LetsEncrypt installed properly but still get warning

Thanks Mike...... Should I create the virtual host in sites-available or sites-enable directory?

Where did you create the VirtualHost for scrap-heap.com?


Mike... Thanks again for your help. here are the 2 screen shots....

In sites-available.... created a scrap-heap.com.conf directory with the following code

1 Like

Wrong image..... sorry this one


Maybe I have to remove certbot-auto and any Certbot OS packages and reinstall cerbot. Not sure

That VirtualHost with the ServerAlias looks good. Did that not show two domain names when you re-ran Certbot?

And, yes, certbot-auto was deprecated some time ago


Ok...... correct 2 domains where not shown. Thanks I try a reinstall of cerbot. Appreciate all your help


Last question I promise..... reinstall worked. However now I get.....

You don't have permission to access this resource.

Apache/2.4.29 (Ubuntu) Server at www.scrap-heap.com Port 443

That is hardly ever true :slight_smile:

Do you have a .htaccess file in that DocumentRoot?


LOL.... So true.

Yes in: /etc/apache2/apache2.conf


What does your VirtualHost for the *:443 server look like?

Didn't this site work before? You have a history with certs. Just puzzled why you are having basic access trouble. The certs for both domain names seem fine.


I don't want to take up more of your time.
The 443 host is in my apach2/sites-enabled/scrap-heap.com-le-ssl.cong
Looks like this.....

Thanks for the effort. Cheers


Only if the two sites are going to serve different content.
If they are the "same" site, then just add an alias to the existing site and restart the web service.
And review the entire Apache config for name:port overlaps.
apachectl -t -D DUMP_VHOSTS

I don't think that made/makes any difference in this situation.

1 Like

Does your Apache ErrorLog have anything in it? Maybe it warns about missing DirectoryIndex file or something? I see 403 errors for an "empty" request but 404 for page requests like:


Thanks for reply. Certificates are installed properly. But I still get

Forbidden....You don't have permission to access this resource. Apache/2.4.29 (Ubuntu) Server at www.scrap-heap.com Port 443

Here is a screen shot of virtual hosts. Not sure why the error.

1 Like

Mike still making me nuts.... here is the virtual hosts

Looks like @rg305 idea to look for name/port overlaps was a good one.

You have two config files for port 443 server. Please show the contents of both of these:


When you post the contents here, please use copy/paste instead of image as much easier for us to work with. And, format output with 3 backticks before and after each file contents like this to format it nice. Thanks
contents file1
contents file2


[quote="MikeMcQ, post:19, topic:171790"]


<IfModule mod_ssl.c>
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

ServerName scrap-heap.com
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/scrap-heap.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/scrap-heap.com/privkey.pem


<VirtualHost *:443>
ServerName scrap-heap.com
ServerAlias www.scrap-heap.com
ServerAdmin webmaster@scrap-heap.com
DocumentRoot /var/www/scrap-heap.com/public_html

<Directory /var/www/scrap-heap.com/public_html>
    Options -Indexes +FollowSymLinks
    AllowOverride All

ErrorLog ${APACHE_LOG_DIR}/scrap-heap.com-error.log
CustomLog ${APACHE_LOG_DIR}/scrap-heap.com-access.log combined

SSLCertificateFile /etc/letsencrypt/live/scrap-heap.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/scrap-heap.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

Thank you kindly!!!!

1 Like