Unable to find a virtual host listening on port 80

Here is what I have:
subdomain: these.diahoua.com

# curl -4 ifconfig.co
X.X.X.X
# curl -6 ifconfig.co
curl: (7) Couldn't connect to server

Thanks. I need some time away - sorry. Maybe someone else will see something now.

An alert to others ... HEAD requests are being rejected with 403 so avoid curl -I tests

On CentOS 8 the above two lines of netstat mean that the socket listens on all possible local addresses, including IPv4.

@Armis could you please give the output of the find /etc/httpd -ls command?

~# /etc/httpd -ls
-bash: /etc/httpd: Is a directory

There is a find in front; so the full command to execute is:

find /etc/httpd -ls

May I ask the output of that?

# find /etc/httpd -ls
   266227      4 drwxr-xr-x   5  root     root         4096 Jan 19 03:45 /etc/httpd
   266228      0 lrwxrwxrwx   1  root     root           19 Nov 12 10:28 /etc/httpd/logs -> ../../var/log/httpd
   396409      4 drwxr-xr-x   2  root     root         4096 Jan 15 21:32 /etc/httpd/conf
   396423     16 -rw-r--r--   1  root     root        13064 Nov 12 10:28 /etc/httpd/conf/magic
   396422     12 -rw-r--r--   1  root     root        11899 Nov 12 10:24 /etc/httpd/conf/httpd.conf
   396395      4 drwxr-xr-x   2  root     root         4096 Jan 15 22:29 /etc/httpd/conf.modules.d
   397003      4 -rw-r--r--   1  root     root          299 May  7  2020 /etc/httpd/conf.modules.d/15-php.conf
   396421      4 -rw-r--r--   1  root     root          496 Nov 12 10:28 /etc/httpd/conf.modules.d/README
   396399      4 -rw-r--r--   1  root     root           57 May 20  2021 /etc/httpd/conf.modules.d/10-proxy_h2.conf
   396413      4 -rw-r--r--   1  root     root         3311 Nov 12 10:24 /etc/httpd/conf.modules.d/00-base.conf
   396398      4 -rw-r--r--   1  root     root           45 May 20  2021 /etc/httpd/conf.modules.d/10-h2.conf
   396420      4 -rw-r--r--   1  root     root          451 Nov 12 10:24 /etc/httpd/conf.modules.d/01-cgi.conf
   396963      4 -rw-r--r--   1  root     root           41 Nov 12 10:24 /etc/httpd/conf.modules.d/00-ssl.conf
   396415      4 -rw-r--r--   1  root     root           41 Nov 12 10:24 /etc/httpd/conf.modules.d/00-lua.conf
   396418      4 -rw-r--r--   1  root     root         1073 Nov 12 10:24 /etc/httpd/conf.modules.d/00-proxy.conf
   396417      4 -rw-r--r--   1  root     root          787 Nov 12 10:24 /etc/httpd/conf.modules.d/00-optional.conf
   396414      4 -rw-r--r--   1  root     root          139 Nov 12 10:24 /etc/httpd/conf.modules.d/00-dav.conf
   396419      4 -rw-r--r--   1  root     root           88 Nov 12 10:24 /etc/httpd/conf.modules.d/00-systemd.conf
   396416      4 -rw-r--r--   1  root     root          948 Nov 12 10:24 /etc/httpd/conf.modules.d/00-mpm.conf
   266229      0 lrwxrwxrwx   1  root     root           29 Nov 12 10:28 /etc/httpd/modules -> ../../usr/lib64/httpd/modules
   266231      0 lrwxrwxrwx   1  root     root           19 Nov 12 10:28 /etc/httpd/state -> ../../var/lib/httpd
   266230      0 lrwxrwxrwx   1  root     root           10 Nov 12 10:28 /etc/httpd/run -> /run/httpd
   396386      4 drwxr-xr-x   2  root     root         4096 Jan 20 17:01 /etc/httpd/conf.d
   396999      4 -rw-r--r--   1  root     root         1618 May  7  2020 /etc/httpd/conf.d/php.conf
   396410      4 -rw-r--r--   1  root     root         2926 Nov 12 10:28 /etc/httpd/conf.d/autoindex.conf
   396411      4 -rw-r--r--   1  root     root         1252 Nov 12 10:24 /etc/httpd/conf.d/userdir.conf
   396387      4 -rw-r--r--   1  root     root          400 Nov 12 10:28 /etc/httpd/conf.d/README
   396962     12 -rw-r--r--   1  root     root         8720 Nov 12 10:24 /etc/httpd/conf.d/ssl.conf
   396412      4 -rw-r--r--   1  root     root          574 Nov 12 10:24 /etc/httpd/conf.d/welcome.conf

You have a configuration practically without customization. The apache web server is shipped on CentOS without VirtualHost on port 80, by default. So, it is not surprising that certbot does not find where to put the configuration for the challenge.
You may want to use certbot with webroot option.

