Installed Debian 11: cant get certificate to activate ssl: Times out EVERY TIME

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

buddy-baker.info,
www.buddy-baker.info,
buddy-baker.us,
www.buddy-baker.us,
www.buddy-baker.org,
buddy-baker.org,
www.buddy-baker.com,
buddy-baker.com

I ran this command: root@cardinal:~/.acme.sh# ./acme.sh --issue -d buddy-baker.info,www.buddy-baker.info -w /var/www/mallard.dkpi/public

It produced this output:
[Sun 01 May 2022 11:50:06 AM EDT] Using CA: https://acme.zerossl.com/v2/DV90
[Sun 01 May 2022 11:50:06 AM EDT] Multi domain='DNS:buddy-baker.info,DNS:www.buddy-baker.info'
[Sun 01 May 2022 11:50:06 AM EDT] Getting domain auth token for each domain
[Sun 01 May 2022 11:50:44 AM EDT] Getting webroot for domain='buddy-baker.info'
[Sun 01 May 2022 11:50:44 AM EDT] Getting webroot for domain='www.buddy-baker.info'
[Sun 01 May 2022 11:50:44 AM EDT] Verifying: buddy-baker.info
[Sun 01 May 2022 11:50:54 AM EDT] Processing, The CA is processing your order, please just wait. (1/30)
[Sun 01 May 2022 11:51:06 AM EDT] Processing, The CA is processing your order, please just wait. (2/30)
[Sun 01 May 2022 11:51:18 AM EDT] Processing, The CA is processing your order, please just wait. (3/30)
[Sun 01 May 2022 11:51:30 AM EDT] Processing, The CA is processing your order, please just wait. (4/30)
[Sun 01 May 2022 11:51:50 AM EDT] Processing, The CA is processing your order, please just wait. (5/30)
[Sun 01 May 2022 11:52:02 AM EDT] Processing, The CA is processing your order, please just wait. (6/30)
[Sun 01 May 2022 11:52:15 AM EDT] Processing, The CA is processing your order, please just wait. (7/30)
[Sun 01 May 2022 11:52:26 AM EDT] Processing, The CA is processing your order, please just wait. (8/30)
[Sun 01 May 2022 11:52:28 AM EDT] Processing, The CA is processing your order, please just wait. (9/30)
[Sun 01 May 2022 11:52:40 AM EDT] Processing, The CA is processing your order, please just wait. (10/30)
[Sun 01 May 2022 11:52:52 AM EDT] Processing, The CA is processing your order, please just wait. (11/30)
[Sun 01 May 2022 11:53:04 AM EDT] Processing, The CA is processing your order, please just wait. (12/30)
[Sun 01 May 2022 11:53:15 AM EDT] Processing, The CA is processing your order, please just wait. (13/30)
[Sun 01 May 2022 11:53:27 AM EDT] Processing, The CA is processing your order, please just wait. (14/30)
[Sun 01 May 2022 11:53:39 AM EDT] Processing, The CA is processing your order, please just wait. (15/30)
[Sun 01 May 2022 11:53:51 AM EDT] Processing, The CA is processing your order, please just wait. (16/30)
[Sun 01 May 2022 11:54:02 AM EDT] Processing, The CA is processing your order, please just wait. (17/30)
[Sun 01 May 2022 11:54:14 AM EDT] Processing, The CA is processing your order, please just wait. (18/30)
[Sun 01 May 2022 11:54:26 AM EDT] Processing, The CA is processing your order, please just wait. (19/30)
[Sun 01 May 2022 11:54:38 AM EDT] Processing, The CA is processing your order, please just wait. (20/30)
[Sun 01 May 2022 11:54:49 AM EDT] Processing, The CA is processing your order, please just wait. (21/30)
[Sun 01 May 2022 11:55:01 AM EDT] Processing, The CA is processing your order, please just wait. (22/30)
[Sun 01 May 2022 11:55:04 AM EDT] Processing, The CA is processing your order, please just wait. (23/30)
[Sun 01 May 2022 11:55:16 AM EDT] Processing, The CA is processing your order, please just wait. (24/30)
[Sun 01 May 2022 11:55:28 AM EDT] Processing, The CA is processing your order, please just wait. (25/30)
[Sun 01 May 2022 11:55:40 AM EDT] Processing, The CA is processing your order, please just wait. (26/30)
[Sun 01 May 2022 11:55:52 AM EDT] Processing, The CA is processing your order, please just wait. (27/30)
[Sun 01 May 2022 11:56:04 AM EDT] Processing, The CA is processing your order, please just wait. (28/30)
[Sun 01 May 2022 11:56:16 AM EDT] Processing, The CA is processing your order, please just wait. (29/30)
[Sun 01 May 2022 11:56:26 AM EDT] buddy-baker.info:Timeout
[Sun 01 May 2022 11:56:26 AM EDT] Please check log file for more details: /root/.acme.sh/acme.sh.log

