Problem with certificate renewal

malcolm1 · April 19, 2021, 5:00pm

Hi!

I am not sure where to start with this one? I don't usually post to forums preferring to figure the problem out from help online. However, having spent all day on this, I need your help please. Please read below for the outline overview of my problem domain.

My domain is:
webmail.f4g.tech

I ran this command:
sudo certbot certonly --apache -d webmail.f4g.tech --dry-run

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for webmail.f4g.tech
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. webmail.f4g.tech (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://webmail.f4g.tech/.well-known/acme-challenge/sTXtEJlY784o7_OaoE2CZRKxqeaRms3mlVh5y8kf5dQ [2a01:4f8:c0c:302a::2]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: webmail.f4g.tech
   Type:   unauthorized
   Detail: Invalid response from
   http://webmail.f4g.tech/.well-known/acme-challenge/sTXtEJlY784o7_OaoE2CZRKxqeaRms3mlVh5y8kf5dQ
   [2a01:4f8:c0c:302a::2]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

My web server is (include version):
Server version: Apache/2.4.18 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 16.04.3 LTS

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.31.0

Thanks for your time.
Malcolm

griffin · April 19, 2021, 5:20pm

Welcome to the Let's Encrypt Community, Malcolm

What is the output of this command?

sudo apachectl -S

Please put three backticks above and below the output, like this:

```
output
```

petercooperjr · April 19, 2021, 5:44pm

Do you have any kind of proxying in front of Apache, that might be what's keeping certbot from figuring out how to modify your Apache configuration to respond to the challenges? The reason I ask is that your server sends a header of Server: Bob's House which is kind of amusing and not what I'd expect for Apache. But if it's actually Apache answering but with some kind of modified Server header then that might not actually be related.

griffin · April 19, 2021, 5:54pm

I wondered the same thing, @petercooperjr. I just took it for a custom Server header.

malcolm1 · April 19, 2021, 5:55pm

Hi @petercooperjr . Haha! It is indeed a modified server header.

I might need to remove a recently added AAAA DNS record, which is referenced in the error. However, I must say, that the apache vh conf file specifies ipv4:
<VirtualHost 94.130.72.29:443>

Also, I notice this redirect in Roundcube .htaccess:
RewriteRule ^(?!installer|.well-known/|[a-zA-Z0-9]{16})(.?[^.]+) $ - [F]
I take this to mean .well-known is banned?

griffin · April 19, 2021, 5:56pm

I saw nothing wrong with your IPv6 (AAAA record) in my testing. As you indicate, I think something is amiss in your apache configuration. Hence the command I mentioned.

malcolm1 · April 19, 2021, 6:00pm

Hi @griffin , as per...

