Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: www.ocetacea.net
I ran this command: sudo certbot --apache -v
It produced this output:
Saving debug log to /usr/local/etc/certbot/logs/letsencrypt.log
Could not find OpenSSL version; not disabling session tickets.
Plugins selected: Authenticator apache, Installer apache
Please enter the domain name(s) you would like on your certificate (comma and/or space separated) (Enter 'c' to cancel): ocetacea.net www.ocetacea.net
Requesting a certificate for ocetacea.net and www.ocetacea.net
Performing the following challenges:
http-01 challenge for ocetacea.net
http-01 challenge for www.ocetacea.net
Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /usr/local/etc/certbot/logs/letsencrypt.log or re-run Certbot with -v for more details.
My web server is (include version): Apache/2.4.48 (Unix)
The operating system my web server runs on is (include version): Mac Catalina 10.15.7
My hosting provider, if applicable, is: self-serving on a Mac mini (Late 2012)
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): certbot 1.20.0
My router does not allow for NAT reflection; I run the under the VPN Global Protect, so my http-vhosts.conf
looks like:
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
Listen 80
<VirtualHost 192.168.0.15 63.228.176.120>
ServerAdmin pjamesnorris25@gmail.com
DocumentRoot "/Library/WebServer/Documents/"
ServerName ocetacea.net
ServerAlias www.ocetacea.net
ErrorLog "/private/var/log/apache2/ocetacea.net-error_log"
CustomLog "/private/var/log/apache2/ocetacea.netaccess_log" common
</VirtualHost>
My /usr/local/etc/certbot/logs/letsencrypt.log
looks like:
2021-10-10 06:47:59,777:DEBUG:certbot._internal.main:certbot version: 1.20.0
2021-10-10 06:47:59,778:DEBUG:certbot._internal.main:Location of certbot entry point: /usr/local/bin/certbot
2021-10-10 06:47:59,778:DEBUG:certbot._internal.main:Arguments: ['--apache', '-v']
2021-10-10 06:47:59,779:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-10-10 06:47:59,860:DEBUG:certbot._internal.log:Root logging level set at 20
2021-10-10 06:47:59,862:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache
2021-10-10 06:48:00,140:DEBUG:certbot_apache._internal.configurator:Apache version is 2.4.48
2021-10-10 06:48:00,675:WARNING:certbot_apache._internal.configurator:Could not find OpenSSL version; not disabling session tickets.
2021-10-10 06:48:00,697:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * apache
Description: Apache Web Server plugin
Interfaces: Installer, Authenticator, Plugin
Entry point: apache = certbot_apache._internal.entrypoint:ENTRYPOINT
Initialized: <certbot_apache._internal.override_darwin.DarwinConfigurator object at 0x111a6a130>
Prep: True
2021-10-10 06:48:00,699:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot_apache._internal.override_darwin.DarwinConfigurator object at 0x111a6a130> and installer <certbot_apache._internal.override_darwin.DarwinConfigurator object at 0x111a6a130>
2021-10-10 06:48:00,699:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator apache, Installer apache
2021-10-10 06:48:00,730:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/233054570', new_authzr_uri=None, terms_of_service=None), b28e3310e 505c4b25b05ce4bfb135edb, Meta(creation_dt=datetime.datetime(2021, 10, 9, 23, 8, 12, tzinfo=<UTC>), creation_host='jnorrisMM.local', register_to_eff='pjamesnorris25@gmail.com'))>
