How to use certbot with <VirtualHost *:8080>

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: blog.ondata.it

I ran this command: sudo certbot --apache

It produced this output: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80

My web server is (include version): Apache/2.4.25 (Debian)

The operating system my web server runs on is (include version): Debian 9

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): webmin 1.983

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.28.0

Hy,
this is a part of my apache config

<VirtualHost *:8080>
SuexecUserGroup "#1000" "#1000"
ServerName wp.ondata.it

# Server aliases for wordpress multisite domain mapping
ServerAlias blog.ondata.it
#

I would like to use certbot for my ServerAlias site, blog.ondata.it. It's a site inside wordpress multisite.

How to use certbot client to do it?

Thank you

Hi @aborruso and welcome to the LE community forum :slight_smile:

Even though you have root access (and could do much of this manually), I see that you are using webmin, and as such, I would recommend looking within that program/menus for a way to enable SSL on your site first.

3 Likes

If webmin is not capable of handling the SSL, then we would have to begin at the beginning...

  • Have you ever created a HTTPS (secure) site?
  • How comfortable are you with creating HTTP (insecure) sites?
3 Likes

Hi @rg305 I did it using simply certbot client in a webserver that had a separate configuration file for each site and all on port 80.

Here I have a wordpress multisite config file, the 8080 port, and I want to set a SSL for one of the subsite of multisite. Where could i start, without using webmin?

Sorry, I don't know how to enable SSL on WordPress sites.
Without WP, you should be able to run certbot to make secure sites from the HTTP sites found.
Unfortunately, certbot is unable to locate any HTTP sites.
Let's try locating them with:
sudo apachectl -t -D DUMP_VHOSTS

1 Like

I have this (it's the part related to blog.ondata.it)

VirtualHost configuration:
*:8080                 is a NameVirtualHost
         default server ondata.it (/etc/apache2/sites-enabled/000-default.conf:1)
         port 8080 namevhost wp.ondata.it (/etc/apache2/sites-enabled/wp.ondata.it.conf:1)
                 alias blog.ondata.it
                 alias ....

So that is the only related vhost?
If so, please show the file:
/etc/apache2/sites-enabled/wp.ondata.it.conf

1 Like

It's this (thank you)

<VirtualHost *:8080>
SuexecUserGroup "#1000" "#1000"
ServerName wp.ondata.it


# Server aliases for wordpress multisite domain mapping
ServerAlias blog.ondata.it
ServerAlias anothere1.ondata.it
ServerAlias anothere2.ondata.it
#

DocumentRoot /home/ondata/domains/wp.ondata.it/public_html
ErrorLog /var/log/virtualmin/wp.ondata.it_error_log
CustomLog /var/log/virtualmin/wp.ondata.it_access_log combined
ScriptAlias /cgi-bin/ /home/ondata/domains/wp.ondata.it/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/ondata/domains/wp.ondata.it/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
AddHandler fcgid-script .php7.0
FCGIWrapper /home/ondata/domains/wp.ondata.it/fcgi-bin/php7.0.fcgi .php
#FCGIWrapper /home/ondata/domains/wp.ondata.it/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/ondata/domains/wp.ondata.it/fcgi-bin/php5.fcgi .php5
FCGIWrapper /home/ondata/domains/wp.ondata.it/fcgi-bin/php7.0.fcgi .php7.0
</Directory>
<Directory /home/ondata/domains/wp.ondata.it/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.wp.ondata.it
RewriteRule ^(.*) https://wp.ondata.it:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.wp.ondata.it
RewriteRule ^(.*) https://wp.ondata.it:48121/ [R]
RemoveHandler .php
RemoveHandler .php5
RemoveHandler .php7.0
php_admin_value engine Off
IPCCommTimeout 31
FcgidMaxRequestLen 1073741824
</VirtualHost>
<VirtualHost *:443>
SuexecUserGroup "#1000" "#1000"
ServerName wp.ondata.it
DocumentRoot /home/ondata/domains/wp.ondata.it/public_html
ErrorLog /var/log/virtualmin/wp.ondata.it_error_log
CustomLog /var/log/virtualmin/wp.ondata.it_access_log combined
ScriptAlias /cgi-bin/ /home/ondata/domains/wp.ondata.it/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/ondata/domains/wp.ondata.it/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
AddHandler fcgid-script .php7.0
#FCGIWrapper /home/ondata/domains/wp.ondata.it/fcgi-bin/php7.0.fcgi .php
FCGIWrapper /home/ondata/domains/wp.ondata.it/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/ondata/domains/wp.ondata.it/fcgi-bin/php5.fcgi .php5
FCGIWrapper /home/ondata/domains/wp.ondata.it/fcgi-bin/php7.0.fcgi .php7.0
</Directory>
<Directory /home/ondata/domains/wp.ondata.it/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.wp.ondata.it
RewriteRule ^(.*) https://wp.ondata.it:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.wp.ondata.it
RewriteRule ^(.*) https://wp.ondata.it:48121/ [R]
RemoveHandler .php
RemoveHandler .php5
RemoveHandler .php7.0
php_admin_value engine Off
IPCCommTimeout 31
FcgidMaxRequestLen 1073741824
SSLEngine on
SSLCertificateFile /home/ondata/domains/wp.ondata.it/ssl.cert
SSLCertificateKeyFile /home/ondata/domains/wp.ondata.it/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
</VirtualHost>
1 Like

That file seems a bit altered.
WP has issued a cert within it - but only for one name.
All the ServerAlias exists only in the insecure vhost.

