[Solved] Mac XAMPP certificate install


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: eospict.com

I ran this command: sudo certbot --apache -d eospict.com (i also tried using --apache-server-root and --apache-challenge-location)

It produced this output: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

My web server is (include version): Apache/2.4.29 using XAMPP install

The operating system my web server runs on is (include version): MacOS 10.12.4

My hosting provider, if applicable, is: N/A (home computer)

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I know what my issue is, it’s trying to install it to the default mac apache server, but i would like it installed to a different installation (hence the use of --apache-server-root before). I’m just not sure how i can specify the root properly. It’s installed at /Applications/XAMPP/xamppfiles (the default XAMPP location).


[Solved] Apache Mac with certbot not installed
#2

If you don’t have a port 80 virtualhost configured (as in the error), then instead of --apache, you can use:

--installer apache --authenticator webroot -w /var/www/html

(substituting /var/www/html for whatever your real webroot is).


#3

Thank you,
i ran: sudo certbot -d eospict.com --installer apache --authenticator webroot -w /Applications/XAMPP/xamppfiles/htdocs

and it worked.


#4

Hello @e69512345,

I apologize for being a bit off topic for this forum.

In order to pass web traffic to your web-server without exposing the router to the public, you will probably need to configure your router’s firewall and create a DMZ for your Apache server. (Exact details are sketchy without your specific device manual)

Port forwarding with the HG2372 router…

Using the Port Forwarding page, you can provide local services like a web (Apache) server for access from the Internet. To configure that, select the “external connection” (for example the Internet connection), then select the computer running Apache and add a firewall rule to allow traffic to it. You can also add/edit/delete rules without using the built-in templates. Without the firewall “exception rule”, anonymous internet traffic would be blocked and no one could see your website.

You should also setup the gateway to forward any incoming traffic (port 80 and port 443) to your host on the LAN. This could be done on the corresponding connection page by entering your LAN host IP address in the “DMZ host IP address” field. That should work for you and then you can move proceed configuring your Certificate(s).

I am a bit puzzled though, as see you have two LE certificates that you obtained in February 2018, and one COMODO Certificate that remains valid until February 2029.

Source: https://crt.sh/?q=eospict.com

You’ll have to decide how to move forward, and with which certificate(s).

Best I can do.
Good Luck.

Rip


#5

Thanks again, the port forwarding has been done the whole time. What seems to happen is the router forces its own page when within my lan, and doesn’t when not within the lan, even though port 80 is forwarded to my computer. On occasion, for reason unknown to me, the router page is visible from outside the LAN.

The COMODO certificate was obtained when my website was hosted by a hosting provider; it’s now solely done on my local machine. I should probably find a way of removing that certificate.

It’s configured to work with the 2nd LE certificate at the moment.

Thanks


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.