Unable to find vhost on port 80

My domain is:
towingswanhill.com
I ran this command:
sudo certbot --apache
It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not find ssl_module; not disabling session tickets.
Plugins selected: Authenticator apache, Installer apache
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): towingswanhill.com
Requesting a certificate for towingswanhill.com
Performing the following challenges:
http-01 challenge for towingswanhill.com
Cleaning up challenges
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

My web server is (include version):
Apache (Unknown Version)
The operating system my web server runs on is (include version):
MacOS
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.16.0

I also ran apachectl -t -D DUMP_VHOSTS which shows the vhost on port 80, I can connect to the site for any machine and a cmd ping from another computer shows the domain and correct ip.

DUMP_VHOSTS
VirtualHost configuration:
*:80 is a NameVirtualHost
default server 180.150.45.233 (/private/etc/apache2/extra/httpd-vhosts.conf:40)
port 80 namevhost 180.150.45.233 (/private/etc/apache2/extra/httpd-vhosts.conf:40)
port 80 namevhost rosslocalmowing.com (/private/etc/apache2/extra/httpd-vhosts.conf:45)
alias www.rosslocalmowing.com
port 80 namevhost towingswanhill.com (/private/etc/apache2/extra/httpd-vhosts.conf:56)
alias www.towingswanhill.com
port 80 namevhost XXXXXXXX.com (/private/etc/apache2/extra/httpd-vhosts.conf:67)
alias www.XXXXXXXX.com

1 Like

Welcome to the Let's Encrypt Community :slightly_smiling_face:

The MacOS version of Apache uses a non-standard directory structure, so you need to use parameters to tell certbot where to find things.

apache:
Apache Web Server plugin (Please note that the default values of the Apache plugin options change depending on the operating system Certbot is run on.)

--apache-enmod APACHE_ENMOD Path to the Apache 'a2enmod' binary (default: None)

--apache-dismod APACHE_DISMOD Path to the Apache 'a2dismod' binary (default: None)

--apache-le-vhost-ext APACHE_LE_VHOST_EXT SSL vhost configuration extension (default: -le- ssl.conf)

--apache-server-root APACHE_SERVER_ROOT Apache server root directory (default: /etc/apache2)

--apache-vhost-root APACHE_VHOST_ROOT Apache server VirtualHost configuration root (default: None)

--apache-logs-root APACHE_LOGS_ROOT Apache server logs directory (default: /var/log/apache2)

--apache-challenge-location APACHE_CHALLENGE_LOCATION Directory path for challenge configuration (default: /etc/apache2)

--apache-handle-modules APACHE_HANDLE_MODULES Let installer handle enabling required modules for you (Only Ubuntu/Debian currently) (default: False)

--apache-handle-sites APACHE_HANDLE_SITES Let installer handle enabling sites for you (Only Ubuntu/Debian currently) (default: False)

--apache-ctl APACHE_CTL Full path to Apache control script (default: apache2ctl)

--apache-bin APACHE_BIN Full path to apache2/httpd binary (default: None)

https://certbot.eff.org/docs/using.html#certbot-command-line-options


I really want to get this resolved definitively because many MacOS Apache users would benefit from it. Please try the following command and let us know the output:

sudo certbot --apache --apache-server-root /private/etc/apache2 --apache-vhost-root /private/etc/apache2/extra --apache-challenge-location /private/etc/apache2

OR
Try using the --webroot authentication method.

1 Like

I know that webroot will work. I'm hoping to turn this topic into a reference for MacOS Apache users though.

1 Like

I would much prefer keeping certbot out of doing any Apache modifications.
["you touch it - you own it"]

1 Like

Hey, thanks for the reply. I entered the line as you requested, it didn't seem to work. Was there any config changes that needed to be made or any steps other then the command?

OUTPUT
% sudo certbot --apache --apache-server-root /private/etc/apache2 --apache-vhost-root /private/etc/apache2/extra --apache-challenge-location /private/etc/apache2
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Could not find ssl_module; not disabling session tickets.
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): towingswanhill.com, rosslocalmowing.com
Requesting a certificate for towingswanhill.com and rosslocalmowing.com
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

2 Likes

It is there:

But can't be found:

I say use --webroot

1 Like

I did see your reply about --webroot but I am confused to what it is any how to use it? Is it a certbot command, apache or something on its own?

