Unable to find a virtual host listening on port 80


#1

Hi,

After recieving “Action required: Let’s Encrypt certificate renewals” email.
I’ve run : certbot renew --dry-run
And get this message :

Attempting to renew cert (xxx) from /etc/xxxxx produced an unexpected error: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80… Skipping.
All renewal attempts failed. The following certs could not be renewed:
/etc/xxxxxxxxx/fullchain.pem (failure)

Well none of my site accept http request on port 80. They all redirect the user to https port with such apache configurations :
<Directory /usr/xxx/>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
< / Directory>

So I’m a little confused on my certificate renewal… Will it works ?
How to solve such a situation ?

Thanks in advance for your recomendations.


#2

Hi @Taryck

if you block port 80 (which has nothing to do with a “more secure system”), you can’t use http-01 validation.

So you must use dns-01 validation ort switch to tls-alpn-01 - validation. This isn’t supportet by Certbot, acme.sh supports that.

Or configure port 80, add a normal redirect http -> https, Letsencrypt follows this redirect to validate a file created in

/.well-known/acme-challenge

#3

Error disapears after adding :

<VirtualHost *:80>
ServerName xxxx.xxxxx.xxx
Redirect permanent / https://%{HTTP_HOST}%{REQUEST_URI}
< / VirtualHost>

I do not block port 80 I do not want any used of unsecured communications.

How dns-01 and tls-alpn-01 works ?
Where do I find documentation about that ?


#4

Start there:


#5

See also:


#6

You should just use:
ServerName *

[that way all requests will be redirected to https]


#7

Thanks but ServerName * doesn’t work httpd refuse to start…


#8

Then there already exists:
ServerName *
or
ServerName _default_

? ? ?