--END acme.sh output--

My web server is (include version):Server version: Apache/2.4.53 (Debian)
Server built: 2022-03-14T16:28:35

The operating system my web server runs on is (include version): Linux cardinal 5.10.0-13-amd64 #1 SMP Debian 5.10.106-1 (2022-03-17) x86_64 GNU/Linux /

Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Codename: bullseye

My hosting provider, if applicable, is: Godaddy /Self-Hosted

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Using acme.sh (root@cardinal:~/.acme.sh# ./acme.sh --version

v3.0.3)

INFORMATION: would like to install acme.sh properly, and not sure whether I NEED to install a certain way, in a certain mode, and want to get all my certs installed in .acme.sh/domain_dir.suffix - Not sure why this doesn't seem to work, but would love to fix it correctly, as I updated to DEB 11 last week, and need SSL working properly. Once it does, will issue it in one certificate for all domains, and get it working right.

Brian+

2

You know you're not using Let's Encrypt, right?

Add a --server letsencrypt to your command.

You can also set LE as a default, run this as a separate command:

acme.sh --set-default-ca --server letsencrypt

4 Likes
3

Keep getting errors:
buddy-baker.com:Verify error:174.83.81.140: Invalid response from http://buddy-baker.com/.well-known/acme-challenge/94KCFxtA3HGCnnSDb5mRjYlcJLWVHe127gjXhglWL9E: 404
[Sun 01 May 2022 12:38:42 PM EDT] Please add '--debug' or '--log' to check more details.
[Sun 01 May 2022 12:38:42 PM EDT] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub

How do I tell this error to go away and die??? am i supposed to install it a special way since I am running apache? I think I am running it as a service, so I am not sure how to install it do it does aNOT error out.

Brian

4

This error seems to happen on all domains but .us, but keeps erroring regardles of what domain I try to use

Brian

5

First of all, relax.

Second, that error most likely means you forgot to configure the proper webroot for that domain.

3 Likes
6

As a test, try placing a test file (without any extension) in the expected challenge location.
And then test access with both names from the Internet.
Like with:

curl -Ii     buddy-baker.info/.well-known/acme-challenge/Test_File-1234
curl -Ii www.buddy-baker.info/.well-known/acme-challenge/Test_File-1234
2 Likes
7

Maybe @Neilpang can help!
:zipper_mouth_face:

6 Likes
8

OK Guys:

This is what I get: I want to start FRESH - Want to instal this RIGHT, and I am getting timeouts and errors: this NEEDS to be correct: Here is what I got doing buddy-baker.us,www.buddy-baker.us

root@cardinal:~/.acme.sh# cme.sh --issue -d buddy-baker.us.www.buddy-baker.us -w^C
root@cardinal:~/.acme.sh# acme.sh --issue -d buddy-baker.us.www.buddy-baker.us -w /var/www/html
[Mon 02 May 2022 10:27:39 AM EDT] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon 02 May 2022 10:27:39 AM EDT] Create account key ok.
[Mon 02 May 2022 10:27:39 AM EDT] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Mon 02 May 2022 10:27:40 AM EDT] Registered
[Mon 02 May 2022 10:27:40 AM EDT] ACCOUNT_THUMBPRINT='UThQKt2SNXPSxQgXr4K5DlnStvTLBXx9ztYhhNL7zFk'
[Mon 02 May 2022 10:27:40 AM EDT] Creating domain key
[Mon 02 May 2022 10:27:40 AM EDT] The domain key is here: /root/.acme.sh/buddy-baker.us.www.buddy-baker.us/buddy-baker.us.www.buddy-baker.us.key
[Mon 02 May 2022 10:27:40 AM EDT] Single domain='buddy-baker.us.www.buddy-baker.us'
[Mon 02 May 2022 10:27:40 AM EDT] Getting domain auth token for each domain
[Mon 02 May 2022 10:27:41 AM EDT] Getting webroot for domain='buddy-baker.us.www.buddy-baker.us'
[Mon 02 May 2022 10:27:41 AM EDT] Verifying: buddy-baker.us.www.buddy-baker.us
[Mon 02 May 2022 10:27:42 AM EDT] Pending, The CA is processing your order, please just wait. (1/30)
[Mon 02 May 2022 10:27:45 AM EDT] buddy-baker.us.www.buddy-baker.us:Verify error:DNS problem: NXDOMAIN looking up A for buddy-baker.us.www.buddy-baker.us - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for buddy-baker.us.www.buddy-baker.us - check that a DNS record exists for this domain
[Mon 02 May 2022 10:27:45 AM EDT] Please add '--debug' or '--log' to check more details.
[Mon 02 May 2022 10:27:45 AM EDT] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub
root@cardinal:~/.acme.sh#

Next steps please? Is this thing working, or is it not?

Brian

9

Read that message carefully. You are asking for a certificate for one domain name, a literal fifth level domain buddy-baker.us.www.buddy-baker.us.

Replace

-d buddy-baker.us.www.buddy-baker.us

with

-d buddy-baker.us -d www.buddy-baker.us

2 Likes
10

This is my output now :slight_smile:
root@cardinal:~/.acme.sh# acme.sh --issue -d buddy-baker.us -d www.buddy-baker.us -w /var/www/html
[Mon 02 May 2022 12:03:26 PM EDT] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon 02 May 2022 12:03:26 PM EDT] Create account key ok.
[Mon 02 May 2022 12:03:27 PM EDT] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Mon 02 May 2022 12:03:27 PM EDT] Registered
[Mon 02 May 2022 12:03:27 PM EDT] ACCOUNT_THUMBPRINT='t7bTzgLojCcPolv2kipV83lV9eoxeGnyC4AcOz8Z12I'
[Mon 02 May 2022 12:03:27 PM EDT] Creating domain key
[Mon 02 May 2022 12:03:28 PM EDT] The domain key is here: /root/.acme.sh/buddy-baker.us/buddy-baker.us.key
[Mon 02 May 2022 12:03:28 PM EDT] Multi domain='DNS:buddy-baker.us,DNS:www.buddy-baker.us'
[Mon 02 May 2022 12:03:28 PM EDT] Getting domain auth token for each domain
[Mon 02 May 2022 12:03:29 PM EDT] Getting webroot for domain='buddy-baker.us'
[Mon 02 May 2022 12:03:29 PM EDT] Getting webroot for domain='www.buddy-baker.us'
[Mon 02 May 2022 12:03:29 PM EDT] Verifying: buddy-baker.us
[Mon 02 May 2022 12:03:30 PM EDT] Pending, The CA is processing your order, please just wait. (1/30)
[Mon 02 May 2022 12:03:33 PM EDT] Success
[Mon 02 May 2022 12:03:33 PM EDT] Verifying: www.buddy-baker.us
[Mon 02 May 2022 12:03:33 PM EDT] Pending, The CA is processing your order, please just wait. (1/30)
[Mon 02 May 2022 12:03:37 PM EDT] Success
[Mon 02 May 2022 12:03:37 PM EDT] Verify finished, start to sign.
[Mon 02 May 2022 12:03:37 PM EDT] Lets finalize the order.
[Mon 02 May 2022 12:03:37 PM EDT] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/525784467/85200232647'
[Mon 02 May 2022 12:03:38 PM EDT] Downloading cert.
[Mon 02 May 2022 12:03:38 PM EDT] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/042586f10692bc5e3262eea63f3299c0176d'
[Mon 02 May 2022 12:03:38 PM EDT] Cert success.
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
[Mon 02 May 2022 12:03:38 PM EDT] Your cert is in: /root/.acme.sh/buddy-baker.us/buddy-baker.us.cer
[Mon 02 May 2022 12:03:38 PM EDT] Your cert key is in: /root/.acme.sh/buddy-baker.us/buddy-baker.us.key
[Mon 02 May 2022 12:03:38 PM EDT] The intermediate CA cert is in: /root/.acme.sh/buddy-baker.us/ca.cer
[Mon 02 May 2022 12:03:38 PM EDT] And the full chain certs is there: /root/.acme.sh/buddy-baker.us/fullchain.cer
root@cardinal:~/.acme.sh#

