Hello, Newbie here OK first the boiler plate stuff -
the full domain name of your site (this will be made public upon issuance anyhow)
the command line you ran
./certbot-auto --apache -v
the output of that command
name and version of your operating system and your web server
openSuSE Leap 42.1, Apache 2.4
what type of hosting provider you are using, if applicable
self hosting
This is my first time attempt at incorporating SSL into my Apache webserver, so please bear with me if I am asking dumb questions or doing something stupid...
I am hosting a few virtual domains on my server (as opposed to what I think are virtual hosts) so I want to make it clear that all my domain names that I host are actually mapped to the same IP address.
I wish to add SSL encryption to each of these domains, but for simplicity sakes, I am starting out with just attempting to do so with my own 2 domains, www.marcchamberlin.com and marcchamberlin.com. I have generated a test certificate and installed it, which appears to have worked fine, i.e. I can reach https://www.marcchamberlin.com if I allow an exception for the test certificate.
At this point my first question is, should I remove this test certificate before I attempt to use certbot to generate and set up the rest of my certificates? I tried that but no joy.... In what state should Apache be in before I use certbot? Do I go ahead and enable SSL in the config files first, or does certbot expect to do that for me? Do I do anything special for setting up the virtual hosts and configuring them for SSL? It seems like this is a chicken or egg problem.... (I have opened port 443 on my firewall already) Since this works with the test certificate, it seems like certbot should at least be able to connect to my Apache webserver as well, but I am getting these error messages, so this is confusing...
-
The following errors were reported by the server:
Domain: www.marcchamberlin.com
Type: connection
Detail: Failed to connect to 23.236.36.11:443 for TLS-SNI-01
challengeDomain: marcchamberlin.com
Type: connection
Detail: Failed to connect to 23.236.36.11:443 for TLS-SNI-01
challenge
I found these related postings, but again no joy in groking what is going wrong -
In my hunting for a solution I did discover what appears to be one issue - certbot creates a vhost file called le_tls_sni_01_cert_challenge.conf that it uses to create temporary virtual hosts to use during the challenge process. I discovered that these in turn expect a document root at /var/lib/letsencrypt/tls_sni_01_page The Apache log files show complaints about this being missing and indeed I never see it being created while running the certbot script. So I tried to create this directory manually but still no joy getting certbot to work.
So I dunno what to try next, I am sure I am doing something wrong being as this is all new to me... Any ideas? Thanks in advance for any and all offers of help... Marc.