Unable to Find virtual host listening on port 80

duke_seb · February 3, 2023, 12:50am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: scottbrookesdesigns.com

I ran this command: sudo certbot renew

It produced this output: Unable to read ssl_module file; not disabling session tickets.

Renewing an existing certificate for scottbrookesdesigns.com

Failed to renew certificate scottbrookesdesigns.com with error: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

My web server is (include version): Server version: Apache/2.4.53 (Unix)
Server built: Apr 15 2022 20:31:46

The operating system my web server runs on is (include version): Mac OS Monterey

I can login to a root shell on my machine (yes or no, or I don't know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.26.0

Ive never had a problem before renewing certificates but now im receiving this error. I currently dont have any vhosts on port 80. my vhosts file has 2 sites listening on *:8443 (port mapped from my router)

any help would be appreciated. site expires tomorrow.

rg305 · February 3, 2023, 12:53am

I'm presuming both of those are using TLS.

What happened to the HTTP site(s)?
Something has changed since your last renewal.

duke_seb · February 3, 2023, 12:59am

I am getting a weird problem with my router where trying to access its web iterface gives me a certificate error. if i continue past it it just takes me to my one of my websites.....

maybe ill wipe it tomorrow and reconfigure it and see what happens.

duke_seb · February 5, 2023, 5:50pm

The only thing that has happened since i renewed my my other domain certificate at the end of november is that I had a series of power outages at christmas that my UPS couldnt keep up with while i was away so the server kept restarting after power failure. I havent made any changes to the files only thing i have done is stop and start apache and httpd

I also restored my router back to stock and set it up with port forwarding for 443 and 80 to my server.

If i try and add a *.80 virtual host i get the following

Processing /usr/local/etc/certbot/certs/renewal/scottbrookesdesigns.com.conf

Unable to read ssl_module file; not disabling session tickets.
Renewing an existing certificate for scottbrookesdesigns.com

Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: scottbrookesdesigns.com
Type: connection
Detail: 76.71.239.108: Fetching http://scottbrookesdesigns.com/.well-known/acme-challenge/ytFZ22lsbi0WQquNjg9WWpiQ4M-apXrrXjdGhednYBk: Timeout during connect (likely firewall problem)

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Failed to renew certificate scottbrookesdesigns.com with error: Some challenges have failed.

MikeMcQ · February 5, 2023, 6:37pm

Looks like you might have port 80 blocked in your router. Maybe by firewall or bad comms config (like forwarding).

I can reach your domain with HTTPS but not HTTP. The HTTP Challenge needs port 80 open

nmap -Pn -p80,443 scottbrookesdesigns.com
PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp open     https

duke_seb · February 5, 2023, 6:54pm

Thanks. i was starting to wonder that myself..... I was doing some testing and I could access http from within my network but not outside it.

im starting to wonder if my ISP has started blocking port 80 in the last month.

but im also starting to wonder if there was an update to my linksys router that doesnt allow for forwarding 80. right after i setup port forwarding on the router I lost the ability to access its management page

duke_seb · February 5, 2023, 7:12pm

here is a question for you.

if i get my DNS provider to forward around 80 to another port and then back to 80 inside my network would that work?

rg305 · February 5, 2023, 7:13pm

DNS doesn't have a mechanism to alter connection ports.

duke_seb · February 5, 2023, 7:15pm

my provider can redirect all traffic for my domain to another port.

rg305 · February 5, 2023, 7:19pm

Then they are doing more than just DNS.

duke_seb · February 5, 2023, 7:23pm

is there a way to get around needing port 80 to update the certificate?

Bruce5051 · February 5, 2023, 7:24pm

Here are the Challenge Types - Let's Encrypt only HTTP-01 challenge needs Port 80.

MikeMcQ · February 5, 2023, 7:26pm

You might also try asking your provider to un-block it. They may offer that for other account types, for example.

duke_seb · February 7, 2023, 12:56am

Ok I figured out the DNS challenges thing.

I figured I would post it here for someone else like me that runs into this problem

I used this command to get around the port 80 and then pasted the information provided into my dns providers txt record.

sudo certbot -d yourdomainhere.com --manual --preferred-challenges dns certonly

its funny that I found the instructions on letsencrypt harder to follow then a post i found here

schoen · February 7, 2023, 3:35am

Unfortunately, you can see in your other topic that this manual approach may have problems when it comes time to renew your certificate. If you use the DNS challenge method, it will be inconvenient unless your DNS host provides an API to allow creating and updating DNS records from software.

system · March 9, 2023, 3:36am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.