Getting error when trying to add SSL cert "ValueError: Unable to set value to path!"

My domain is: peaksplace.buzz

I ran this command: certbot --apache

It produced this output:
Which names would you like to activate HTTPS for?


1: peaksplace.buzz
2: site.peaksplace.buzz


Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):


You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/site.peaksplace.buzz.conf)

It contains these names: site.peaksplace.buzz

You requested these names for the new certificate: peaksplace.buzz,
site.peaksplace.buzz.

Do you want to expand and replace this existing certificate with the new
certificate?


(E)xpand/(C)ancel: e
Renewing an existing certificate for peaksplace.buzz and site.peaksplace.buzz

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/site.peaksplace.buzz/fullchain.pem
Key is saved at: /etc/letsencrypt/live/site.peaksplace.buzz/privkey.pem
This certificate expires on 2023-06-13.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Some rewrite rules copied from /etc/apache2/sites-enabled/place.conf were disabled in the vhost for your HTTPS site located at /etc/apache2/sites-available/place-le-ssl.conf because they have the potential to create redirection loops.
Successfully deployed certificate for peaksplace.buzz to /etc/apache2/sites-available/place-le-ssl.conf
Could not install certificate
An unexpected error occurred:
ValueError: Unable to set value to path!

My web server is (include version): Apache

The operating system my web server runs on is (include version): Ubuntu 22.04.2 LTS x86_64

My hosting provider, if applicable, is: Oracle Cloud

I can login to a root shell on my machine: yes

I'm using a control panel to manage my site: no, using PuTTY to SSH in

The version of my client is: certbot 1.21.0

Note: This is my first time setting a site up (or any server using a command line), so there is a good chance I messed something up, sorry if I don't understand something at first

Note #2: I have to go to bed right now, so I might not respond for a few hours

Could you please post the output of:

sudo apachectl -t -D DUMP_VHOSTS
4 Likes

I was able to fix the issue in my post, but now I am getting another error:

Failed redirect for peaksplace.buzz
Unable to set the redirect enhancement for peaksplace.buzz.

NEXT STEPS:
- The certificate was saved, but could not be installed (installer: apache). After fixing the error shown below, try installing it again by running:
  certbot install --cert-name site.peaksplace.buzz

Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection

Is that error message not clear enough?

3 Likes

It is as clear as muddy water to me, as I have stated I am just starting and this is my first project. I am asking how I would fix that error, feel free to respond if you have any actual advice one what to do, otherwises have a good day.

When you setup a website you need to also declare all the names it will respond to in your configuration. If you imagine having a webserver with 100 sites, you need something to match domain names to the site configuration (e.g. where the website files are kept and what SSL configuration to use etc). In Apache this is called a VirtualHost or vhost. VirtualHost Examples - Apache HTTP Server Version 2.4

5 Likes

I already did the vhost, but I did it for port 80, should I also add it for port 443?

Please show output of:

sudo apachectl -t -D DUMP_VHOSTS
3 Likes

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 site.peaksplace.buzz (/etc/apache2/sites-enabled/place-le-ssl.conf:2)
*:80 is a NameVirtualHost
default server peaksplace.buzz (/etc/apache2/sites-enabled/place-le-ssl.conf:17)
port 80 namevhost peaksplace.buzz (/etc/apache2/sites-enabled/place-le-ssl.conf:17)
alias peaksplace.buzz
port 80 namevhost peaksplace.buzz (/etc/apache2/sites-enabled/place.conf:1)
alias peaksplace.buzz
port 80 namevhost site.peaksplace.buzz (/etc/apache2/sites-enabled/place.conf:13)
alias site.peaksplace.buzz

Good chance I didn't format the vhost stuff correctly

I see two problems there:

  • the aliases are repeating the original name [they add nothing]
    Where is the "www"? [maybe that would be a better alias]

  • the two HTTP server blocks are redundant [defining the same name:port creates an overlap]
    [unfortunately Apache does not stop one, nor even warn one, from such an occurrence]

4 Likes

Ok, I picked up the code from some random tutorial somewhere and wasn't quite sure how to format it correctly, thanks for that.

2 Likes

Your server name should be peaksplace.buzz and your alias should be site.peaksplace.buzz that way both names will be matched to the same site. You need to remove the duplicate block in your apache .conf file.

That way, the certificate can be automatically matched to your site name. Currently <anything>.peaksplace.buzz gets to your server because of DNS, but your config is only mentioning the one domain so certbot can't match it.

4 Likes

I did this and now my vhost file is looking like this:

<VirtualHost *:80>
 ServerAdmin webmaster@localhost
 ServerName peaksplace.buzz
 ServerAlias www.peaksplace.buzz
 DocumentRoot /var/www/place
 ErrorLog ${APACHE_LOG_DIR}/error.log
 CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

But now I am getting this error

certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
  Domain: peaksplace.buzz
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up A for peaksplace.buzz - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up
AAAA for peaksplace.buzz - check that a DNS record exists for this domain
  Domain: www.peaksplace.buzz
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up A for www.peaksplace.buzz - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.peaksplace.buzz - check that a DNS record exists for this domain
Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

I am 98% sure I setup my DNS records correctly, and I followed a working tutorial word for word on getting apache up. Any ideas on what's going on? Sorry if I have a dumb obvious mistake, I am still learning, pls be patient, and thanks in advance :slight_smile:

And I am pretty sure it isn't right :slight_smile: Although, it's wrong in an unusual way that I have not seen before so maybe some other volunteer who has good DNS expertise will offer help. rg305 is one such person and he often checks in late nights (so maybe an hour or so from now)

In the meantime, the dnsviz website shows a picture of your DNS with the NSEC3 proving non-existence of your domain. That's an odd config.
https://dnsviz.net/d/peaksplace.buzz/dnssec/

Another helpful tool is unboundtest.com. It looks up DNS records similar to how Let's Encrypt servers do it. It's a way to test your DNS without doing actual cert requests. Which, if you don't use the staging system can result in you getting rate limited.
https://unboundtest.com/

3 Likes

Where?
How?

The .buzz authoritative DNS servers don't seem to know anything about your domain.

nslookup -q=ns peaksplace.buzz a.nic.buzz
can't find peaksplace.buzz: Non-existent domain
3 Likes

I do know the answer to the questions I asked, but they need to be asked; So you (and possibly some other readers) can maybe learn a little bit about how DNS works.
[spolier alert: PorkBun has dropped the ball]

So, let's please go through the motions [indulge me, if you will].

3 Likes

I added the DNS records through porkbuns built in DNS management which has worked in the past for me (a few days ago, I reset it tho because of another problem which has been fixed) there is a chance I added them wrongly, I'll try to get a screenshot of it though, give me a few minutes

I think I realized the problem, it originally comes with an automatically applied record for a parked domain page, which I deleted, but it appears it didn't get fully deleted, so there are two records for the same thing, which would make a ton of sense on why it's broken lol, sorry about that, I thought I had been deleted but I guess it didn't save properly or something

Well, the "www" seems to have been done correctly.
But the base domain has no IP.

That said, PorkBun hasn't properly update the information for your newly registered domain.
So, the .buzz authoritative servers know nothing about your domain.

4 Likes