VirtualHost configuration:
[2a01:4f8:c0c:302a::2]:80 ip6.f4g.tech (/etc/apache2/sites-enabled/ip6.f4g.tech.conf:1)
94.130.72.29:80        is a NameVirtualHost
         default server trikaya.f4g.tech (/etc/apache2/sites-enabled/trikaya.f4g.tech-le-ssl.conf:2)
         port 80 namevhost trikaya.f4g.tech (/etc/apache2/sites-enabled/trikaya.f4g.tech-le-ssl.conf:2)
                 alias www.trikaya.f4g.tech
         port 80 namevhost webmail.f4g.tech (/etc/apache2/sites-enabled/webmail.f4g.tech-le-ssl.conf:1)
94.130.72.29:443       webmail.f4g.tech (/etc/apache2/sites-enabled/webmail.f4g.tech-le-ssl.conf:8)
*:443                  is a NameVirtualHost
         default server demo.f4g.tech (/etc/apache2/sites-enabled/demo.f4g.tech-le-ssl.conf:2)
         port 443 namevhost demo.f4g.tech (/etc/apache2/sites-enabled/demo.f4g.tech-le-ssl.conf:2)
         port 443 namevhost f4g.tech (/etc/apache2/sites-enabled/f4g-le-ssl.conf:11)
                 alias www.f4g.tech
         port 443 namevhost groundsourcesolutions.co.uk (/etc/apache2/sites-enabled/groundss.co.uk-ssl.conf:1)
                 alias www.groundsourcesolutions.co.uk
         port 443 namevhost cloud.f4g.tech (/etc/apache2/sites-enabled/nextcloud2-le-ssl.conf:2)
         port 443 namevhost trikaya.f4g.tech (/etc/apache2/sites-enabled/trikaya.f4g.tech-le-ssl.conf:14)
                 alias www.trikaya.f4g.tech
         port 443 namevhost waterseekers.co.uk (/etc/apache2/sites-enabled/waterseekers.co.uk-le-ssl.conf:2)
                 alias www.waterseekers.co.uk
*:80                   is a NameVirtualHost
         default server bob.f4g.tech (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost bob.f4g.tech (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost 100.f4g.tech (/etc/apache2/sites-enabled/100.f4g.tech.conf:1)
         port 80 namevhost avatar.net (/etc/apache2/sites-enabled/avatar.net.conf:1)
                 alias www.avatar.net
         port 80 namevhost demo.f4g.tech (/etc/apache2/sites-enabled/demo.f4g.tech.conf:2)
         port 80 namevhost f4g.tech (/etc/apache2/sites-enabled/f4g-le-ssl.conf:3)
                 alias www.f4g.tech
         port 80 namevhost groundsourcesolutions.co.uk (/etc/apache2/sites-enabled/groundsourcesolutions.co.uk.conf:1)
                 alias www.groundsourcesolutions.co.uk
         port 80 namevhost ip6.f4g.tech (/etc/apache2/sites-enabled/ip6.f4g.tech.conf:19)
                 alias ip6.f4g.tech
         port 80 namevhost manchesterroadsurgery.org.uk (/etc/apache2/sites-enabled/manchesterroadsurgery.org.uk.conf:2)
                 alias www.manchesterroadsurgery.org.uk
         port 80 namevhost cloud.f4g.tech (/etc/apache2/sites-enabled/nextcloud2.conf:1)
         port 80 namevhost numerology.f4g.tech (/etc/apache2/sites-enabled/numerology.f4g.tech.conf:1)
                 alias www.numerology.f4g.tech
         port 80 namevhost map.waterseekers.co.uk (/etc/apache2/sites-enabled/waterseekers-map.co.uk.conf:1)
                 alias borehole-map.waterseekers.co.uk
         port 80 namevhost waterseekers.co.uk (/etc/apache2/sites-enabled/waterseekers.co.uk.conf:3)
                 alias www.waterseekers.co.uk
         port 80 namevhost waterwelldrilling.waterseekers.co.uk (/etc/apache2/sites-enabled/waterwelldrilling.conf:2)
         port 80 namevhost web.f4g.tech (/etc/apache2/sites-enabled/web.f4g.tech.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: MODSEC_2.5
Define: MODSEC_2.9
Define: ENABLE_USR_LIB_CGI_BIN
Define: F4G=/var/www/f4g.tech/
User: name="www-data" id=33
Group: name="www-data" id=33

griffin · April 19, 2021, 6:02pm

This is what's responding on IPv6 for webmail.f4g.tech.

griffin · April 19, 2021, 6:06pm

I think there's probably more in there to address, but let's start with the problem at hand...

What are the contents of these files?

/etc/apache2/sites-enabled/ip6.f4g.tech.conf
/etc/apache2/sites-enabled/webmail.f4g.tech-le-ssl.conf

What are the outputs of these commands?

sudo ls -lRa /etc/apache2/sites-available
sudo ls -lRa /etc/apache2/sites-enabled

Please put three backticks above and below each content and output, like this:

```
content/output
```

malcolm1 · April 19, 2021, 6:14pm

ip6.f4g.tech.conf

<VirtualHost [2a01:4f8:c0c:302a::2]:80>
#<VirtualHost *:80>

   ServerName ip6.f4g.tech
   ServerAlias ip6.f4g.tech

   DocumentRoot /var/www/ip6.f4g.tech/htdocs
#  Alias /bkup /root/bin/backup

   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined

#  PHPINIDir  /var/www/repo.f4g.tech/php


</VirtualHost>


<VirtualHost *:80>

   ServerName ip6.f4g.tech
   ServerAlias ip6.f4g.tech

   DocumentRoot /var/www/ip6.f4g.tech/htdocs

   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined



</VirtualHost>

webmail.f4g.tech-le-ssl.conf

<VirtualHost 94.130.72.29:80>
   ServerName webmail.f4g.tech
   Redirect permanent / https://webmail.f4g.tech
</VirtualHost>

<IfModule mod_ssl.c>

<VirtualHost 94.130.72.29:443>
ServerName webmail.f4g.tech
DocumentRoot /var/www/_apps/roundcubemail-1.3.4
ServerAdmin admin@f4g.tech

ErrorLog ${APACHE_LOG_DIR}/roundcube-error.log
CustomLog ${APACHE_LOG_DIR}/roundcube-access.log combined

SSLCertificateFile /etc/letsencrypt/live/webmail.f4g.tech/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/webmail.f4g.tech/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>


<Directory /var/www/_apps/roundcubemail-1.3.4>
#DirectoryIndex index.php
#Options +FollowSymLinks
AllowOverride All
#Require all granted

</Directory>



</IfModule>

Enabled:

lrwxrwxrwx 1 root root   35 Jun  7  2017 000-default.conf -> ../sites-available/000-default.conf
lrwxrwxrwx 1 root root   36 Mar 13 23:15 100.f4g.tech.conf -> ../sites-available/100.f4g.tech.conf
lrwxrwxrwx 1 root root   34 May 31  2019 avatar.net.conf -> ../sites-available/avatar.net.conf
lrwxrwxrwx 1 root root   37 Apr 19 16:59 demo.f4g.tech.conf -> ../sites-available/demo.f4g.tech.conf
lrwxrwxrwx 1 root root   44 Apr 19 16:59 demo.f4g.tech-le-ssl.conf -> ../sites-available/demo.f4g.tech-le-ssl.conf
lrwxrwxrwx 1 root root   34 Apr 19 16:58 f4g-le-ssl.conf -> ../sites-available/f4g-le-ssl.conf
lrwxrwxrwx 1 root root   51 Jun 27  2020 groundsourcesolutions.co.uk.conf -> ../sites-available/groundsourcesolutions.co.uk.conf
-rw-r--r-- 1 root root  792 Sep 24  2020 groundsourcesolutions.co.uk.conf.bkup
lrwxrwxrwx 1 root root   42 Oct  7  2020 groundss.co.uk-ssl.conf -> ../sites-available/groundss.co.uk-ssl.conf
lrwxrwxrwx 1 root root   36 Aug 26  2017 ip6.f4g.tech.conf -> ../sites-available/ip6.f4g.tech.conf
lrwxrwxrwx 1 root root   52 Aug 17  2017 manchesterroadsurgery.org.uk.conf -> ../sites-available/manchesterroadsurgery.org.uk.conf
lrwxrwxrwx 1 root root   34 May 29  2020 mytest.com.conf -> ../sites-available/mytest.com.conf
lrwxrwxrwx 1 root root   34 Nov 20  2017 nextcloud2.conf -> ../sites-available/nextcloud2.conf
lrwxrwxrwx 1 root root   51 Jan 29 03:49 nextcloud2-le-ssl.conf -> /etc/apache2/sites-available/nextcloud2-le-ssl.conf
lrwxrwxrwx 1 root root   43 Feb 16  2020 numerology.f4g.tech.conf -> ../sites-available/numerology.f4g.tech.conf
lrwxrwxrwx 1 root root   57 Mar 20  2020 trikaya.f4g.tech-le-ssl.conf -> /etc/apache2/sites-available/trikaya.f4g.tech-le-ssl.conf
lrwxrwxrwx 1 root root   42 Aug 17  2017 waterseekers.co.uk.conf -> ../sites-available/waterseekers.co.uk.conf
lrwxrwxrwx 1 root root   59 Mar 21  2020 waterseekers.co.uk-le-ssl.conf -> /etc/apache2/sites-available/waterseekers.co.uk-le-ssl.conf
lrwxrwxrwx 1 root root   46 Jan 11  2019 waterseekers-map.co.uk.conf -> ../sites-available/waterseekers-map.co.uk.conf
lrwxrwxrwx 1 root root   41 Aug 17  2017 waterwelldrilling.conf -> ../sites-available/waterwelldrilling.conf
lrwxrwxrwx 1 root root   36 Apr 22  2020 web.f4g.tech.conf -> ../sites-available/web.f4g.tech.conf
lrwxrwxrwx 1 root root   47 Jan 30 20:52 webmail.f4g.tech-le-ssl.conf -> ../sites-available/webmail.f4g.tech-le-ssl.conf

