Incorrect Apache configuration: key and redirect


#1

I followed the installation guide for Debian 8, that is, I cloned the git repo and used letsencrypt-auto to obtain install a certificate. When asked whether to redirect http to https, I chose the ‘secure’ option. However, letsencrypt told me that the redirect failed. (“Unable to set enhancement redirect”)

After that Apache failed to start. Looking at Apache’s error log revealed that it was exiting after failing to find a certificate for mod_ssl. I looked at the Apache config file that letsencrypt had generated, sites-enabled/no-http-le-ssl.conf:

<IfModule mod_ssl.c>
<VirtualHost *:443>
   ServerName *redacted*
   Redirect permanent / https://*redacted*/
SSLCertificateFile /etc/letsencrypt/live/*redacted*/chain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/*redacted*/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

First of all, I had to change the SSLCertificateFile line to cert.pem instead of chain.pem. After that, Apache was able to start successfully. However, accessing my website via https was impossible. There is a redirect line inside the configuration for https (port 443). Since all https traffic redirects to https, there was an infinite loop. My browser presented an error message saying that the server was redirecting in a way that would not succeed. To fix this, I simply removed the redirect line and moved it to a different file inside a <VirtualHost *:80> section

These two errors prevented my server from working out of the box after using the letsencrypt client, but after fixing those problems, everything seems to work fine.