I have installed letsencrypt onto my Raspi 2 and from now my apache2 won’t work right till now.
i’ll get always with the order
root@WoW:/home/pi# /etc/init.d/apache2 start
[…] Starting web server: apache2Action ‘start’ failed.
The Apache error log may have more information.
failed!
root@WoW:/home/pi#
the log file says that:
[Fri Dec 25 11:39:40 2015] [notice] caught SIGTERM, shutting down
[Fri Dec 25 11:47:09 2015] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
my
nano /etc/apache2/sites-enabled/000-default
file includes this:
…VirtualHost *:80> // the > have to delete here
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
VirtualHost *:443> // the > have to delete here
DocumentRoot /var/www
ServerName https://xy.no-ip.biz
SSLEngine on
SSLCertificateFile /root/server.crt
SSLCertificateKeyFile /root/server.key
/VirtualHost> // the > have to delete here
I have some other files
/etc/apache2/sites-enabled/
here:
root@WoW:/home/pi# ls -l /etc/apache2/sites-enabled/
total 12
lrwxrwxrwx 1 root root 26 Jun 19 2015 000-default -> …/sites-available/default
-rw-r–r-- 1 root root 878 Jun 24 2015 000-default.save
-rw-r–r-- 1 root root 1118 Jun 24 2015 000-default.saveold
-rw-r–r-- 1 root root 351 Dec 25 11:34 GzeJ2e4m.htm
YOu need these defined and pointing to the correct files. Where are your certificate files ( it depends which client you used. The default letsencrypt-auto would put them in /etc/letsencrypt/live/
I have other files and not server.crt or server.key
pi@WoW ~ sudo ls -l /etc/letsencrypt/live/xy.no-ip.biz/
total 0
lrwxrwxrwx 1 root root 45 Dec 25 11:41 cert.pem -> ../../archive/xy.no-ip.biz/cert1.pem
lrwxrwxrwx 1 root root 46 Dec 25 11:41 chain.pem -> ../../archive/xy.no-ip.biz/chain1.pem
lrwxrwxrwx 1 root root 50 Dec 25 11:41 fullchain.pem -> ../../archive/xy.no-ip.biz/fullchain1.pem
lrwxrwxrwx 1 root root 48 Dec 25 11:41 privkey.pem -> ../../archive/xy.no-ip.biz/privkey1.pem
pi@WoW ~
Why?
Now I have to change the file under
sudo nano /etc/apache2/ports.conf
“Listen 443” to “Listen 443 http” under ssl_module
and the apache2 is starting normal with the order
pi@WoW ~ sudo /etc/init.d/apache2 start
[....] Starting web server: apache2httpd (pid 31347) already running
. ok
pi@WoW ~
The
sudo nano /var/log/apache2/error.log
says that:
[Fri Dec 25 17:25:05 2015] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Fri Dec 25 17:25:05 2015] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Fri Dec 25 17:25:05 2015] [notice] Apache/2.2.22 (Debian) PHP/5.4.45-0+deb7u2 mod_ssl/2.2.22 OpenSSL/1.0.1e configured – resuming normal operations
but I can’t see no info about that the certificat ist from letsencrypt I see only the info from my ssl certicat
pi@WoW ~ $ sudo /etc/init.d/apache2 start
[…] Starting web server: apache2Action ‘start’ failed.
The Apache error log may have more information.
failed!
pi@WoW ~ $
can you post (or put in pastebin) your complete /etc/apache2/sites-enabled/000-default file ( and a rough outline of other files you have in there that may conflict )
pi@WoW ~ $ sudo /etc/init.d/apache2 start
[…] Starting web server: apache2Action ‘start’ failed.
The Apache error log may have more information.
failed!
pi@WoW ~ $
Testing your config file on one of my servers - it worked perfectly. I’d suspect the error may be in one of the other apache config files you have. Hopefully the error log will give some clues.
Do you mean there are no other files in /etc/apache2/sites-available ?
The error log of;
verify locations for client authentication
Suggests that the path for the certs is wrong. Do the three files exist ?
/etc/letsencrypt/live/xy.no-ip.biz/cert.pem
/etc/letsencrypt/live/xy.no-ip.biz/privkey.pem
/etc/letsencrypt/live/xy.no-ip.biz/chain.pem
and what are the permissions of them ?
In live dir there are symbolic links to the last issued cert, key, etc. if you keep using archive in your apache conf, the next time you renew your cert, the name in archive will change to cert2.pem, privkey2.pem and so on. So you will need to edit again your apache conf to correct the right path to your cert, key., if you use the live dir, next time you renew your certs you will only need to reload apache, you won’t need to edit your apache conf.