Now, I will try the other domains :slight_smile:
Brian

11

Output: Errors again for .com

root@cardinal:~/.acme.sh# acme.sh --issue -d buddy-baker.com -d www.buddy-baker.com -w /var/www/eagle.bbdc/public
[Mon 02 May 2022 12:10:07 PM EDT] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon 02 May 2022 12:10:07 PM EDT] Creating domain key
[Mon 02 May 2022 12:10:07 PM EDT] The domain key is here: /root/.acme.sh/buddy-baker.com/buddy-baker.com.key
[Mon 02 May 2022 12:10:07 PM EDT] Multi domain='DNS:buddy-baker.com,DNS:www.buddy-baker.com'
[Mon 02 May 2022 12:10:07 PM EDT] Getting domain auth token for each domain
[Mon 02 May 2022 12:10:09 PM EDT] Getting webroot for domain='buddy-baker.com'
[Mon 02 May 2022 12:10:09 PM EDT] Getting webroot for domain='www.buddy-baker.com'
[Mon 02 May 2022 12:10:09 PM EDT] Verifying: buddy-baker.com
[Mon 02 May 2022 12:10:09 PM EDT] Pending, The CA is processing your order, please just wait. (1/30)
[Mon 02 May 2022 12:10:13 PM EDT] buddy-baker.com:Verify error:174.83.81.140: Invalid response from http://buddy-baker.com/.well-known/acme-challenge/oY9l4Q3IOEiG02ueuMgffLXbgrS7O8EM5c5TYUwY7ps: 404
[Mon 02 May 2022 12:10:13 PM EDT] Please add '--debug' or '--log' to check more details.
[Mon 02 May 2022 12:10:13 PM EDT] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub

Next steps?

Brian

12

Do you see the difference between these two commands?

Do you know why one works and the other doesn't?

2 Likes
13

And, if 9peppe's response is not enough for you please show result of this

apachectl -S
5 Likes
14

The only difference I see is that the .com has a -w /var/www/eagle.bbdc/public

This is the result of apachectl -S

root@cardinal:~/.acme.sh# apachectl -S
AH00526: Syntax error on line 37 of /etc/apache2/sites-enabled/buddy-baker.com-le-ssl.conf:
SSLCertificateFile: file '/root/.acme.sh/buddy-baker.com/fullchain.cer' does not exist or is empty
Action '-S' failed.
The Apache error log may have more information.
root@cardinal:~/.acme.sh#
The files that are called for Dont exist, so I commented them out like this:

    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.

