" Unable to find a virtual host listening on port 80" - system not using virtual hosts

#1

My domain is: sitetruth.com

I ran this command: /certbot-auto renew

It produced this output:

[root@s3 letsencrypt]# ./certbot-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/sitetruth.com.conf


Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.sitetruth.com
http-01 challenge for sitetruth.com
http-01 challenge for s3.sitetruth.com
Cleaning up challenges
Attempting to renew cert (sitetruth.com) from /etc/letsencrypt/renewal/sitetruth.com.conf produced an unexpected error: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/sitetruth.com/fullchain.pem (failure)


All renewal attempts failed. The following certs could not be renewed:
/etc/letsencrypt/live/sitetruth.com/fullchain.pem (failure)


My web server is (include version): Apache 2.4.6 (CentOS)

The operating system my web server runs on is (include version): CentOS 7.1.1503

My hosting provider, if applicable, is: Codero.

I can login to a root shell on my machine (yes or no, or I don’t know): Yes.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes, but I’m not using it for certbot

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

It just auto-updated to 0.34.2, and now it won’t renew

This machine hosts only one domain, so it doesn’t use virtual hosts.
This is just a renewal. It used to work. I haven’t changed anything on this server in over a year.

#2

Hi @John-Nagle

there is a Letsencrypt certificate ( https://check-your-website.server-daten.de/?q=sitetruth.com ):

CN=sitetruth.com
	10.05.2018
	08.08.2018
277 days expired	
s3.sitetruth.com, sitetruth.com, www.sitetruth.com - 3 entries

But it’s from last year, so you don’t really use it.

You have three old and expired certificates. With a lot of time between these certificates.

CRT-Id Issuer not before not after Domain names LE-Duplicate next LE
454298225 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2018-05-09 21:32:43 2018-08-07 21:32:43 s3.sitetruth.com, sitetruth.com, www.sitetruth.com
3 entries
312076423 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2018-01-24 02:02:42 2018-04-24 01:02:42 s3.sitetruth.com, sitetruth.com, www.sitetruth.com
3 entries
195972135 CN=Let’s Encrypt Authority X3, O=Let’s Encrypt, C=US 2017-08-22 01:14:00 2017-11-20 02:14:00 s3.sitetruth.com, sitetruth.com, www.sitetruth.com
3 entries

What’s your control panel? Perhaps it’s impossible to use that control panel and to create own virtual hosts.

This isn’t a renew. There is no working Letsencrypt configuration. 2017 you may have used tls-sni-01 validation, that’s not longer supported.

That’s a simple thing. Check your installation, there are samples how to create new config files.

#3

I have a real host on port 80. One server, one host. Why do I need a virtual one? Everything except LetsEncrypt works fine with that configuration.

Try “http://www.sitetruth.com:80”. Works fine.

Isn’t it a bug that LetsEncrypt won’t work right any more with a basic Apache configuration? Especially since it used to work?