Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output: Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloverpatch.org.uk
http-01 challenge for dominame.net
http-01 challenge for hereticus-economicus.info
http-01 challenge for osspix.co.uk
http-01 challenge for www.cloverpatch.org.uk
http-01 challenge for www.dominame.net
http-01 challenge for www.hereticus-economicus.info
http-01 challenge for www.osspix.co.uk
http-01 challenge for communitygroat.co.uk
http-01 challenge for communitygroat.org.uk
http-01 challenge for devotoo.org.uk
http-01 challenge for jeffgordon.me.uk
http-01 challenge for mikegoodman.uk
http-01 challenge for www.communitygroat.co.uk
http-01 challenge for www.communitygroat.org.uk
http-01 challenge for www.devotoo.org.uk
http-01 challenge for www.jeffgordon.me.uk
http-01 challenge for www.mikegoodman.uk
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/httpd/conf/vhosts/communitygroat.co.uk-le-ssl.conf
Cannot find an SSLCertificateFile directive in /files/etc/httpd/conf/vhosts/communitygroat.co.uk-le-ssl.conf/IfModule/VirtualHost. VirtualHost was not modified
Unable to find an SSLCertificateFile directive
IMPORTANT NOTES:
Unable to install the certificate
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/communitygroat.co.uk/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/communitygroat.co.uk/privkey.pem
Your cert will expire on 2020-08-14. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the “certonly” option. To non-interactively renew all of
your certificates, run “certbot renew”
My web server is (include version): apache 2.4.43.1
The operating system my web server runs on is (include version): Arch 5.6.13-arch1-1
My hosting provider, if applicable, is: rented dedicated server
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No.
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 1.4.0
“Cannot find an SSLCertificateFile directive in /files/etc/httpd/conf/vhosts/communitygroat.co.uk-le-ssl.conf/IfModule/VirtualHost. VirtualHost was not modified” - I don’t know how to fix this and uncommenting the modules and include command in /etc/httpd/conf/httpd.conf as directed in the Arch Wiki Apache page means I cannot restart the httpd.service without switching it all back again.
It seems I’m caught in a circular trap because reading all the docs I could find and several web searches have not helped.
Thanks for the question, rg305. I’d better explain things more clearly.
cat: /etc/httpd/conf/vhosts/communitygroat.co.uk-le-ssl.conf: No such file or directory
As it says in the certbot error message in my OP,
Cannot find an SSLCertificateFile directive in /files/etc/httpd/conf/vhosts/communitygroat.co.uk-le-ssl.conf/IfModule/VirtualHost. *VirtualHost was not modified*
In fact none of the files were modified. How is a SSLCertificateFile directive inserted? Is that a Certbot or Apache function? My understanding from reading the docs was that the Apache plugin run with the --apache flag would add the https vhost working from the standard http version.
I have never seen vhosts built or modified directly by a script so really not sure what to expect. It’s also my first time using Arch as a web server, although I’ve been running Arch on desktop and laptop for years.
In case it helps, here are the contents of /etc/httpd/conf/vhosts/communitygroat.co.uk:
<VirtualHost *:80>
ServerAdmin webmaster@communitygroat.co.uk
DocumentRoot "/srv/http/communitygroat.co.uk/public"
ServerName communitygroat.co.uk
ServerAlias www.communitygroat.co.uk
ErrorLog "/var/log/httpd/communitygroat.co.uk-error_log"
CustomLog "/var/log/httpd/communitygroat.co.uk-access_log" common
<Directory "/srv/http/communitygroat.co.uk">
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Generally by certbot; as the TLS enabled vhost config doesn't yet exist and is created by certbot.
[which may be where things went wrong - I believe it tried and failed somewhere in that process]
The problem may have arisen from a corrupt HTTP vhost config.
Apache is notorious for running at all cost and will generally overlook things that would stop a horse.
So, if you could, please post the entire file using three backticks before and after your text.
[presumably /etc/httpd/conf/vhosts/communitygroat.co.uk.conf]
Example:
```
Lots of text goes here
and here
and also here
```
Hi Rudy, thanks for coming back to me, shows real patience! I too expected communitygroat.co.uk.conf as a vhost file but the Arch Wiki example has the .conf missing both in the /conf/vhosts/ directory and in the /conf/httpd.conf vhosts list. Could that be the problem? It would be a very simple matter to fix.