Did WP put those aliases in there?
[or did you edit the file and add them manually]

1 Like

This it the raw one

<VirtualHost *:8080>
SuexecUserGroup "#1000" "#1000"
ServerName wp.ondata.it
ServerAlias www.wp.ondata.it
ServerAlias webmail.wp.ondata.it
ServerAlias admin.wp.ondata.it

# Server aliases for wordpress multisite domain mapping
ServerAlias blog.ondata.it
ServerAlias premio.ondata.it
ServerAlias opendatasicilia.it *.opendatasicilia.it # Own virtual host
ServerAlias opendatacampania.it *.opendatacampania.it
ServerAlias opendataemiliaromagna.it *.opendataemiliaromagna.it
#ServerAlias ricostruzionetrasparente.it www.ricostruzionetrasparente.it
#

DocumentRoot /home/ondata/domains/wp.ondata.it/public_html
ErrorLog /var/log/virtualmin/wp.ondata.it_error_log
CustomLog /var/log/virtualmin/wp.ondata.it_access_log combined
ScriptAlias /cgi-bin/ /home/ondata/domains/wp.ondata.it/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/ondata/domains/wp.ondata.it/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
AddHandler fcgid-script .php7.0
FCGIWrapper /home/ondata/domains/wp.ondata.it/fcgi-bin/php7.0.fcgi .php
#FCGIWrapper /home/ondata/domains/wp.ondata.it/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/ondata/domains/wp.ondata.it/fcgi-bin/php5.fcgi .php5
FCGIWrapper /home/ondata/domains/wp.ondata.it/fcgi-bin/php7.0.fcgi .php7.0
</Directory>
<Directory /home/ondata/domains/wp.ondata.it/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.wp.ondata.it
RewriteRule ^(.*) https://wp.ondata.it:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.wp.ondata.it
RewriteRule ^(.*) https://wp.ondata.it:48121/ [R]
RemoveHandler .php
RemoveHandler .php5
RemoveHandler .php7.0
php_admin_value engine Off
IPCCommTimeout 31
FcgidMaxRequestLen 1073741824
</VirtualHost>
<VirtualHost *:443>
SuexecUserGroup "#1000" "#1000"
ServerName wp.ondata.it
ServerAlias www.wp.ondata.it
ServerAlias webmail.wp.ondata.it
ServerAlias admin.wp.ondata.it
DocumentRoot /home/ondata/domains/wp.ondata.it/public_html
ErrorLog /var/log/virtualmin/wp.ondata.it_error_log
CustomLog /var/log/virtualmin/wp.ondata.it_access_log combined
ScriptAlias /cgi-bin/ /home/ondata/domains/wp.ondata.it/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/ondata/domains/wp.ondata.it/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
AddHandler fcgid-script .php7.0
#FCGIWrapper /home/ondata/domains/wp.ondata.it/fcgi-bin/php7.0.fcgi .php
FCGIWrapper /home/ondata/domains/wp.ondata.it/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/ondata/domains/wp.ondata.it/fcgi-bin/php5.fcgi .php5
FCGIWrapper /home/ondata/domains/wp.ondata.it/fcgi-bin/php7.0.fcgi .php7.0
</Directory>
<Directory /home/ondata/domains/wp.ondata.it/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.wp.ondata.it
RewriteRule ^(.*) https://wp.ondata.it:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.wp.ondata.it
RewriteRule ^(.*) https://wp.ondata.it:48121/ [R]
RemoveHandler .php
RemoveHandler .php5
RemoveHandler .php7.0
php_admin_value engine Off
IPCCommTimeout 31
FcgidMaxRequestLen 1073741824
SSLEngine on
SSLCertificateFile /home/ondata/domains/wp.ondata.it/ssl.cert
SSLCertificateKeyFile /home/ondata/domains/wp.ondata.it/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
</VirtualHost>

OK
But were those aliases added in manually or by WordPress?

1 Like

I think manually, but I'm not sure

It makes a difference because WP is involved.

Let's get you a cert and you can deal with any possible WP problem when/if that happens (later).

First:
Let's test that challenge file location, with:
[placing a test file in the expected challenge location and verify that it can be reached from the Internet]
echo "TestFile1" > /home/ondata/domains/wp.ondata.it/public_html/Test_File-1

1 Like

yes it is http://wp.ondata.it/Test_File-1

OK.
Now to get you a cert.
Do you only need that one name?
[ blog.ondata.it ]

If so, try:
certbot certonly -d blog.ondata.it --http-01-port 8080

1 Like

You are very very kind, thank you very much.

Now I have

- Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/blog.ondata.it/fullchain.pem

Now, what do I must change to have this site in https? Do I must change /etc/apache2/sites-enabled/wp.ondata.it.conf?

1 Like

I would create a separate file - to avoid having it overwritten by WordPress.
Create a new file in that folder but call it: blog.ondata.it.conf
It should look a lot like the secure portion (bottom half of the) wp.ondata.it.conf file.
Post your edited file here to confirm it.

1 Like

Can I simply copy the my wp.ondata.it.conf file and edit it in this way, and save it as blog.ondata.it.conf in that folder?

That's not enough of an edit.
You only need from line 53+
And a lot within that is specifically for wp.ondata.it, so I doubt you will need those lines either.
Also, is the "blog" site going to be just an alias to the "wp" site?

1 Like