#Server is EAGLE (Default for buddy-baker.com domain)
<VirtualHost *:443>
ServerName buddy-baker.com
ServerAdmin root@localhost
ServerAlias www.buddy-baker.com
DocumentRoot /var/www/eagle.bbdc/public
ErrorLog /var/www/eagle.bbdc/logs/eagle.error.log
CustomLog /var/www/eagle.bbdc/logs/access.log combined
LogLevel info ssl:warn

<Directory /var/www/eagle.bbdc>
DirectoryIndex index.html index.php
Options +Indexes +FollowSymLinks +Multiviews
AllowOverride All
Order Allow,Deny
Allow from All

<Directory /var/www/eagle.bbdc/public>
DirectoryIndex index.html index.php
Options +Indexes +FollowSymLinks +Multiviews
AllowOverride All
Order Allow,Deny
Allow from All

#SSLCertificateFile /etc/letsencrypt/live/www.buddy-baker.us/fullchain.pem
#SSLCertificateKeyFile /etc/letsencrypt/live/www.buddy-baker.us/privkey.pem
#Include /etc/letsencrypt/options-ssl-apache.conf

--END Config file for .com domain

I know that I need to get rid of the lines that deal with the /etc/letsencrypt/ but not sure how to get the right certs for the domains - Obviously, the ssl certs line is gonna be wrong if the info is not there, but this is a little confusing....

Brian

15

I run that for .com and i get:

root@cardinal:~/.acme.sh# acme.sh --issue -d buddy-baker.com -d www.buddy-baker.com -w /var/www/eage.bbdc/public
[Mon 02 May 2022 12:34:21 PM EDT] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon 02 May 2022 12:34:21 PM EDT] Multi domain='DNS:buddy-baker.com,DNS:www.buddy-baker.com'
[Mon 02 May 2022 12:34:21 PM EDT] Getting domain auth token for each domain
[Mon 02 May 2022 12:34:23 PM EDT] Getting webroot for domain='buddy-baker.com'
[Mon 02 May 2022 12:34:23 PM EDT] Getting webroot for domain='www.buddy-baker.com'
[Mon 02 May 2022 12:34:23 PM EDT] Verifying: buddy-baker.com
[Mon 02 May 2022 12:34:24 PM EDT] Pending, The CA is processing your order, please just wait. (1/30)
[Mon 02 May 2022 12:34:27 PM EDT] buddy-baker.com:Verify error:174.83.81.140: Invalid response from http://buddy-baker.com/.well-known/acme-challenge/zW2fjbjOk47xP7PSqLCB2hwmCEU3XwyMxW6Cwfj_Zxo: 404
[Mon 02 May 2022 12:34:27 PM EDT] Please add '--debug' or '--log' to check more details.
[Mon 02 May 2022 12:34:27 PM EDT] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub

Brian

16

Can you show the port 80 VirtualHost config file?

It would still be very helpful to see result of a good apachectl -S

2 Likes
17

I really don't want to explain now. But try this:

acme.sh --issue -d buddy-baker.com -d www.buddy-baker.com -w /var/www/html

I think apache is ignoring that virtualhost and you get the default host. Once you get the certificates you can use the proper webroot.

18

OK: for some reason did not have the :80 ones in sites-available: so here they are :slight_smile:

DOT US

The ServerName directive sets the request scheme, hostname and port t$

    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.

#Default Host (cardinal.buddy-baker.us)
<VirtualHost *:80>
ServerName buddy-baker.us
ServerAdmin webmaster@localhost
ServerAlias www.buddy-baker.us
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
LogLevel info ssl:warn
RewriteEngine on
RewriteCond %{SERVER_NAME} =buddy-baker.us [OR]
RewriteCond %{SERVER_NAME} =www.buddy-baker.us
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

=======
DOT COM

    # The ServerName directive sets the request scheme, hostname and port t>
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.