Here it is exactly as in /etc/httpd/conf/vhosts/ and, apart from the fqdn, repeated on each vhost in the vhosts directory:
<VirtualHost *:80>
ServerAdmin webmaster@communitygroat.co.uk
DocumentRoot “/srv/http/communitygroat.co.uk/public”
ServerName communitygroat.co.uk
ServerAlias www.communitygroat.co.uk
ErrorLog “/var/log/httpd/communitygroat.co.uk-error_log”
CustomLog “/var/log/httpd/communitygroat.co.uk-access_log” common
<Directory "/srv/http/communitygroat.co.uk">
AllowOverride All
Require all granted
</Directory>
</vhost>
Sorry, I missed the closing vhost tag in the example above but it was copied and pasted directly from the server, as was this example.
Thanks,
Mike
I tried adding the .conf to the end of each file but it made no difference - same error message at the end of the same process.
~]# apachectl -S
[Sun May 17 15:05:52.391184 2020] [so:warn] [pid 16961] AH01574: module mpm_prefork_module is already loaded, skipping
VirtualHost configuration:
*:80 is a NameVirtualHost
default server cloverpatch.org.uk (/etc/httpd/conf/vhosts/cloverpatch.org.uk.conf:1)
port 80 namevhost cloverpatch.org.uk (/etc/httpd/conf/vhosts/cloverpatch.org.uk.conf:1)
alias www.cloverpatch.org.uk
port 80 namevhost communitygroat.co.uk (/etc/httpd/conf/vhosts/communitygroat.co.uk.conf:1)
alias www.communitygroat.co.uk
port 80 namevhost communitygroat.org.uk (/etc/httpd/conf/vhosts/communitygroat.org.uk.conf:1)
alias www.communitygroat.org.uk
port 80 namevhost devotoo.org.uk (/etc/httpd/conf/vhosts/devotoo.org.uk.conf:1)
alias www.devotoo.org.uk
port 80 namevhost dominame.net (/etc/httpd/conf/vhosts/dominame.net.conf:1)
alias www.dominame.net
port 80 namevhost jeffgordon.me.uk (/etc/httpd/conf/vhosts/jeffgordon.me.uk.conf:1)
alias www.jeffgordon.me.uk
port 80 namevhost hereticus-economicus.info (/etc/httpd/conf/vhosts/hereticus-economicus.info.conf:1)
alias www.hereticus-economicus.info
port 80 namevhost mikegoodman.uk (/etc/httpd/conf/vhosts/mikegoodman.uk.conf:1)
alias www.mikegoodman.uk
port 80 namevhost osspix.co.uk (/etc/httpd/conf/vhosts/osspix.co.uk.conf:1)
alias www.osspix.co.uk
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/srv/http"
Main ErrorLog: "/var/log/httpd/error_log"
Mutex rewrite-map: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="http" id=33
Group: name="http" id=33
I left the .conf on the end of each after trying it out.
Wow!
So there is ONE certificate with all those names on it.
OK.
Noted.
Now let’s have a look at the renewal file for communitygroat
We can find it in the folder /etc/letsencrypt/renewal/
[if there are two, let’s see the .co not the .org]
I don’t understand how that can fix this problem.
The problem (so far) seems to be that you are trying to have certbot create a single vhost config file for all those domains - but it should be nine different vhost config files.
It would be simple, if long winded, to create separate files. Instead I simply read the docs and ran certbot --apache after installing certbot-apache as a plugin. I have used certbot with one cert on multiple domains on mail servers before but that was mostly on Debian, Stretch and Buster (9 and 10).
~]# cat /etc/letsencrypt/renewal/communitygroat.co.uk.conf
# renew_before_expiry = 30 days
version = 1.4.0
archive_dir = /etc/letsencrypt/archive/communitygroat.co.uk
cert = /etc/letsencrypt/live/communitygroat.co.uk/cert.pem
privkey = /etc/letsencrypt/live/communitygroat.co.uk/privkey.pem
chain = /etc/letsencrypt/live/communitygroat.co.uk/chain.pem
fullchain = /etc/letsencrypt/live/communitygroat.co.uk/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = 2fb3803ccd9939047524cc37d8be8e40
authenticator = apache
installer = apache
server = https://acme-v02.api.letsencrypt.org/directory
Please continue. I just thought of what the Arch Wiki was saying to show how I got to this place and add clarification if possible, not to confuse or to offend.