PluginError: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: sypa-hd.dd-dns.de

I ran this command: certbot certonly --apache or sudo certbot --apache

It produced this output: $ certbot certonly --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): sypa-hd.dd-dns.de
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for sypa-hd.dd-dns.de
Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

My web server is (include version): Apache/2.4.46 (codeit) OpenSSL/1.1.1g mod_fcgid/2.3.9 PHP/7.3.21 mod_perl/2.0.11 Perl/v5.16.3

The operating system my web server runs on is (include version): CentOS Linux release 7.8.2003 (Core)

My hosting provider, if applicable, is: on premise

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):osticket

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 1.6.0

Here is the log file
cat /var/log/letsencrypt/letsencrypt.log
2020-08-19 12:23:28,037:DEBUG:certbot._internal.main:certbot version: 1.6.0
2020-08-19 12:23:28,037:DEBUG:certbot._internal.main:Arguments: [’–apache’]
2020-08-19 12:23:28,037:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPont#standalone,PluginEntryPoint#webroot)
2020-08-19 12:23:28,066:DEBUG:certbot._internal.log:Root logging level set at 20
2020-08-19 12:23:28,066:INFO:certbot._internal.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2020-08-19 12:23:28,069:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2020-08-19 12:23:28,237:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.46
2020-08-19 12:23:28,750:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7fb061395190>
Prep: True
2020-08-19 12:23:28,751:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: IAuthenticator, IInstaller, IPlugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7fb061395190>
Prep: True
2020-08-19 12:23:28,751:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7fb06139510> and installer <certbot_apache._internal.override_centos.CentOSConfigurator object at 0x7fb061395190>
2020-08-19 12:23:28,751:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2020-08-19 12:23:28,789:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(status=None, terms_of_service_agreed=None, agreement=Noe, only_return_existing=None, contact=(), key=None, external_account_binding=None), uri=u’https://acme-v02.api.letsencrypt.org/acme/acct/94167802’, new_authzr_uri=None, ters_of_service=None), 03c55d48d32971a2a0b9b2a05550ff6d, Meta(creation_host=u’intra.sypa.corp’, register_to_eff=u’verreyt@systempartners.ch’, creation_dt=datetime.datetime(202, 8, 17, 13, 21, 5, tzinfo=)))>
2020-08-19 12:23:28,791:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-08-19 12:23:28,800:INFO:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
2020-08-19 12:23:29,458:DEBUG:urllib3.connectionpool:“GET /directory HTTP/1.1” 200 658
2020-08-19 12:23:29,459:DEBUG:acme.client:Received response:
HTTP 200
content-length: 658
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
cache-control: public, max-age=0, no-cache
date: Wed, 19 Aug 2020 10:23:25 GMT
x-frame-options: DENY
content-type: application/json

{
“OwtUYTE5uGo”: “Adding random entries to the directory”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
letsencrypt.org
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert
}
2020-08-19 12:23:48,430:INFO:certbot._internal.main:Obtaining a new certificate
2020-08-19 12:23:48,532:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0020_key-certbot.pem
2020-08-19 12:23:48,536:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0020_csr-certbot.pem
2020-08-19 12:23:48,537:DEBUG:acme.client:Requesting fresh nonce
2020-08-19 12:23:48,537:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2020-08-19 12:23:48,700:DEBUG:urllib3.connectionpool:“HEAD /acme/new-nonce HTTP/1.1” 200 0
2020-08-19 12:23:48,701:DEBUG:acme.client:Received response:
HTTP 200
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
cache-control: public, max-age=0, no-cache
date: Wed, 19 Aug 2020 10:23:44 GMT
x-frame-options: DENY
replay-nonce: 0001LhZYbn_fZDnBnKvhCSls9bLtVNIvDyTUkNG4hT1pSVg

