I ran this command: sudo /usr/local/bin/certbot-auto -i apache -a manual --preferred-challenges dns -d ssl.stdominicchapel.org
It produced this output: Cannot find an SSLCertificateFile directive in /files/etc/httpd/conf.d/wsgi-le-ssl.conf/IfModule/VirtualHost. VirtualHost was not modified
My web server is (include version): Python 3.6
The operating system my web server runs on is (include version): Amazon Linux 2.9.7 64 bit
I can login to a root shell on my machine (yes or no, or I don’t know): yes
The version of my client is: certbot 1.3.0
$ [ec2-user ~]$ apachectl -S
Yields:
VirtualHost configuration:
*:80 is a NameVirtualHost
default server stdominicchapel.org (/etc/httpd/conf/httpd.conf:44)
port 80 namevhost stdominicchapel.org (/etc/httpd/conf/httpd.conf:44)
alias www.stdominicchapel.org
port 80 namevhost ip-172-31-26-125.us-east-2.compute.internal (/etc/httpd/conf.d/wsgi.conf:7)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex mpm-accept: using_defaults
Mutex cache-socache: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex default: dir="/var/run/httpd/" mechanism=default
PidFile: "/var/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48 not_used
Group: name="apache" id=48 not_used
Your using the apache installer for name: ssl.stdominicchapel.org
But there is no virtual host file for that name.
Since you are using DNS authentication, you really don’t need to use an installer.
You could just use certonly option.
Get the new cert.
Then do whatever you want with it.
I have made many changes in the past day or so and I am still stuck trying to install the certificates.
I have found many, many guides for using Let’s Encrypt on AWS Elastic Beanstalk, but no process that I have tried works. Is there an up-to-date guide out there that can be used for installing on Amazon Linux 2 for a website running on Apache?
I am currently trying the scripts that can be found here. None of them have worked as of yet.
You can bypass the web server type altogether with the --webroot option.
If you know where the authentication files can be found, you can get a cert no matter which web server is used.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for guptapustakalaya.com
http-01 challenge for www.guptapustakalaya.com
Input the webroot for guptapustakalaya.com: (Enter ‘c’ to cancel): /etc/opt
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): Ubuntu 16.04
The operating system my web server runs on is (include version):Linux/Unix
My hosting provider, if applicable, is: Amazon Web Service
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0
@myedupoint I am now trying acme.sh and receiving the same error that you reported in your first post. I am no pro, but I think that it is related to directory/file permissions in Apache (which I am using).
Sorry for the late reply. I am out of state currently.
I did find out that getting LetsEncrypt on Elastic Beanstalk (running Amazon Linux 2) is either impossible or out of my pay rate. I switched to Lightsail. I did not get the error that you had been getting.
I have the certs installed on Ubuntu 18.04. I am using Apache. The issue that I have having is that my connection is not timing out every time I try to access my site. Here is my site.conf file:
# Listen 80
LoadModule wsgi_module /usr/lib/apache2/modules/mod_wsgi.so
User ******
Group www-data
WSGIScriptAlias / /var/www/wsgi_scripts/sdchapelorg.wsgi
WSGIDaemonProcess stdominicchapel python-home=/var/www/sdchapel.org/env python-path=/var/www/sdchapel.org/app threads=5
WSGIRestrictEmbedded On
WSGIProcessGroup stdominicchapel
WSGIApplicationGroup %{GLOBAL}
<VirtualHost *:80>
ServerAdmin user@email.com
ServerName stdominicchapel.org
ServerAlias www.stdominicchapel.org
ErrorLog /var/www/stdominicchapel.org/logs/error.log
CustomLog /var/www/stdominicchapel.org/logs/access.log combined
Alias /static/ /var/www/sdchapel.org/app/static/
RewriteEngine On
RewriteCond %{SERVER_NAME} =www.stdominicchapel.org [OR]
RewriteCond %{SERVER_NAME} =stdominicchapel.org
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
#WSGIScriptAlias / /var/www/wsgi_scripts/sdchapelorg.wsgi
#WSGIDaemonProcess stdominicchapel python-home=/var/www/sdchapel.org/env python-path=/var/www/sdchapel.org/app threads=5
#WSGIRestrictEmbedded On
#WSGIProcessGroup stdominicchapel
#WSGIApplicationGroup %{GLOBAL}
<Directory /var/www/wsgi_scripts>
Require all granted
</Directory>
<Directory /var/www/sdchapel.org>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
ServerAdmin user@email.com
ServerName stdominicchapel.org
ServerAlias www.stdominicchapel.org
ErrorLog /var/www/stdominicchapel.org/logs/error.log
CustomLog /var/www/stdominicchapel.org/logs/access.log combined
Alias /static/ /var/www/sdchapel.org/app/static/
<Directory /var/www/wsgi_scripts>
Require all granted
</Directory>
<Directory /var/www/sdchapel.org>
Require all granted
</Directory>
SSLCertificateFile /etc/letsencrypt/live/stdominicchapel.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/stdominicchapel.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
# enable HTTP/2, if available
Protocols h2 http/1.1
# HTTP Strict Transport Security (mod_headers is required) (63072000 seconds)
# Header always set Strict-Transport-Security "max-age=63072000"
</VirtualHost>
# intermediate configuration
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
#SSLUseStapling On
#SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"