No vhost found http challenge

Hello,

I’m actually testing certbot on a test server (I’m a real noob with webserver in general) but when I run certbot I have the following error:

“Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.”

My domain is: apache.labo.jacquemin.eu

I ran this command: sudo /usr/local/bin/certbot-auto --apache

It produced this output:

Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): apache.labo.jacquemin.eu
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for apache.labo.jacquemin.eu
Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

My web server is (include version): httpd-2.4.37-12.

The operating system my web server runs on is (include version): CentOS Linux release 8.0.1905 (Core)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.40.1

My domaine is reachable (default apache page) on both http and https (self signed) the vhost is configured like this:

can someone help me ?

Thanks a lot,

Hervé Jacquemin

1 Like

What does this say?:
apachectl -S

Hi @hjacquemin

you need a minimal vHost configuration. So check your Apache documentation, there is a global config file with samples.

And add one -> restart -> apachectl -S should show the vHost.

I created the folders:

sites-available
sites-enable

Create the vhost file in folder sites-available with content:

<VirtualHost *:80>
ServerName apache.labo.jacquemin.eu
ServerAdmin herve@jacquemin.eu
DocumentRoot /var/www/apache.labo.jacquemin.eu/public_html
ErrorLog /var/www/apache.labo.jacquemin.eu/error.log
CustomLog /var/www/apache.labo.jacquemin.eu/requests.log combined

restart the server but nothing seems to work.

The apachectl -S command show nothing.

Enabling the config is required. See the standard Apache index page.

And it must be

sites-enabled.

There http://apache.labo.jacquemin.eu/ is your standard Apache page.

1 Like

Thanks to spot the mistake in the name !

yeah it’s working because it’s still the default vhost when you reach port 80 on the server.

By changing the folder name I have now an issue when restarting the service:

Dec 01 10:49:39 apache.labo.jacquemin.eu setroubleshoot[9009]: SELinux is preventing /usr/sbin/httpd from write access on the directory apache.labo.jacquemin.eu. For complete SELinux messages run: sealert ->
Dec 01 10:49:39 apache.labo.jacquemin.eu platform-python[9009]: SELinux is preventing /usr/sbin/httpd from write access on the directory apache.labo.jacquemin.eu.

***** Plugin httpd_write_content (92.2 confidence) suggests ***************

If you want to allow httpd to have write access on the apache.labo.jacquemin.eu directory
Then you need to change the label on ‘apache.labo.jacquemin.eu’
Do

semanage fcontext -a -t httpd_sys_rw_content_t ‘apache.labo.jacquemin.eu’

restorecon -v ‘apache.labo.jacquemin.eu’

***** Plugin catchall_boolean (7.83 confidence) suggests ******************

If you want to allow httpd to unified
Then you must tell SELinux about this by enabling the ‘httpd_unified’ boolean.

Do
setsebool -P httpd_unified 1
***** Plugin catchall (1.41 confidence) suggests **************************

If you believe that httpd should be allowed write access on the apache.labo.jacquemin.eu directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:

ausearch -c ‘httpd’ --raw | audit2allow -M my-httpd

semodule -X 300 -i my-httpd.pp

the second action proposed doesn’t work:

restorecon -v ‘apache.labo.jacquemin.eu’

2 Likes

I found another tuto with this selinux command and it seems to solve my issue !

sudo setsebool -P httpd_unified 1

Thanks for the help !

2 Likes