1 Like

There are two parts to --apache

  1. installer
  2. authenticator [HTTP(S)]

--webroot is only for authentication.
You can still use Apache for the installation part (or not - your choice).

Using --webroot simplifies the HTTP(S) authentication process because certbot doesn't have to read/understand/modify the web server code in any way.

1 Like

So I can do sudo certbot certonly --webroot. Then I give it the file paths for the projects? (This is for the "Input webroot" part). Considering its certonly does that mean I need to change any apache settings/configs?
PS If you cant tell I'm pretty new to this, just want to understand what's going on. Thanks for the help so far.

2 Likes

Each domain may have a unique document root path - answer each request accordingly.

That depends...
If HTTPS has never been enabled, then you may have to create the vhost to handle that.
Once enabled, using certonly will work as expected and only update the links to the more recent cert.
[a web server restart is reload is requires upon any certificate issuance]

We all are - LOL

2 Likes

I guess the trick now is testing if certbot can install the cert it obtains via --webroot.
If not, then this is more complicated than simple, and may require that you manually create the HTTPS vhost files.
The good news there is that you only need to do that once (per domain / document root).

1 Like

So it seems to have worked with webroot, is there any info on how to config apache for HTTPS and I can just use the certbot renewer from the main getting started page? (Or is there a better way to auto renew)

2 Likes

Renewing the cert is now trivial.
Using the cert is now the problem at hand.

Let's start with ensuring you have the right cert(s).
Please show the output of:
certbot certificates

Then show the contents of the file:
/private/etc/apache2/extra/httpd-vhosts.conf

1 Like

Found the following certs:
Certificate Name: towingswanhill.com
Serial Number: 37deb5b61547713134524b6e3573fa65d68
Key Type: RSA
Domains: towingswanhill.com rosslocalmowing.com
Expiry Date: 2021-09-26 03:08:54+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/towingswanhill.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/towingswanhill.com/privkey.pem


1 Like

You should delete that cert and redo it with adding the two "www" names to it:

1 Like

Delete the old one, I now have this


Found the following certs:
Certificate Name: towingswanhill.com
Serial Number: 459c7e8e90cf7a139bdc40153dd2015f28b
Key Type: RSA
Domains: towingswanhill.com rosslocalmowing.com www.rosslocalmowing.com www.towingswanhill.com
Expiry Date: 2021-09-26 06:20:43+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/towingswanhill.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/towingswanhill.com/privkey.pem


1 Like

Perfect - part one has now been completed.
[that cert should renew all on it's own in 60 days - and every 60 days thereafter]

Part two is using the cert.
For that, please show the file:
/private/etc/apache2/extra/httpd-vhosts.conf

1 Like
<VirtualHost *:80>
        DocumentRoot "/Library/WebServer/Documents"
</VirtualHost>

#Ross Mowing
<VirtualHost *:80>
        DocumentRoot "/Library/WebServer/Documents/w1"
        ServerName rosslocalmowing.com
        ServerAlias www.rosslocalmowing.com
        <Directory "/Library/WebServer/Documents/w1">
            AllowOverride All
            Require all granted
        </Directory>
</VirtualHost>

#SwanTowing
<VirtualHost *:80>
        DocumentRoot "/Library/WebServer/Documents/towingswanhill.com"
        ServerName towingswanhill.com
        ServerAlias www.towingswanhill.com
        <Directory "/Library/WebServer/Documents/towingswanhill.com">
            AllowOverride All
            Require all granted
        </Directory>
</VirtualHost>

#pma
<VirtualHost *:80>
        DocumentRoot "/Library/WebServer/Documents/phpmyadmin"
        ServerName lns-myadminphp.com
        ServerAlias www.lns-myadminphp.com
        <Directory "/Library/WebServer/Documents/phpmyadmin">
            AllowOverride All
            Require all granted
        </Directory>
</VirtualHost>
1 Like

This part is likely unused and, if so, it should be removed:

<VirtualHost *:80>
        DocumentRoot "/Library/WebServer/Documents"
</VirtualHost>

Before we try to code this all manually let's give certbot one more go at it.
Try:
certbot --apache --reinstall -d "rosslocalmowing.com,www.rosslocalmowing.com"
If that works, then also for:
certbot --apache --reinstall -d "towingswanhill.com,www.towingswanhill.com"
If that fails, try showing the full output of:
apachectl -S

1 Like