www/neos/Web
    <Directory /var/www/neos/Web/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
    ErrorLog /error.log
    CustomLog /access.log combined

   # Redirect to HTTPS, except for ACME challenge (future use)
   RewriteEngine On
   RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
   RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
2 Likes