2021-10-10 06:48:00,749:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-10-10 06:48:03,350:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-10-10 06:48:03,746:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-10-10 06:48:03,747:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 10 Oct 2021 12:48:03 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"74Stx5tPUE8": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-10-10 06:48:20,126:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for www.ocetacea.net and ocetacea.net
2021-10-10 06:48:20,517:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): /usr/local/etc/certbot/certs/keys/0016_key-certbot.pem
2021-10-10 06:48:20,572:DEBUG:certbot.crypto_util:Creating CSR: /usr/local/etc/certbot/certs/csr/0016_csr-certbot.pem
2021-10-10 06:48:20,586:DEBUG:acme.client:Requesting fresh nonce
2021-10-10 06:48:20,586:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-10-10 06:48:20,683:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-10-10 06:48:20,684:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 10 Oct 2021 12:48:20 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001Fv0oEiQIMN6qXv0gDQo9G2CVzbIGgb_yVLPGN4S2Rkg
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2021-10-10 06:48:20,685:DEBUG:acme.client:Storing nonce: 0001Fv0oEiQIMN6qXv0gDQo9G2CVzbIGgb_yVLPGN4S2Rkg
2021-10-10 06:48:20,703:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "www.ocetacea.net"\n },\n {\n "type": "dns",\n "value": "ocetacea.net"\n }\n ]\n}'
2021-10-10 06:48:20,708:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjMzMDU0NTcwIiwgIm5vbmNlIjogIjAwMDFGdjBvRWlRSU1ONnFYdjBnRFFvOUcyQ1Z6YklHZ2JfeVZMUEdONFMyUmtnIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "oULgcglqVGtbY-QOkOV-fBSuaQMb1Os_BOInh0-1MLWjr_6OUXEeNhiDBHWXrBT_m87dfUTkR33uxmczMvhtXCoaamzpKQTis7Qdk1zEj_YoY1ru6LzlWPflewVCQwKIlqRqGN5UMx2fiKXAoKqNUAperhzT0zSo2MvLOtOO48_P-00X0HwZmeaVEgxg2dsy_7rfPfeIC7x8wrVHZkUalRHur-wvylciMR3TOsZLzBklFHY5TXNjOx37VOzUjyGrX2qggqhP6MmYDmPOvBEHlu-JZAUX-7vEvde3FybqvE00wQiyMg4dzGEwkXhA9oKZGboao1qIuut4lR7q8o3huw",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInd3dy5vY2V0YWNlYS5uZXQiCiAgICB9LAogICAgewogICAgICAidHlwZSI6ICJkbnMiLAogICAgICAidmFsdWUiOiAib2NldGFjZWEubmV0IgogICAgfQogIF0KfQ"
}
2021-10-10 06:48:20,844:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1"
201 473
2021-10-10 06:48:20,845:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sun, 10 Oct 2021 12:48:20 GMT
Content-Type: application/json
Content-Length: 473
Connection: keep-alive
Boulder-Requester: 233054570
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/233054570/30855990870
Replay-Nonce: 0001FfAkKVAr0qBGUK17OluC_LzevUMmIcvv_lW7s05Upls
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2021-10-16T23:08:46Z",
"identifiers": [
{
"type": "dns",
"value": "ocetacea.net"
},
{
"type": "dns",
"value": "www.ocetacea.net"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/38547876510",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/38549211240"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/233054570/30855990870"
}
2021-10-10 06:48:20,845:DEBUG:acme.client:Storing nonce: 0001FfAkKVAr0qBGUK17OluC_LzevUMmIcvv_lW7s05Upls
2021-10-10 06:48:20,845:DEBUG:acme.client:JWS payload:
b''
2021-10-10 06:48:20,848:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/38547876510:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjMzMDU0NTcwIiwgIm5vbmNlIjogIjAwMDFGZkFrS1ZBcjBxQkdVSzE3T2x1Q19MemV2VU1tSWN2dl9sVzdzMDVVcGxzIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zODU0Nzg3NjUxMCJ9",
