I ran these commands: sudo snap install --classic certbot
sudo systemctl restart snapd.seeded.service
$ sudo /var/lib/snapd/snap/bin/certbot --apache
It produced this output:
IMPORTANT NOTES:
Unable to install the certificate (this line grayed out a little)
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/ukdirectsale.co.uk/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/ukdirectsale.co.uk/privkey.pem
Your cert will expire on 2020-12-28. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew all of
your certificates, run "certbot renew"
Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
My web server is (include version):
Apache/2.4.6 (CentOS)
The operating system my web server runs on is (include version):
CentOS Linux 7
Certbot version:
certbot 1.8.0
Okay, so the Apache webserver still works for http (i.e. port 80), but despite seemingly having installed everything okay, it doesn't work at all for https (443). i.e. it simply times out.
This is the first time I've tried to use https on this machine, and I can't see what else I should be doing. I've opened port 443 on the firewall, and checked to see that Apache is listening on 443, which it is:
$ sudo netstat -tulpn | grep :443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 20783/httpd
I do note that no changes appear to have been made in httpd.conf (date stamp is still a couple of years old), and my vhosts file in /conf.modules.d/ remains untouched also. I figured with --classic certbot I would have noted at least a change in one of the files?
Anyway, would be extremely grateful if somebody can assist in helping me to get it working properly. Many thanks in advance!
Given the lack of information, I can only guess... I guess that your domain points to an IP that has not had any previous port 443 access [this is your first secured domain- at this IP/server].
You've managed to enable TLS and have convinced Apache to serve your content via port 443.
Wonderful...
But if the firewall isn't allowing any inbound port 443 connections to reach your Apache server, no one will ever reach your site via that port.
Again, merely a guess.
If my guess is correct, then you have a solution.
If my guess is incorrect, then you may need to provide additional information or wait for a better guesser to come along.
I had already crossed out the line and added a second post with some suggestions.
Your affirmation of "I've opened port 443" has not been shown as confirmed by anyone else, so that waits to be seen/proven.
Maybe I read all to quickly, but it seems that you only showed the port listening not actually being allowed through any firewalls.
Another potentially relevant issue (GUESS #2):
Perhaps your FQDN resolves to an IPv6 address (no way for me to know).
And your bindings are only on IPv4.
I had already stopped and restarted Apache, but I can do it again. As for the firewall, then I'm not quite sure what else to do other than simply allow 443 in the same manner as I already have for 80.
$ sudo apachectl configtest
[Tue Sep 29 15:14:41.621657 2020] [so:warn] [pid 26991] AH01574: module unixd_module is already loaded, skipping
[Tue Sep 29 15:14:41.638732 2020] [so:warn] [pid 26991] AH01574: module cgi_module is already loaded, skipping
[Tue Sep 29 15:14:41.638807 2020] [so:warn] [pid 26991] AH01574: module fcgid_module is already loaded, skipping
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/httpd.conf:371
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.10.1.2. Set the 'ServerName' directive globally to suppress this message
Syntax OK
Those messages don't appear to be deal-breakers though; they're simply acknowledging that the modules are defined in more than one place (for whatever reason). I don't really see they would have any bearing on the issue at hand.
Then you may be missing the bigger picture.
The problem of those mods being loaded more than once is not the problem we are looking for - true.
But they are an indication of something out of place and possibly much more is being loaded along with those lines - like an included file that includes a file that includes some mods. [but if several files include the file that includes the files... or the include is being done within a block where that should not happen then there may be other consequences that go untold]
If you didn't know, now you will know:
Apache is notorious for running at any/all costs.
Even when the configtest passes, the config may still be problematic for certbots [and humans too].
Well, anything that gets it working will be welcome, but unrelated modules being skipped (they're not loaded more than once) on start-up just don't strike me as being a primary suspect.
Anyway, just going through stuff to find the duplicate definitions.
I take it that all seems normal and expected to your programming style...
So we can beat this until it does what we want and how we want it - no telling how long that will take.
OR
We can manually create the server block(s) it failed to create - this should be straight-forward.
TLS enabled versions of: