Seems like domain is pointing to wrong machine to get my certificates when using SSL

There is, but noting like sitesenabled in there either.

There should be an “include” or “includeoptional” line in the main httpd.conf file.
It would define the files that are to be included.

Yes, I have:

Secure (SSL/TLS) connections

Include /usr/local/etc/httpd/extra/httpd-ssl.conf

Include /usr/local/etc/httpd/extra/httpd-vhosts-le-ssl.conf

It’s obviously grabbing httpd-ssl.conf since works.

Ok, then show the file:

We’ll try to figure out why things are failing…

This is the whole file. I commented out the part when I moved it to the main/default section of httpd-ssl.conf

<IfModule mod_ssl.c>

<VirtualHost *:8443>

General setup for the virtual host

DocumentRoot “/Library/WebServer/Documents”



SSLCertificateFile “/etc/letsencrypt/live/”

SSLCertificateKeyFile “/etc/letsencrypt/live/”

ErrorLog “/usr/local/var/log/httpd/error_log”

TransferLog “/usr/local/var/log/httpd/access_log”



#<IfModule mod_ssl.c>

#<VirtualHost *:8443>

DocumentRoot “/Library/WebServer/Documents”



<Directory /Library/WebServer/Documents>

Options Indexes FollowSymLinks MultiViews

AllowOverride All

Require all granted


#SSLCertificateFile /etc/letsencrypt/live/

#SSLCertificateKeyFile /etc/letsencrypt/live/

#Include /etc/letsencrypt/options-ssl-apache.conf



I’m confused about why this is commented out.
Can you show the other file as it is now?

That’s the section for defining a vhost for I moved that into the main ssl.conf file and commented it out here.

not all lines were commented out though - seems like it now has multiple servernames, etc.

That’s the site here doing that. The stuff in bold is all commented out.


lets see the only other file left then.

It’s big. Full of comments.

remove all the commented lines (from your post)

OK, hold on a second.

Did you mean httpd-ssl.conf or httpd.conf?

Here’s httpd-ssl.conf
Listen 8443


SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES

SSLHonorCipherOrder on

SSLProtocol all -SSLv3

SSLProxyProtocol all -SSLv3

SSLPassPhraseDialog builtin

SSLSessionCache “shmcb:/usr/local/var/run/httpd/ssl_scache(512000)”

SSLSessionCacheTimeout 300

<VirtualHost default:8443>

DocumentRoot “/Library/WebServer/Documents”



ErrorLog “/usr/local/var/log/httpd/error_log”

TransferLog “/usr/local/var/log/httpd/access_log”

SSLEngine on

SSLCertificateFile /etc/letsencrypt/live/

SSLCertificateKeyFile /etc/letsencrypt/live/

<FilesMatch “.(cgi|shtml|phtml|php)$”>

SSLOptions +StdEnvVars


<Directory “/usr/local/var/www/cgi-bin”>

SSLOptions +StdEnvVars


BrowserMatch “MSIE [2-5]” \

nokeepalive ssl-unclean-shutdown \

downgrade-1.0 force-response-1.0

CustomLog “/usr/local/var/log/httpd/ssl_request_log” \

“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x “%r” %b”


well both I guess
but was focused on the ssl file

you can remove the port from that line

Which part covers the other name?

default didn’t come out right it has underscores before and after:


that’s OK I can read between the lines (and the missing ones too)

That was in the httpd-vhost-le-ssl.conf file

but you neutered that one - it has no vhost config anymore