Install letsencrypt but it doesnt work


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:natayej2.ir

I ran this command:./letsencrypt auto

It produced this output:Failed redirect for natayej2.ir
Unable to set enhancement redirect for natayej2.ir
Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection

My web server is (include version): Apache/2.4.18

The operating system my web server runs on is (include version):ubuntu 16.04

My hosting provider, if applicable, is:crowncloud

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no


#2

Your certificate seems to be valid and correctly installed; however the HTTPS version of your site is returning a 500 internal server error. I suppose maybe something in your Apache configuration confused certbot (letsencrypt-auto) when it tried to modify it to install the cert.

Can you share the relevant parts of your Apache configuration? Particularly the VirtualHost added by certbot but also any other configuration related to the same domain.

Also check your Apache error logs as they may give more detail as to the nature of the error.


#3

Thank you for taking the time and replying and I’m sorry to come late.
I have installed the protocol on a subdomain(bot.natayej2.ir). But I have not yet installed the main domain(natayej2.ir).
This error occurs when I want to install the protocol’s main domain.
<VirtualHost *:80>
ServerName natayej2.ir
WSGIDaemonProcess siteserver
WSGIScriptAlias / /var/www/natayej2.ir/siteserver.wsgi
<Directory /var/www/natayej2.ir>
WSGIProcessGroup siteserver
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all


<VirtualHost *:80>
ServerName bot.natayej2.ir
WSGIDaemonProcess botserver
WSGIScriptAlias / /var/www/bot.natayej2.ir/botserver.wsgi
<Directory /var/www/bot.natayej2.ir>
WSGIProcessGroup botserver
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all

RewriteEngine on
RewriteCond %{SERVER_NAME} =bot.natayej2.ir
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

and virtual host for 443:

<VirtualHost *:443>
ServerName bot.natayej2.ir
WSGIDaemonProcess botserver2
WSGIScriptAlias / /var/www/bot.natayej2.ir/botserver.wsgi
<Directory /var/www/bot.natayej2.ir>
WSGIProcessGroup botserver2
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all

Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias natayej2.ir
Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/natayej2.ir/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/natayej2.ir/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf



#4

Hmm, I’m not sure but I suspect it might have something to do with the

ServerAlias natayej2.ir

in your <VirtualHost *:443>. That would make Apache try to use the bot subdomain’s configuration to serve for the main domain, and might (I guess) also confuse certbot to the extent that it might be unable to figure out how to create a new, correct VirtualHost for the main domain on port 443 without causing a conflict. What happens if you remove that line and try again?


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.