So, any idea to solve this problem?

I do not know much the certbot command, but most ACME client has the webroot option. I suggest to try with that option to establish the HTTP-01 challenge for the domain authorization.

There are a couple ways to proceed.

One is to add a VirtualHost for port 80 to your Apache conf. This is the most common method. Using certbot with --apache plug-in would then work.

Another is to use the certbot --webroot command. Using your default Apache config for a temporary site is probably fine. But, is likely to cause problems for the long term.

With that warning, the command for webroot is:

sudo certbot certonly --webroot -w /var/www/html -d these.diahoua.com

The -w folder name came from the default DocumentRoot shown by httpd -S earlier

You would then replace the two lines for the SSLCertificate... files in your VirtualHost for port 443 with the path to the fullchain.pem and privkey.pem files created by certbot.

Make sure to reload Apache after making these changes and it should work.

Hello,
As the proposed solutions do not seem to work.
I decided to reinstall my server because I have to publish my graduation thesis this evening.
Sorry to put pressure on you but if you have the easiest method to install the certificate I'm interested

I installed a fresh Apache and have the same default config you showed earlier. The command I provided for --webroot worked for me.

If you explain what did not work perhaps I can advise further

# systemctl start httpd
[]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-01-21 22:21:01 IST; 9s ago
     Docs: man:httpd.service(8)
 Main PID: 59102 (httpd)
   Status: "Running, listening on: port 443, port 80"
    Tasks: 213 (limit: 29691)
   Memory: 27.4M
   CGroup: /system.slice/httpd.service
           ├─59102 /usr/sbin/httpd -DFOREGROUND
           ├─59104 /usr/sbin/httpd -DFOREGROUND
           ├─59105 /usr/sbin/httpd -DFOREGROUND
           ├─59106 /usr/sbin/httpd -DFOREGROUND
           └─59107 /usr/sbin/httpd -DFOREGROUND


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Account registered.
Requesting a certificate for these.diahoua.com
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
# certbot --apache -d these.diahoua.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for these.diahoua.com
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
# certbot certonly --webroot -w /var/www/html -d these.diahoua.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for these.diahoua.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/these.diahoua.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/these.diahoua.com/privkey.pem
This certificate expires on 2022-04-21.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Excellent. Now just update the VirtualHost conf for your 443 server as I described earlier and it should work.

Here's what I just did

[root@these ~]# certbot certonly --webroot -w /var/www/html -d these.diahoua.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certificate not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/these.diahoua.com.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Keep the existing certificate for now
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate for these.diahoua.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/these.diahoua.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/these.diahoua.com/privkey.pem
This certificate expires on 2022-04-21.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

When I go to my browser, I still don't have an SSL certificate

page1716×985 162 KB

You definitely have a certificate. Your Apache server is just not sending it out.

Did you update the port 443 VirtualHost config as I described? And then reloaded/restarted Apache? Earlier that was in this file

/etc/httpd/conf.d/ssl.conf

Update: You will also need to use https://these.diahoua.com - not http://

@MikeMcQ With the google translation from English to French it is not easy to understand well.
Here is my VirtualHost file what should I do?

#
# When we also provide SSL we have to listen to the
# standard HTTPS port in addition.
#
Listen 443 https

##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism
#   to use and second the expiring timeout (in seconds).
SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout  300

#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names.  NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec

##
## SSL Virtual Host Context
##

<VirtualHost _default_:443>

# General setup for the virtual host, inherited from global configuration
#DocumentRoot "/var/www/html"
#ServerName www.example.com:443

# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
"/etc/httpd/conf.d/ssl.conf" 203L, 8720C                                   1,1           Top

I don't know. That is not the whole file.

You are not experienced in setting up Apache

Is it possible for you to just share your report using google docs or something else that would be easier for you?

I give up, thanks for trying.
Have a good evening

Please, please, please do not give up.

Just execute the following commands:

rm -f /etc/pki/tls/certs/localhost.crt
rm -f /etc/pki/tls/private/localhost.key
ln -s /etc/letsencrypt/live/these.diahoua.com/fullchain.pem /etc/pki/tls/certs/localhost.crt
ln -s /etc/letsencrypt/live/these.diahoua.com/privkey.pem /etc/pki/tls/private/localhost.key
systemctl restart httpd.service