Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:
I created duplicate website (used latest Ubuntu upgrade 20.04. - old website was Ubuntu 16.04)
Copied html folder contents to new website
Copied etc/letsencrypt folder over to new website (same webserver provider. It was just a huge upgrade).
Installed Certbot using snap for Ubuntu 20.04
Copied cron.d over from old website to new.
Tested contents of new website for functionality
Changed DNS to point to new IP Address
I have restarted the server.
Certbot dry run is successful
DNS is pointing to the new IP Address
Cleared browser cache (as cached old website was showing up with no css, so wanted to be sure of what I was actually seeing)
Created VirtualHost record because I forgot to copy it from old website used this example for IPv6 core - Apache HTTP Server Version 2.4
Able to connect to HTTP
Not able to connect to HTTPS
I tried with ufw enabled and disabled
ufw was allowing port 80 and port 443 and Apache Full
It produced this output: Unable to connect to server message when entering https url for website, but http works.
My web server is (include version): Apache2
The operating system my web server runs on is (include version): Ubuntu 20.04 LTS
My hosting provider, if applicable, is: Digital Ocean
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Certbot 1.18.0
Well, yes, it seems that in your creating a duplicate website, you overlooked the Apache directory.
Do you still have access to the old website?
If so, you should also copy the contents of the Apache directory: /etc/apache2
If not, then you might be better off using the certbot install feature to have it create the TLS secured vhost config.
Thanks very much. I have managed to solve this, thanks for all the help.
In case this helps someone in the future, when migrating a website in order to upgrade and keep an existing ssl certificate, not only do you need to copy /etc/letsencrypt, but /etc/apache2 is needed also.
I thankfully had another website that I was able to retrieve the /etc/apache2 info and then just change the relevant info. It turns out that the reason port 443 was not listening was an invalid virtual host for 443. There was info in the mods-enabled and/or mods-available folders that I did not have, since I was concentrating on the virtual host 80 and virtual host 443 files. The virtual host 443 must have had an invalid command due to one or more mods that were not there.
So, as you mentioned above, it is important to also copy /etc/apache2!
One more thing: To the person reading this thread in the future who also does not understand virtual host settings for letsencrypt and did not save the entire /etc/apache2 and /etc/letsencrypt ......... please don't copy my incorrect virtual host for port 80 and 443 above. The virtual host code also relies on files in other folders including the mods-available/mods-enabled (even though those "appeared" to be irrelevant) they now make much more sense. So, copying virtual host info without all the pieces that go with it, won't necessarily help. (You need everything in that /etc/Apache2 folder) It was a time consuming lesson I learnt but now know a little more about letsencrypt and port 443. Thanks!!
Hope this saves someone else some pain in the future.
It really is a very simple and straightforward job if only you save the needed files. Thanks again to @rg305 and @rip.