"signature": "GMOv5jGoLcyerSOdvGESQaQ0uvHMHmV83IuCKq7DuHC8MmVxSlW5vSiEwaIg73bCMahfpTklOjiCVyjB7l0MFeS5ekp9Qp-2enXaWQUDRXtzU00dDNaa_bSBLg3ToW_jiWsbbNBMFMFMFU4MBOqR1Gt4b2FppOk0UrrFWwoKiO6YijW-MvZWgoq7qW9e6_GhzRPf1p5nPyBTPbC0HZXCaoLx3RJH9TBH2Ao97FXPs8
4bfOnRWKFsmigzwudZ3QPHJc9Or4Fz3ZziHiGs7jz4Frx-K5IapFtZAhEU17FufHWHQdr2rr7wzlUI77CX9IivNSApORkHsO2PKW8p3-isnA",
"payload": ""
}
2021-10-10 06:48:20,953:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/38547876510 HTTP/1.1" 200 793
2021-10-10 06:48:20,954:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 10 Oct 2021 12:48:20 GMT
Content-Type: application/json
Content-Length: 793
Connection: keep-alive
Boulder-Requester: 233054570
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 00015-Ig8NWCUo_vKfZAj7PMOHcI_BKdi-DxjTi-5oO8myo
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "ocetacea.net"
},
"status": "pending",
"expires": "2021-10-16T23:08:46Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/38547876510/VC8Seg",
"token": "DtiNdr-elZIj8K7E9MTEQeFyaO5Kz38RAq8ucxzpXb8"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/38547876510/J2FNCA",
"token": "DtiNdr-elZIj8K7E9MTEQeFyaO5Kz38RAq8ucxzpXb8"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/38547876510/s2yQNA",
"token": "DtiNdr-elZIj8K7E9MTEQeFyaO5Kz38RAq8ucxzpXb8"
}
]
}
2021-10-10 06:48:20,954:DEBUG:acme.client:Storing nonce: 00015-Ig8NWCUo_vKfZAj7PMOHcI_BKdi-DxjTi-5oO8myo
2021-10-10 06:48:20,955:DEBUG:acme.client:JWS payload:
b''
2021-10-10 06:48:20,958:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/38549211240:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjMzMDU0NTcwIiwgIm5vbmNlIjogIjAwMDE1LUlnOE5XQ1VvX3ZLZlpBajdQTU9IY0lfQktkaS1EeGpUaS01b084bXlvIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8zODU0OTIxMTI0MCJ9",
"signature": "FYfYcQ7tkZeIri-9bfESN-sZ6L-uG9jnJXLNgna8jNNkUr0C_UBwfybUfuOJid6h6k5lXFBn9r-RLYCzbICpLXmgLmzGUrna5UBPZX87W8zQbwZV9pBWAEIIgQ1W3hxZSxG1EFrI7229HkHn6v2T0-M31GsuN-MqbGzXUzcBrFxTCEv_yHDT_d0QK8K3Sa3wJ31sVdd3fdFOnt0SsVmnIoEuIP-Fvvaz5rbwgaUle-ppA1IQWnZ5vhMQL5vBakm0Cdr60VmKzLWS70L2t9leKsApJgV9vIZRx44XTaFjdam83-rB_-ydTbFGUyBN8XwKZXhjSWmNLz_liIQTuOBv0g",
"payload": ""
}
2021-10-10 06:48:21,066:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/38549211240 HTTP/1.1" 200 797
2021-10-10 06:48:21,067:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sun, 10 Oct 2021 12:48:21 GMT
Content-Type: application/json
Content-Length: 797
Connection: keep-alive
Boulder-Requester: 233054570
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0001T1aFASXg3j9SkB4eqKEMegsgAk3ZExjUE9S06ig6S9Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "www.ocetacea.net"
},
"status": "pending",
"expires": "2021-10-16T23:14:54Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/38549211240/B17PhQ",
"token": "dO6JzfiZ5J3JuJw1qDJRiGDLVzpdj4N7JoTI9Z9NAIs"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/38549211240/0yao8w",
"token": "dO6JzfiZ5J3JuJw1qDJRiGDLVzpdj4N7JoTI9Z9NAIs"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/38549211240/BjXIxA",
"token": "dO6JzfiZ5J3JuJw1qDJRiGDLVzpdj4N7JoTI9Z9NAIs"
}
]
}
2021-10-10 06:48:21,067:DEBUG:acme.client:Storing nonce: 0001T1aFASXg3j9SkB4eqKEMegsgAk3ZExjUE9S06ig6S9Y
2021-10-10 06:48:21,068:INFO:certbot._internal.auth_handler:Performing the following challenges:
2021-10-10 06:48:21,068:INFO:certbot._internal.auth_handler:http-01 challenge for ocetacea.net
2021-10-10 06:48:21,069:INFO:certbot._internal.auth_handler:http-01 challenge for www.ocetacea.net
