Yep, you have no port 443 vHost, which I suspected.
What are the contents of these files?
/etc/apache2/sites-enabled/000-default.conf
What are the outputs of these commands?
sudo ls -lRa /etc/apache2/sites-available
sudo ls -lRa /etc/apache2/sites-enabled
Please put three backticks above and below each content and output, like this:
```
content/output
```
That result
is expected.
Your "SSL Zen" doesn't work, so the port 443 vHost (or whatever that works with WordPress) wasn't created.
And it doesn't help to create that port manual.
- Check, if there is a SSL Zen Update
- Check, if there is a better log
- Then share that.
The port 443 vHost is always created by the ACME client.
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/
# Above line changed from "/var/www/html" Apr 2021
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
---
fred@Fred-DME:~$ sudo ls -lRa /etc/apache2/sites-available
[sudo] password for fred:
/etc/apache2/sites-available:
total 28
drwxr-xr-x 2 root root 4096 May 13 15:15 .
drwxr-xr-x 8 root root 4096 May 12 19:51 ..
-rw-r--r-- 1 root root 1388 Apr 28 11:49 000-default.conf
-rw-r--r-- 1 root root 6351 May 12 21:08 default-ssl.conf
-rw-r--r-- 1 root root 6338 May 12 18:06 ORIG_default-ssl.conf
fred@Fred-DME:~$
fred@Fred-DME:~$ sudo ls -lRa /etc/apache2/sites-enabled
/etc/apache2/sites-enabled:
total 8
drwxr-xr-x 2 root root 4096 May 12 21:01 .
drwxr-xr-x 8 root root 4096 May 12 19:51 ..
lrwxrwxrwx 1 root root 35 Apr 26 17:40 000-default.conf -> ../sites-available/000-default.conf
fred@Fred-DME:~$
I need you to edit your last post and put 3 backticks ``` above and below the contents of the conf file. Without them, the file gets cutoff. Notice that the VirtualHost closing tag is missing.
Where did you put your SSL directives?
fred@Fred-DME:/etc/apache2/sites-enabled$ sudo vi 000-default.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/
# Above line changed from "/var/www/html" Apr 2021
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
vim: syntax=apache ts=4 sw=4 sts=4 sr noet
~
~
~
~
~
~
~
~
~
~
"000-default.conf" 32 lines, 1388 characters
Dang, have I been putting my SSL entries to the wrong file? I've been putting them in /sites-available/default-ssl.conf
Nope. You shouldn't be using either file.
Detailed instructions coming in a minute...
First, let's build the correct conf file.
Using a text editor (e.g. nano
) put the following contents into a new file named /etc/apache2/sites-available/fredcolclough.com.conf
being sure to use sudo
with the editor so that root
is the group:owner
of the file. Also, in both port 443 VirtualHosts below, be sure to put the complete path to the fullchain certificate file we discussed before next to the SSLCertificateFile directive and put the complete path to the private key file we discussed before next to the SSLCertificateKeyFile directive.
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName fredcolclough.com
ServerAlias www.fredcolclough.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://fredcolclough.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName www.fredcolclough.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile
SSLCertificateKeyFile
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
Redirect permanent / https://fredcolclough.com/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName fredcolclough.com
DocumentRoot /var/www/html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile
SSLCertificateKeyFile
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
</VirtualHost>
</IfModule>
Second, let's disable/enable the configurations.
sudo a2dissite 000-default.conf
sudo a2ensite fredcolclough.com.conf
sudo apachectl -k graceful
Your https website (www.fredcolclough.com
-> fredcolclough.com
) should be working now with proper http to https redirects.
You will want to create a new certificate that includes both fredcolclough.com
and www.fredcolclough.com
since both should be working now. With this configuration, the canonical name of your website is fredcolclough.com
without the www
.
When you replace the certificate and private key files, be sure to reload apache!
sudo apachectl -k graceful
Use the instructions in the link below to change the Site Address (URL) and WordPress Address (URL) settings in your WordPress to https://fredcolclough.com
so that WordPress doesn't get confused about your address.
Just letting you know I'm working on that! Thx!
No problem. It's a lot.
To chew on while I'm improving my VI skills! I can't get another cert issued by LetsEncrypt since they've tagged my domain for excessive certs! (From when it kept failing, so I kept trying...). Apparently it's for a WEEK! Is there a way to test to know we'll be good? Or a work-around?
nano is much easier than vim
If you create a cert that covers both fredcolclough.com
and www.fredcolclough.com
, you should have no restrictions since it does not cover the exact same set of (sub)domains as your five duplicate certificates that cover only fredcolclough.com
.
Agreed...nano in use now. when I copy & paste nano says it's a DOS file. Is that ok?
That's probably the whole \r\n vs \n thing. Just be sure you actually get the newlines in there properly and you should be alright.
It looks fine in nano... but it's erroring out on restart: (I'm perusing the file very carefully for syntax)
fred@Fred-DME:/etc/apache2/sites-available$ sudo apachectl -k graceful
AH00526: Syntax error on line 6 of /etc/apache2/sites-enabled/fredcolclough.com.conf:
CustomLog takes two or three arguments, a file name, a custom log format string or format name, and an optional "env=" or "expr=" clause (see docs)
Action '-k graceful' failed.
The Apache error log may have more information.
fred@Fred-DME:/etc/apache2/sites-available$
That's my bad. I forgot the " combined" at the end of the three CustomLog lines. I updated the text block above accordingly.
You are editing the file in sites-available
I hope. The file in sites-enabled
should just be a symbolic link to the file in sites-available
and not an actual file.
Yes, I'm updating in sites-available, and the symbolic link is in sites-enabled. You changed the file above? (nifty...) Rather than cp/ps the whole thing, what changed?