Self hosted sites, default site is unable to use certbot cert (too many redirects)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:www.ericdannewitz.com

I ran this command:certbot

It produced this output:

My web server is (include version):apache 2.4.41

The operating system my web server runs on is (include version):Ubuntu 18

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):certbot 0.31.0

Basically, seems the default server, which is the site listed above (www.ericdannewitz.com) has too many redirects on it. All the other sites hosted on the machine have certbot working fine.

000-default.conf file is:

ServerName www.ericdannewitz.com
ServerAlias ericdannewitz.com *.ericdannewitz.com

ServerAdmin admin@ericdannewitz.com

    DocumentRoot /home/site/www.ericdannewitz.com/htdocs/
    <Directory />
            Options FollowSymLinks
            AllowOverride All
    </Directory>
    <Directory /home/site/www.ericdannewitz.com/htdocs/>
          Options Indexes FollowSymLinks MultiViews
          AllowOverride all
          Require all granted
    </Directory>

    ErrorLog /var/log/apache2/ericdannewitzerror.log
    CustomLog /var/log/apache2/ericdannewitzaccess.log common

 AddType application/x-httpd-php .php
 DirectoryIndex index.php
 ErrorDocument 404 /index.php?error=404

RewriteEngine on
RewriteCond %{SERVER_NAME} =ericdannewitz.com [OR]
RewriteCond %{SERVER_NAME} =www.ericdannewitz.com [OR]
RewriteCond %{SERVER_NAME} =*.ericdannewitz.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

000-default-ssl.conf looks like:


ServerAdmin admin@ericdannewitz.com

    DocumentRoot /home/site/www.ericdannewitz.com/htdocs/
    ServerName www.ericdannewitz.com
    ServerAlias ericdannewitz.com *.ericdannewitz.com
    <Directory />
            Options FollowSymLinks
            AllowOverride All
    </Directory>
    <Directory /home/site/www.ericdannewitz.com/htdocs/>
          Options Indexes FollowSymLinks MultiViews
          AllowOverride all
          Require all granted
    </Directory>

    ErrorLog /var/log/apache2/ericdannewitzerror.log
    CustomLog /var/log/apache2/ericdannewitzaccess.log common

 AddType application/x-httpd-php .php
 DirectoryIndex index.php
 ErrorDocument 404 /index.php?error=404

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.ericdannewitz.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.ericdannewitz.com/privkey.pem

Any ideas?

Hi @ericdano

checking your site there is no loop visible - https://check-your-website.server-daten.de/?q=ericdannewitz.com

A loop would be Grade L.

Domainname Http-Status redirect Sec. G
http://ericdannewitz.com/ 99.65.78.105 301 http://www.ericdannewitz.com/ 0.460 D
http://www.ericdannewitz.com/ 99.65.78.105 GZip used - 4731 / 14218 - 66,73 % 200 Html is minified: 191,41 % 0.480 H
https://ericdannewitz.com/ 99.65.78.105 301 http://ericdannewitz.com/ 4.217 N
Certificate error: RemoteCertificateNameMismatch
https://www.ericdannewitz.com/ 99.65.78.105 301 http://www.ericdannewitz.com/ 4.203 F

Where are these redirects https -> https? These are critical.

Oops, sorry, I disabled all the rewrites to get it just to work.

It is now running with the rewriteengine on and the rewritecond enabled on the 80 conf.

Actually, fixed it. Seems there was a Wordpress plugin (iThemes Security) that has a SSL setting. If that is ON, then it totally messes with certbot and letsencrypt. Turning it OFF fixes everything.

Thanks!