#Server is EAGLE (Default for buddy-baker.com domain)
<VirtualHost *:80>
ServerName buddy-baker.com
ServerAdmin root@localhost
ServerAlias www.buddy-baker.com
DocumentRoot /var/www/eagle.bbdc/public
ErrorLog /var/www/eagle.bbdc/logs/eagle.error.log
CustomLog /var/www/eagle.bbdc/logs/access.log combined
LogLevel info<Directory /var/www/eagle.bbdc>
DirectoryIndex index.html index.php
Options +Indexes +FollowSymLinks +Multiviews
AllowOverride All
Order Allow,Deny
Allow from All

<Directory /var/www/eagle.bbdc/public>
DirectoryIndex index.html index.php
Options +Indexes +FollowSymLinks +Multiviews
AllowOverride All
Order Allow,Deny
Allow from All

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.buddy-baker.com [OR]
RewriteCond %{SERVER_NAME} =buddy-baker.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

========
DOT ORG

The ServerName directive sets the request scheme, hostname and port

the server uses to identify itself. This is used when creating

redirection URLs. In the context of virtual hosts, the ServerName

specifies what hostname must appear in the request's Host: header to

match this virtual host. For the default virtual host (this file) this

value is not decisive as it is used as a last resort host regardless.

However, you must set it for any further virtual host explicitly.

#Server is BLUEJAY (Default for buddy-baker.org domain)
<VirtualHost *:80>
ServerName buddy-baker.org
ServerAdmin root@localhost
ServerAlias www.buddy-baker.org
DocumentRoot /var/www/bluejay.bbdo/public
ErrorLog /var/www/bluejay.bbdo/logs/bluejay.error.log
CustomLog /var/www/bluejay.bbdo/logs/access.log combined
LogLevel info

<Directory /var/www/bluejay.bbdo>
DirectoryIndex index.html index.php
Options +Indexes +FollowSymLinks +Multiviews
AllowOverride All
Order Allow,Deny
Allow from All

#set Directory for clients use

Directory /var/www/bluejay.bbdo/public/users>
DirectoryIndex index.html index.php
Options +Indexes +FollowSymLinks +Multiviews
AllowOverride All
Order Allow,Deny
Allow from All

RewriteEngine on
RewriteCond %{SERVER_NAME} =www.buddy-baker.org [OR]
RewriteCond %{SERVER_NAME} =buddy-baker.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

========
DOT INFO

The ServerName directive sets the request scheme, hostname and port t$
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.

#Default Host (buddy-baker.info)
<VirtualHost *:80>
ServerName buddy-baker.info
ServerAdmin webmaster@localhost
ServerAlias www.buddy-baker.info
DocumentRoot /var/www/mallard.dkpi/public
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
LogLevel info warn

<Directory /var/www/mallard.dkpi>
DirectoryIndex index.html
Options +Indexes +FollowSymLinks +Multiviews
AllowOverride All
Order Allow,Deny
Allow from All

<Directory /var/www/mallard.dkpi/public>
DirectoryIndex index.php
Options +Indexes +FollowSymLinks +Multiviews
AllowOverride All
Order Allow,Deny
Allow from All

RewriteEngine on
RewriteCond %{SERVER_NAME} =buddy-baker.info [OR]
RewriteCond %{SERVER_NAME} =www.buddy-baker.info
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

INFORMATION: I have the .conf files for the :80 virtualhosts - can now just enable these, and then can I do a .acme.sh to get the .cert files I am missing?

Brian

19

If your server is fresh, I'd do one more and make the config simpler.

kinda like

https://httpd.apache.org/docs/2.4/mod/mod_macro.html

The examples on that page look like they're made for you specifically. (Or you can just use Caddy)

2 Likes
20

So are these also in sites-enabled like the one for port 443?

And, the apachectl -S output is needed to see how this all fits together. Something is fundamentally wrong in your config.

4 Likes