Setting up with Apache

amd.64 · July 7, 2023, 3:39am

I have just installed Apache on Ubuntu Server 23.04. Everything went fine until I attempted to execute sudo certbot --apache.

I was getting the error "Certificate Authority failed to verify the temporary Apache configuration." I have tried so much I am now getting:
"An unexpected error occurred:
requests.exceptions.ConnectTimeout: HTTPSConnectionPool(host='acme-v02.api.letsencrypt.org', port=443): Max retries exceeded with url: /directory (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7f98d69e4610>, 'Connection to acme-v02.api.letsencrypt.org timed out. (connect timeout=45)'))"

I am able to load the virtual site on a different computer on the same network using port 80, but not port 443.

I get the following output when running sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To Action From

22/tcp (OpenSSH) ALLOW IN Anywhere
80,443/tcp (Apache Full) ALLOW IN Anywhere
22/tcp (OpenSSH (v6)) ALLOW IN Anywhere (v6)
80,443/tcp (Apache Full (v6)) ALLOW IN Anywhere (v6)

My domain is kevinwatkins.us.

Can anybody assistant me

Osiris · July 7, 2023, 6:11am

The firewall you've shown here is for inbound connections, but the issue is that Certbot can't even connect to the Let's Encrypt ACME server on an OUTBOUND connection. So way earlier in the whole process.

Could be anything really, to incorrect routing of the private 172.16.0.0/12 IP space (sometimes people route the entire 172.0.0.0/8 as the private subnet, blocking access to e.g. some Cloudflare IP addresses..) to not working IPv6.

amd.64 · July 7, 2023, 11:52pm

I have gotten it to work, sort of.

If I use the URL mydomain.us then it works just fine.
However if I put www in front of it it does not. I get the error "The certificate is not trusted because it is self-signed."

According to ssllabs.com/ssltest there is a Alternative names www MISMATCH

How can I fix this issue? I assume that I need to delete or remove the self sign cert, but how do I do that?

rg305 · July 8, 2023, 4:20am

With Apache, I always start with the output of:
sudo apachectl -t -D DUMP_VHOSTS

system · August 7, 2023, 4:21am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.