Getting 500 Internal Server Error After Creating a Certificate

Greetings. I'm beginner so please bear with me.

I'm receiving "500 Internal Server Error " after creating a certificate. I've rechecked many things to ensure I have https allowed, etc. My suspicion is the unwise decision when I choose Ubuntu 19.04, which is not listed on certbot.eff.org. The site shows https in the search bar but just cannot figure out what's wrong in the site showing 500 error. Thanks for any help.

My domain is: www.wijahati.com

I ran this command: sudo certbot certificates

It produced this output:

Found the following certs:
Certificate Name: www.wijahati.com
Domains: www.wijahati.com
Expiry Date: 2020-01-16 11:01:32+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.wijahati.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.wijahati.com/privkey.pem

My web server is (include version): Apache/2.4.38 (Ubuntu)

The operating system my web server runs on is (include version):

Distributor ID: Ubuntu
Description: Ubuntu 19.04
Release: 19.04
Codename: disco

My hosting provider, if applicable, is: linode

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

Hi @Fawaz

there is a check of your domain, ~1 hour old - wijahati.com - Make your website better - DNS, redirects, mixed content, certificates

Looks bad, but not really.

First, you have created the wrong certificate:

CN=www.wijahati.com
	18.10.2019
	16.01.2020
expires in 90 days	www.wijahati.com - 1 entry

Both dns entries (non-www and www) are defined, so you should use a certificate with both domain names.

But good: Certificate creation has worked.

The http part looks good.

So first step: Check / Fix your http vHosts. Share the output of

apachectl -S

Thanks for the feedback @JuergenAuer.

~1 hour old
Because I set it up yesterday, maybe that's why.

 apachectl -S

AH00526: Syntax error on line 56 of /etc/apache2/sites-enabled/apache_crm-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/www.wijahati.com/fullchain.pem' does not exist or is empty
Action '-S' failed.
The Apache error log may have more information.

Run it as root or sudo.

@JuergenAuer

sudo apachectl -S

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.105.74.207. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443                  www.wijahati.com (/etc/apache2/sites-enabled/apache_crm-le-ssl.conf:2)
*:80                   www.wijahati.com (/etc/apache2/sites-enabled/apache_crm.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

What's the content of

Add

ServerName www.wijahati.com
ServerAlias wijahati.com

Disable the not working port 443.

Recheck with apachectl -S

Then create one certificate with both domain names:

certbot --apache -d www.wijahati.com -d wijahati.com

Certbot should create a correct port 443 vHost.

@JuergenAuer

It’s already there. (Does the order matter?)

/etc/apache2/sites-enabled $ sudo cat apache_crm.conf

<VirtualHost *:80>

# The ServerName directive sets the request scheme, hostname and port that

# the server uses to identify itself. This is used when creating

# redirection URLs. In the context of virtual hosts, the ServerName

# specifies what hostname must appear in the request's Host: header to

# match this virtual host. For the default virtual host (this file) this

# value is not decisive as it is used as a last resort host regardless.

# However, you must set it for any further virtual host explicitly.

ServerName www.wijahati.com

ServerAdmin webmaster@localhost

ServerAlias wijahati.com

DocumentRoot /var/www/html

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,

# error, crit, alert, emerg.

# It is also possible to configure the loglevel for particular

# modules, e.g.

#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log

CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are

# enabled or disabled at a global level, it is possible to

# include a line for only one particular virtual host. For example the

# following line enables the CGI configuration for this host only

# after it has been globally disabled with "a2disconf".

#Include conf-available/serve-cgi-bin.conf

RewriteEngine on

RewriteCond %{SERVER_NAME} =www.wijahati.com

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet 

Can you please walk me how to disable it?

Check your non www - http://wijahati.com/

There is the standard Apache page, there are the commands - a2ensite, a2dissite

Then create one certificate with both domain names.

/etc/apache2/sites-enabled $ sudo a2dissite apache_crm-le-ssl.conf

Site apache_crm-le-ssl disabled.
To activate the new configuration, you need to run:
  systemctl reload apache2

/etc/apache2/sites-enabled $ sudo apachectl -S

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.105.74.207. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80                   www.wijahati.com (/etc/apache2/sites-enabled/apache_crm.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
Mutex watchdog-callback: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

**/etc/apache2/sites-enabled** $ sudo certbot --apache -d www.wijahati.com -d wijahati.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator apache, Installer apache

Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.