Available

-rw-r--r-- 1 root root      1434 Nov 20  2017 000-default.conf
-rw-r--r-- 1 root root      1332 Jun  7  2017 000-default.conf.bak
-rw-r--r-- 1 root root      2418 Feb 12 23:13 100.f4g.tech.conf
-rw-r--r-- 1 root root       653 May 31  2019 avatar.net.conf
-rw-r--r-- 1 root root      6460 Jun  7  2017 default-ssl.conf
-rw-r--r-- 1 root root      6338 Jun  7  2017 default-ssl.conf.bak
-rw-r--r-- 1 root root       868 Mar 17  2020 demo.f4g.tech.conf
-rw-r--r-- 1 root root       895 Mar 17  2020 demo.f4g.tech-le-ssl.conf
-rw-r--r-- 1 root root       714 Jun 27  2020 dev10.f4g.tech.conf
-rw-r--r-- 1 root root       531 Mar 17  2020 f4g.conf
-rw-r--r-- 1 root root       552 Mar 17  2020 f4g-ip6.conf
-rw-r--r-- 1 root root       878 Feb  2 20:36 f4g-le-ssl.conf
-rw-r--r-- 1 root root      1506 Aug 16  2017 go2.nobug.uk.conf
-rw-r--r-- 1 root root      1451 Mar  9  2018 go.nobug.uk.conf
-rw-r--r-- 1 root root       794 Jan 25 19:07 groundsourcesolutions.co.uk.conf
-rw-r--r-- 1 root root       514 Apr 19 16:50 groundss.co.uk-ssl.conf
-rw-r--r-- 1 root root       559 Feb 17 19:25 ip6.f4g.tech.conf
-rw-r--r-- 1 root root       801 Aug 17  2017 manchesterroadsurgery.org.uk.conf
-rw-r--r-- 1 root root       490 Feb 13  2018 media.energyenhancement.org.conf
-rw-r--r-- 1 root root      1760 Jan 29 03:49 nextcloud2.conf
-rw-r--r-- 1 root root      1959 Jan 29 03:49 nextcloud2-le-ssl.conf
-rw-r--r-- 1 root root      1620 Jun 21  2018 nodejs1.nobug.uk.conf
-rw-r--r-- 1 root root      1496 Feb 16  2020 numerology.f4g.tech.conf
-rw-r--r-- 1 root root       725 Oct 27  2017 rygan.co.uk.conf
-rw-r--r-- 1 root root      1445 Apr 26  2020 too.f4g.tech.conf
-rw-r--r-- 1 root root       664 May  8  2018 trikaya.es.conf
-rw-r--r-- 1 root root       865 Mar 20  2020 trikaya.f4g.tech.conf
-rw-r--r-- 1 root root      1268 Feb 17 19:31 trikaya.f4g.tech-le-ssl.conf
-rw-r--r-- 1 root root      1230 Mar 21  2020 waterseekers.co.uk.conf
-rw-r--r-- 1 root root      2395 Apr 13  2020 waterseekers.co.uk-le-ssl.conf
-rw-r--r-- 1 root root     12288 Apr 12  2020 .waterseekers.co.uk-le-ssl.conf.swp
-rw-r--r-- 1 root root       959 Jan 12  2019 waterseekers-map.co.uk.conf
-rw-r--r-- 1 root root      5311 Aug 17  2017 waterwelldrilling.conf
-rw-r--r-- 1 root root      1445 Apr 22  2020 web.f4g.tech.conf
-rw-r--r-- 1 root root       377 Mar  2  2018 webmail.f4g.tech.conf
-rw-r--r-- 1 root root       762 Apr 19 17:37 webmail.f4g.tech-le-ssl.conf
-rw-r--r-- 1 root root      2418 Sep  4  2019 what.nobug.uk.conf

griffin · April 19, 2021, 6:17pm

Thanks for that.