2021-10-10 06:48:21,270:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/local/Cellar/certbot/1.20.0/libexec/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
resps = self.auth.perform(achalls)
File "/usr/local/Cellar/certbot/1.20.0/libexec/lib/python3.9/site-packages/certbot_apache/_internal/configurator.py", line 2532, in perform
http_response = http_doer.perform()
File "/usr/local/Cellar/certbot/1.20.0/libexec/lib/python3.9/site-packages/certbot_apache/_internal/http_01.py", line 76, in perform
self._mod_config()
File "/usr/local/Cellar/certbot/1.20.0/libexec/lib/python3.9/site-packages/certbot_apache/_internal/http_01.py", line 116, in _mod_config
selected_vhosts += self._relevant_vhosts()
File "/usr/local/Cellar/certbot/1.20.0/libexec/lib/python3.9/site-packages/certbot_apache/_internal/http_01.py", line 166, in _relevant_vhosts
raise errors.PluginError(
certbot.errors.PluginError: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
2021-10-10 06:48:21,271:DEBUG:certbot._internal.error_handler:Calling registered functions
2021-10-10 06:48:21,271:INFO:certbot._internal.auth_handler:Cleaning up challenges
2021-10-10 06:48:21,882:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 33, in <module>
sys.exit(load_entry_point('certbot==1.20.0', 'console_scripts', 'certbot')())
File "/usr/local/Cellar/certbot/1.20.0/libexec/lib/python3.9/site-packages/certbot/main.py", line 15, in main
return internal_main.main(cli_args)
File "/usr/local/Cellar/certbot/1.20.0/libexec/lib/python3.9/site-packages/certbot/_internal/main.py", line 1574, in main
return config.func(config, plugins)
File "/usr/local/Cellar/certbot/1.20.0/libexec/lib/python3.9/site-packages/certbot/_internal/main.py", line 1287, in run
new_lineage = _get_and_save_cert(le_client, config, domains,
File "/usr/local/Cellar/certbot/1.20.0/libexec/lib/python3.9/site-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/local/Cellar/certbot/1.20.0/libexec/lib/python3.9/site-packages/certbot/_internal/client.py", line 454, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/local/Cellar/certbot/1.20.0/libexec/lib/python3.9/site-packages/certbot/_internal/client.py", line 384, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/local/Cellar/certbot/1.20.0/libexec/lib/python3.9/site-packages/certbot/_internal/client.py", line 434, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/usr/local/Cellar/certbot/1.20.0/libexec/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
resps = self.auth.perform(achalls)
File "/usr/local/Cellar/certbot/1.20.0/libexec/lib/python3.9/site-packages/certbot_apache/_internal/configurator.py", line 2532, in perform
http_response = http_doer.perform()
File "/usr/local/Cellar/certbot/1.20.0/libexec/lib/python3.9/site-packages/certbot_apache/_internal/http_01.py", line 76, in perform
self._mod_config()
File "/usr/local/Cellar/certbot/1.20.0/libexec/lib/python3.9/site-packages/certbot_apache/_internal/http_01.py", line 116, in _mod_config
selected_vhosts += self._relevant_vhosts()
File "/usr/local/Cellar/certbot/1.20.0/libexec/lib/python3.9/site-packages/certbot_apache/_internal/http_01.py", line 166, in _relevant_vhosts
raise errors.PluginError(
certbot.errors.PluginError: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
2021-10-10 06:48:22,184:ERROR:certbot._internal.log:Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
2021-10-10 06:48:22,184:ERROR:certbot._internal.log:Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
I'm quite comfortable with the command-line so don't be shy with command-line suggestions.
Thank you,
P James Norris