(ref: /etc/letsencrypt/renewal/www.wijahati.com.conf)

What would you like to do?

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

1: Attempt to reinstall this existing certificate

2: Renew & replace the cert (limit ~5 per 7 days)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1

Keeping the existing certificate

Created an SSL vhost at /etc/apache2/sites-available/apache_crm-le-ssl.conf

Deploying Certificate to VirtualHost /etc/apache2/sites-available/apache_crm-le-ssl.conf

Enabling available site: /etc/apache2/sites-available/apache_crm-le-ssl.conf

Deploying Certificate to VirtualHost /etc/apache2/sites-available/apache_crm-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

1: No redirect - Make no further changes to the webserver configuration.

2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for

new sites, or if you're confident your site works on HTTPS. You can undo this

change by editing your web server's configuration.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Enhancement redirect was already set.

Enhancement redirect was already set.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations! You have successfully enabled https://www.wijahati.com and

https://wijahati.com

You should test your configuration at:

https://www.ssllabs.com/ssltest/analyze.html?d=www.wijahati.com

https://www.ssllabs.com/ssltest/analyze.html?d=wijahati.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

**IMPORTANT NOTES:**

 - Congratulations! Your certificate and chain have been saved at:

/etc/letsencrypt/live/www.wijahati.com/fullchain.pem

Your key file has been saved at:

/etc/letsencrypt/live/www.wijahati.com/privkey.pem

Your cert will expire on 2020-01-16. To obtain a new or tweaked

version of this certificate in the future, simply run certbot again

with the "certonly" option. To non-interactively renew *all* of

your certificates, run "certbot renew"

 - Some rewrite rules copied from

/etc/apache2/sites-enabled/apache_crm.conf were disabled in the

vhost for your HTTPS site located at

/etc/apache2/sites-available/apache_crm-le-ssl.conf because they

have the potential to create redirection loops.

 - If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate

Donating to EFF: https://eff.org/donate-le

I checked the site and still getting 500 error; I restarted apache and still not working.

**/etc/apache2/sites-enabled** $ sudo service apache2 restart

then I ran:

/etc/apache2/sites-enabled$ sudo apachectl -S
    AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.105.74.207. Set the 'ServerName' directive globally to suppress this message
    VirtualHost configuration:
    *:443                  www.wijahati.com (/etc/apache2/sites-enabled/apache_crm-le-ssl.conf:2)
    *:80                   is a NameVirtualHost
             default server www.wijahati.com (/etc/apache2/sites-enabled/apache_crm-le-ssl.conf:61)
             port 80 namevhost www.wijahati.com (/etc/apache2/sites-enabled/apache_crm-le-ssl.conf:61)
                     alias wijahati.com
             port 80 namevhost www.wijahati.com (/etc/apache2/sites-enabled/apache_crm-le-ssl.conf:104)
                     alias wijahati.com
             port 80 namevhost www.wijahati.com (/etc/apache2/sites-enabled/apache_crm-le-ssl.conf:147)
                     alias wijahati.com
             port 80 namevhost www.wijahati.com (/etc/apache2/sites-enabled/apache_crm.conf:1)
                     alias wijahati.com
    ServerRoot: "/etc/apache2"
    Main DocumentRoot: "/var/www/html"
    Main ErrorLog: "/var/log/apache2/error.log"
    Mutex ssl-cache: using_defaults
    Mutex default: dir="/var/run/apache2/" mechanism=default 
    Mutex watchdog-callback: using_defaults
    Mutex rewrite-map: using_defaults
    Mutex ssl-stapling-refresh: using_defaults
    Mutex ssl-stapling: using_defaults
    PidFile: "/var/run/apache2/apache2.pid"
    Define: DUMP_VHOSTS
    Define: DUMP_RUN_CFG
    User: name="www-data" id=33
    Group: name="www-data" id=33

One

vHost with this set of domain names per port is expected, not 4.

And why are port 80 vHosts in your le-ssl file? le-ssl should only have port 443 vHosts.

First you must have a working port 80 configuration. Then start certbot.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.