It's as I suspected. All of the port 80 named vhost configurations have been disabled, so apache has no idea which vhost to use at times. Let's fix one as a sample.

What are the contents of this file?

/etc/apache2/sites-available/webmail.f4g.tech.conf

malcolm1 · April 19, 2021, 6:19pm

<VirtualHost *:80>
  ServerName webmail.f4g.tech
  DocumentRoot /var/www/roundcube
  ServerAdmin admin@f4g.tech

  ErrorLog ${APACHE_LOG_DIR}/roundcube-error.log
  CustomLog ${APACHE_LOG_DIR}/roundcube-access.log combined

  <Directory /var/www/roundcube>
      Options -Indexes
      AllowOverride All
      Order allow,deny
      allow from all
  </Directory>
</VirtualHost>

griffin · April 19, 2021, 6:34pm

So, let's do this...

sudo a2dissite webmail.f4g.tech-le-ssl.conf

sudo mkdir /etc/apache2/sites-available/backup

sudo cp /etc/apache2/sites-available/webmail.f4g.tech.conf backup

sudo mv /etc/apache2/sites-available/webmail.f4g.tech-le-ssl.conf backup

Then edit /etc/apache2/sites-available/webmail.f4g.tech.conf with a text editor to make it:

<VirtualHost *:80>
ServerAdmin admin@f4g.tech
ServerName webmail.f4g.tech
DocumentRoot /var/www/_apps/roundcubemail-1.3.4

ErrorLog ${APACHE_LOG_DIR}/roundcube-error.log
CustomLog ${APACHE_LOG_DIR}/roundcube-access.log combined
</VirtualHost>

sudo a2ensite webmail.f4g.tech.conf

sudo apachectl -k graceful

At this point, webmail.f4g.tech should respond correctly via http over port 80.

sudo certbot certonly --apache -d "webmail.f4g.tech" --dry-run

If that succeeds, then...

sudo certbot --apache -d "webmail.f4g.tech" --keep

At this point, webmail.f4g.tech should be redirected from http to https over port 80 and should respond correctly via https over port 443.

malcolm1 · April 19, 2021, 6:43pm

OK, does it matter that http webmail now displays web content of ip6.f4g.tech?

Thanks

griffin · April 19, 2021, 6:45pm

It shouldn't after enabling the new webmail.f4g.tech.conf (unless they point to the same webroot folder, in which case it's expected, but I doubt it will happen).

malcolm1 · April 19, 2021, 6:52pm

Well, before I run certbot...

ip6.f4g points to a directory which exists, has html file in it and is different to webmail conf.

webmail.f4g.tech now displays content from this path given in below doc root:

<VirtualHost [2a01:4f8:c0c:302a::2]:80>
#<VirtualHost *:80>

   ServerName ip6.f4g.tech
   ServerAlias ip6.f4g.tech

   DocumentRoot /var/www/ip6.f4g.tech/htdocs
#  Alias /bkup /root/bin/backup

   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined

#  PHPINIDir  /var/www/repo.f4g.tech/php


</VirtualHost>


<VirtualHost *:80>

   ServerName ip6.f4g.tech
   ServerAlias ip6.f4g.tech

   DocumentRoot /var/www/ip6.f4g.tech/htdocs

   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined



</VirtualHost>

griffin · April 19, 2021, 6:55pm

This is after running all those commands?

If so, what is the current output of this command?

sudo apachectl -S

malcolm1 · April 19, 2021, 6:58pm

Yes, I ran up to and including apache -k graceful.