2020-08-19 12:23:48,701:DEBUG:acme.client:Storing nonce: 0001LhZYbn_fZDnBnKvhCSls9bLtVNIvDyTUkNG4hT1pSVg
2020-08-19 12:23:48,702:DEBUG:acme.client:JWS payload:
{
“identifiers”: [
{
“type”: “dns”,
“value”: “sypa-hd.dd-dns.de
}
]
}
2020-08-19 12:23:48,705:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJub25jZSI6ICIwMDAxTGhaWWJuX2ZaRG5Cbkt2aENTbHM5Ykx0Vk5JdkR5VFVrTkc0aFQxcFNWZyIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvbmV3LW9yGVyIiwgImtpZCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0Lzk0MTY3ODAyIiwgImFsZyI6ICJSUzI1NiJ9”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwgCiAgICAgICJ2YWx1ZSI6ICJzeXBhLWhkLmRkLWRucy5kZSIKICAgIH0KICBdCn0”,
“signature”: “anLKHJBsYxm4vjsw9EruJqHFuIQN19y89d1qcE9SeWj95VIZ_TDzBp8C58VrdW4V2lZm9s9evbkldHZAQQoNl0jEQNUPNBPVatlLsvE_wrgbUsIUB0VKcU5fwssPpLhUlJnxZ9zG1aRtXW1xIJc9XhA7I63tolWBsOPydMkT2G8yjbRU-AOUzKbRKVKxG0uh6vUQ7rXZSFUzR1UEbUkRpkXsNeApRTR2fj7lxx-6jjH6eQX_Bjve6ZFFlxRcKUrqYfE6wlc2lSz2REw7-R3zFxEvr7bEnaH0MamXbSfN6ytr2XJEtWTlNXztC7AXQ_lB4ae0euaZyn4HFluCwMTQ”
}
2020-08-19 12:23:50,496:DEBUG:urllib3.connectionpool:“POST /acme/new-order HTTP/1.1” 201 337
2020-08-19 12:23:50,497:DEBUG:acme.client:Received response:
HTTP 201
content-length: 337
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
location: https://acme-v02.api.letsencrypt.org/acme/order/94167802/4760703572
boulder-requester: 94167802
date: Wed, 19 Aug 2020 10:23:46 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0002XZRJceLooUAD46nyAsyFW2JHcwwweHNhw07aJ8-MgHE

{
“status”: “pending”,
“expires”: “2020-08-26T09:40:48Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “sypa-hd.dd-dns.de
}
],
“authorizations”: [
https://acme-v02.api.letsencrypt.org/acme/authz-v3/6635227828
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/94167802/4760703572
}
2020-08-19 12:23:50,497:DEBUG:acme.client:Storing nonce: 0002XZRJceLooUAD46nyAsyFW2JHcwwweHNhw07aJ8-MgHE
2020-08-19 12:23:50,498:DEBUG:acme.client:JWS payload:

2020-08-19 12:23:50,501:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/6635227828:
{
“protected”: “eyJub25jZSI6ICIwMDAyWFpSSmNlTG9vVUFENDZueUFzeUZXMkpIY3d3d2VITmh3MDdhSjgtTWdIRSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYXV0aHotjMvNjYzNTIyNzgyOCIsICJraWQiOiAiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC85NDE2NzgwMiIsICJhbGciOiAiUlMyNTYifQ”,
“payload”: “”,
“signature”: “UdoggGAmSzAHBS7AprLkgBMFNXVd-0o47TgR7I39oPoG2R8tsw02zihu5ogESniTTNtz5keU8rz9-EaWGgEx16vq7BTdU-tdEVYcdt3oKMtHAaS6uNTk7Vt3gld9Cheq8VfxE3uqR_m0UTA5T7vf9wWhouSYVEAIYkWelL1158FmCTxkbaVw_ns2nwwYt2XwOuSD9NJTq06UFmx_BgUb43jz01nMCSE2NJPtspi_SD8h9XUPQoyR6Qse2ocuyUiuj0RXhxpFuuT3Ar4zct89QRQaYUONcIktX9H618Ftzf7zO-QIuPhTilGwnRHKTvLBb45WMK8fqKPhfz8qjjTA”
}
2020-08-19 12:23:50,780:DEBUG:urllib3.connectionpool:“POST /acme/authz-v3/6635227828 HTTP/1.1” 200 795
2020-08-19 12:23:50,780:DEBUG:acme.client:Received response:
HTTP 200
content-length: 795
cache-control: public, max-age=0, no-cache
strict-transport-security: max-age=604800
server: nginx
connection: keep-alive
link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
boulder-requester: 94167802
date: Wed, 19 Aug 2020 10:23:46 GMT
x-frame-options: DENY
content-type: application/json
replay-nonce: 0002kFzSB9PQZacvX5QiNpHCcQhl2vqEQa6UdbglZ5UeYB8

