Thank you schoen, sounds like you understand the problem. I did run the certbot and it did manage to register a certificate without me using this tool. Probably through apache.conf injection or something.
But I am still having trouble with certbot throwing errors it tried to create a Deamon Group for SSL with same name as the one for HTTP which caused certbot to anounce Apache Errors and revert the set up. I managed to change the name on the SSL by adding -ssl to the end of the name and apache ran without errors again. But I still donāt have SSL running probably due to the revert. I did enable the ssl virtual host via bash but ssl is not working.
I wonder now that I have corrected the error in the vhost ssl setting wether I need to run certbot again some how to turn on ssl etc.
I did put the url routing in and I tested it with fake request and resonse, seemed to work okay but as you say renewal would be manual this way. So I will remove it at some time.
A bit about my set up. I have a 1and1 domain name āwww.shentaichiacademy.co.ukā with CNAME set to āsbrown.tkā my raspberry pi in house. The raspberry pi has two vhosts one of wihch is āwww.shentaichiacademy.co.ukā. I use FreeDNS my IP to Domain resolution with a crontab that updates FreeDNS and as you see I have a free Domain with .tk.
I cleaned everything up and re ran itā¦
root@web-server:/etc/apache2# certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Which names would you like to activate HTTPS for?
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ācā to cancel): 2
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.shentaichiacademy.co.uk
Enabled Apache rewrite module
Waiting for verificationā¦
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/shentaichiacademy.co.uk-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/shentaichiacademy.co.uk-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/shentaichiacademy.co.uk-le-ssl.conf
Error while running apache2ctl configtest.
Action āconfigtestā failed.
The Apache error log may have more information.
AH00526: Syntax error on line 17 of /etc/apache2/sites-enabled/shentaichiacademy.co.uk.conf:
Name duplicates previous WSGI daemon definition.
Rolling back to previous server configurationā¦
Error while running apache2ctl configtest.
Action āconfigtestā failed.
The Apache error log may have more information.
AH00526: Syntax error on line 17 of /etc/apache2/sites-enabled/shentaichiacademy.co.uk.conf:
Name duplicates previous WSGI daemon definition.
IMPORTANT NOTES:
- We were unable to install your certificate, however, we
successfully restored your server to its prior configuration.
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.shentaichiacademy.co.uk/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.shentaichiacademy.co.uk/privkey.pem
Your cert will expire on 2018-08-25. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the ācertonlyā option. To non-interactively renew all of
your certificates, run ācertbot renewā
root@web-server:/etc/apache2# ls
apache2.conf envvars mods-enabled sites-enabled
conf-available magic ports.conf x
conf-enabled mods-available sites-available
root@web-server:/etc/apache2# cd sites-enabled/
root@web-server:/etc/apache2/sites-enabled# ls
000-default.conf archery-for.me.uk.conf shentaichiacademy.co.uk.conf
root@web-server:/etc/apache2/sites-enabled# cd ā¦
root@web-server:/etc/apache2# cd sites-available/
root@web-server:/etc/apache2/sites-available# ls
000-default.conf archery-for.me.uk.conf shentaichiacademy.co.uk.conf
root@web-server:/etc/apache2/sites-available#
Yet when I run service apache2 restart [NO Errors]
So my vhost starts
1:<VirtualHost *:80>
2: # The ServerName directive sets the request scheme, hostname and port t$
3: # the server uses to identify itself. This is used when creating
4: # redirection URLs. In the context of virtual hosts, the ServerName
5: # specifies what hostname must appear in the requestās Host: header to
6: # match this virtual host. For the default virtual host (this file) this
7: # value is not decisive as it is used as a last resort host regardless.
8: # However, you must set it for any further virtual host explicitly.
9:
10: ServerAdmin sdbrown67@googlemail.com
11: ServerName shentaichiacademy.co.uk
12: ServerAlias www.shentaichiacademy.co.uk
13:
14: ServerAdmin webmaster@localhost
15: DocumentRoot /home/manager/Websites/shen
16: WSGIScriptAlias / /home/manager/Websites/shen/shen/wsgi.py
17: WSGIDaemonProcess shentaichiacademy.co.uk python-path=/home/manager/Web$
18: WSGIProcessGroup shentaichiacademy.co.uk
So some how I need to change shentaichiacademy.co.uk in line 17 and 18 to shentaichiacademy.co.uk-ssl to get it to work as they need to be unique but certbot reverts everything back.