Unable to deploy cert for Apache2 behind Nginx

athyrsson · September 4, 2017, 9:46am

So I am trying to setup a wordpress site with Apache2 on Ubuntu Server 16.04.

My setup is as follows:
Nginx - Redirects to Apache2
Apache2 - Hosts the site

When I try to run certbot to get a certificate for apache2 I get the following error:

"Deploying Certificate for www.example.com to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/ports.conf:5
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
AH00015: Unable to open logs

Rolling back to previous server configuration…"

The reason I am trying to get a certificate for the apache server is that when I got to http://www.example.com, Nginx redirects me to https and then the apache server. I am presentet with I saite only displaying https content and that is not a very pretty look.
I do understand that certbot are trying to restart apache server using 443, which nginx is already using but how can I fix this? Please let me know if I should update the question with any information from logs or config files.

Best regards
Anders

rg305 · September 4, 2017, 3:34pm

which port(s) is nginx listening on?
which port(s) is apache listening on?

schoen · September 4, 2017, 6:37pm

Unfortunately, the comparatively convenient --apache method assumes that it can use port 443.

@rg305’s question is a good one: which ports are you using? What’s the nature of the “redirection” here? Is it an HTTP 301 redirect to an HTTPS URL on a different port? Or a ProxyPass or something?

If both servers are being accessed under the same domain name, the certificate that you already have for nginx could also be used by Apache. The certificate isn’t specific to particular application software (it doesn’t say “this certificate is for nginx” or anything), and nginx and Apache both understand the same PEM format.

athyrsson · September 4, 2017, 8:06pm

That is true, I could have used the certificate. facepalme

Nginx users 80 and 443. Apache 8010 and I would assume 443, did not touch or enable anything about https for apache prior to this.

I solved it by stoppning nginx, ran certbot for apache and then started nginx again. No errors and I can now securly reach my site.

schoen · September 4, 2017, 9:57pm

You generally can’t have two webservers using the same port at the same time.

I don’t think your solution is necessarily very sustainable because you’ll presumably need to stop nginx every time you need to renew your certificate.

system · October 4, 2017, 9:57pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.