{
“identifier”: {
“type”: “dns”,
“value”: “sypa-hd.dd-dns.de
},
“status”: “pending”,
“expires”: “2020-08-26T09:40:48Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6635227828/6Zzc9A”,
“token”: “-dbP01MsqYkftb2ex1wGctSdGhQZiDZcrwGz9UCpXeI”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6635227828/p1CqTw”,
“token”: “-dbP01MsqYkftb2ex1wGctSdGhQZiDZcrwGz9UCpXeI”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/6635227828/cX78Qg”,
“token”: “-dbP01MsqYkftb2ex1wGctSdGhQZiDZcrwGz9UCpXeI”
}
]
}
2020-08-19 12:23:50,781:DEBUG:acme.client:Storing nonce: 0002kFzSB9PQZacvX5QiNpHCcQhl2vqEQa6UdbglZ5UeYB8
2020-08-19 12:23:50,782:INFO:certbot._internal.auth_handler:Performing the following challenges:
2020-08-19 12:23:50,782:INFO:certbot._internal.auth_handler:http-01 challenge for sypa-hd.dd-dns.de
2020-08-19 12:23:50,869:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File “/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 70, in handle_authorizations
resps = self.auth.perform(achalls)
File “/usr/lib/python2.7/site-packages/certbot_apache/_internal/configurator.py”, line 2511, in perform
http_response = http_doer.perform()
File “/usr/lib/python2.7/site-packages/certbot_apache/_internal/http_01.py”, line 76, in perform
self._mod_config()
File “/usr/lib/python2.7/site-packages/certbot_apache/_internal/http_01.py”, line 111, in _mod_config
for vh in self._relevant_vhosts():
File “/usr/lib/python2.7/site-packages/certbot_apache/_internal/http_01.py”, line 166, in _relevant_vhosts
" {0}.".format(http01_port))
PluginError: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual ost for port 80.

2020-08-19 12:23:50,869:DEBUG:certbot._internal.error_handler:Calling registered functions
2020-08-19 12:23:50,869:INFO:certbot._internal.auth_handler:Cleaning up challenges
2020-08-19 12:23:51,776:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 9, in
load_entry_point(‘certbot==1.6.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python2.7/site-packages/certbot/main.py”, line 15, in main
return internal_main.main(cli_args)
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1353, in main
return config.func(config, plugins)
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 1237, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “/usr/lib/python2.7/site-packages/certbot/_internal/main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “/usr/lib/python2.7/site-packages/certbot/_internal/client.py”, line 418, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “/usr/lib/python2.7/site-packages/certbot/_internal/client.py”, line 351, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python2.7/site-packages/certbot/_internal/client.py”, line 398, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “/usr/lib/python2.7/site-packages/certbot/_internal/auth_handler.py”, line 70, in handle_authorizations
resps = self.auth.perform(achalls)
File “/usr/lib/python2.7/site-packages/certbot_apache/_internal/configurator.py”, line 2511, in perform
http_response = http_doer.perform()
File “/usr/lib/python2.7/site-packages/certbot_apache/_internal/http_01.py”, line 76, in perform
self._mod_config()
File “/usr/lib/python2.7/site-packages/certbot_apache/_internal/http_01.py”, line 111, in _mod_config
for vh in self._relevant_vhosts():
File “/usr/lib/python2.7/site-packages/certbot_apache/_internal/http_01.py”, line 166, in _relevant_vhosts
" {0}.".format(http01_port))
PluginError: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual ost for port 80.
2020-08-19 12:23:51,778:ERROR:certbot._internal.log:Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you conrol your domain. Please add a virtual host for port 80.

1 Like

What’s the output of this:

sudo httpd -t -D DUMP_VHOSTS
1 Like

$ httpd -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443 sypa-hd.dd-dns.de (/etc/httpd/conf.d/ssl.conf:58)

1 Like

For Certbot’s Apache plugin to be able to configure your webserver, it needs to see a port 80 virtualhost to secure. You don’t have one.

I think this is a somewhat common problem with CentOS (for some reason).

It’s not too hard to make a basic one. Create this file and save it as /etc/httpd/conf.d/sypa-hd.dd-dns.de.conf:

<VirtualHost *:80>
        ServerName sypa-hd.dd-dns.de
        Redirect / https://sypa-hd.dd-dns.de/
</VirtualHost>

Then try Certbot again.

3 Likes

Cool you save my life. It’s working well

Many thanks for your help

3 Likes