VirtualHost configuration:
[2a01:4f8:c0c:302a::2]:80 ip6.f4g.tech (/etc/apache2/sites-enabled/ip6.f4g.tech.conf:1)
94.130.72.29:80        trikaya.f4g.tech (/etc/apache2/sites-enabled/trikaya.f4g.tech-le-ssl.conf:2)
*:443                  is a NameVirtualHost
         default server demo.f4g.tech (/etc/apache2/sites-enabled/demo.f4g.tech-le-ssl.conf:2)
         port 443 namevhost demo.f4g.tech (/etc/apache2/sites-enabled/demo.f4g.tech-le-ssl.conf:2)
         port 443 namevhost f4g.tech (/etc/apache2/sites-enabled/f4g-le-ssl.conf:11)
                 alias www.f4g.tech
         port 443 namevhost groundsourcesolutions.co.uk (/etc/apache2/sites-enabled/groundss.co.uk-ssl.conf:1)
                 alias www.groundsourcesolutions.co.uk
         port 443 namevhost cloud.f4g.tech (/etc/apache2/sites-enabled/nextcloud2-le-ssl.conf:2)
         port 443 namevhost trikaya.f4g.tech (/etc/apache2/sites-enabled/trikaya.f4g.tech-le-ssl.conf:14)
                 alias www.trikaya.f4g.tech
         port 443 namevhost waterseekers.co.uk (/etc/apache2/sites-enabled/waterseekers.co.uk-le-ssl.conf:2)
                 alias www.waterseekers.co.uk
*:80                   is a NameVirtualHost
         default server bob.f4g.tech (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost bob.f4g.tech (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost 100.f4g.tech (/etc/apache2/sites-enabled/100.f4g.tech.conf:1)
         port 80 namevhost avatar.net (/etc/apache2/sites-enabled/avatar.net.conf:1)
                 alias www.avatar.net
         port 80 namevhost demo.f4g.tech (/etc/apache2/sites-enabled/demo.f4g.tech.conf:2)
         port 80 namevhost f4g.tech (/etc/apache2/sites-enabled/f4g-le-ssl.conf:3)
                 alias www.f4g.tech
         port 80 namevhost groundsourcesolutions.co.uk (/etc/apache2/sites-enabled/groundsourcesolutions.co.uk.conf:1)
                 alias www.groundsourcesolutions.co.uk
         port 80 namevhost ip6.f4g.tech (/etc/apache2/sites-enabled/ip6.f4g.tech.conf:19)
                 alias ip6.f4g.tech
         port 80 namevhost manchesterroadsurgery.org.uk (/etc/apache2/sites-enabled/manchesterroadsurgery.org.uk.conf:2)
                 alias www.manchesterroadsurgery.org.uk
         port 80 namevhost cloud.f4g.tech (/etc/apache2/sites-enabled/nextcloud2.conf:1)
         port 80 namevhost numerology.f4g.tech (/etc/apache2/sites-enabled/numerology.f4g.tech.conf:1)
                 alias www.numerology.f4g.tech
         port 80 namevhost map.waterseekers.co.uk (/etc/apache2/sites-enabled/waterseekers-map.co.uk.conf:1)
                 alias borehole-map.waterseekers.co.uk
         port 80 namevhost waterseekers.co.uk (/etc/apache2/sites-enabled/waterseekers.co.uk.conf:3)
                 alias www.waterseekers.co.uk
         port 80 namevhost waterwelldrilling.waterseekers.co.uk (/etc/apache2/sites-enabled/waterwelldrilling.conf:2)
         port 80 namevhost web.f4g.tech (/etc/apache2/sites-enabled/web.f4g.tech.conf:1)
         port 80 namevhost webmail.f4g.tech (/etc/apache2/sites-enabled/webmail.f4g.tech.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: MODSEC_2.5
Define: MODSEC_2.9
Define: ENABLE_USR_LIB_CGI_BIN
Define: F4G=/var/www/f4g.tech/
User: name="www-data" id=33
Group: name="www-data" id=33

griffin · April 19, 2021, 6:58pm

The original http document root for webmail.f4g.tech was this:

/var/www/roundcube

The https document root for webmail.f4g.tech shows as this:

/var/www/_apps/roundcubemail-1.3.4

griffin · April 19, 2021, 7:01pm

Does this command succeed now though?

sudo certbot certonly --apache -d "webmail.f4g.tech" --dry-run