Unable to find virtual host listening on port 80

Help request is due to the fact that previous auto-renewing is now failing with “…Unable to find virtual host listening on port 80” …

My domain is:

goldglamor.com

I ran this command:

sudo ./certbot-auto renew --dry-run

It produced this output:

For all websites this error was produced (with appropriate domain names!)…
" Attempting to renew cert (goldglamor.com) from /etc/letsencrypt/renewal/goldglamor.com.conf produced an unexpected error: Unable to find a virtual host listening on port 80, which is currently needed for certbot to prove to the CA that you control your domain"

I changed the following line in goldglamor.com.conf :
<VirtualHost *:443> to <VirtualHost *:80> and then <VirtualHost *:80 *:443>

I restarted Apache each time, but this did not help and I still got the same error.

Appreciate any detailed suggestions…

My web server is (include version):

Apache 2.4.6

The operating system my web server runs on is (include version):

Centos 7.6.1810

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

That’s really not the best way to so 80 and 443.
You should probably do them in separate config.
One for 80 (to handle the auth requests and redirect all 80 to 443)
One for 443 (to handle your web site traffic)
Change it back to original (*:443)
And show the file here.

OK that is problematic to read/understand.
Please upload it image
(and you can remove that text from that post)

Yeah, got munged…upload did not allow a conf file…will try agan

or use paste.bin (or anything like that)

And of couse new users can not upload an attachment when renamed to txt!

Will try pasting…

You can paste your config between backticks like:

```nginx
<conf goes here>
```
ServerName blah blah

or paste it between “PREs”
<pre>
config goes here
</pre>

OK, That looks better - not 100% but close enough I hope!

backticks seem to eat hashtags for breakfast lunch & dinner - LOL
I use PREs

You can try add something like:

#hashtags work fine by the way
<VirtualHost *:80>
  ServerName goldglamor.com
  ServerAlias www.goldglamor.com
  Redirect permanent / https://www.goldglamor.com/
</VirtualHost>

to get renewal working again.

Edit: whoops, not sure where that .tk came from, removed

1 Like

Hi @davidw

do you really want to send https over port 80? This is always bad.

Are you sure? You added the port 80 VirtualHost and got this error:

? If so, something went very wrong with the way you added it.

PS: Your “wrong” configuration works:

D:\temp>download https://www.goldglamor.com:80/ -h
SSL-Zertifikat is valide
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Length: 235
Content-Type: text/html; charset=iso-8859-1
Date: Sun, 16 Dec 2018 21:59:41 GMT
Location: https://www.goldglamor.com/
Server: Apache

Status: 301 MovedPermanently

698,04 milliseconds
0,70 seconds

Originally I was using port 443, until this error “Unable to find virtual host listening on port 80” occurred. Definitely would prefer to user port 443 over port 80!

The idea is to use both. Send traffic from 80 to 443 (via an HTTP redirect).

The port 80 VirtualHost must exist (independently of the 443 one) so that you can fulfill ACME challenges.

So the VirtualHost I posted, needs to exist in parallel to your 443 one.

1 Like

Thank you for the clarification _az … trying now…

Ok…

Got it working…thanks to _az, I had to create a separate vhost conf file to handle port 80…

Key question…what changed with letsencrypt recently to require this new vhost?

I will delete my conf files from this thread - bit paranoid!

And a big thank you to everyone that replied!!!

Rereading the thread - Rg305 hit the nail on the head early on, just did not see the import of what was said!!!

1 Like

In the past, Certbot was probably validating using port 443 with the TLS-SNI-01 challenge type. But Let’s Encrypt is phasing TLS-SNI-01 out, and Certbot recently switched to prefer using the port 80 HTTP-01 challenge in version 0.28.0 (though it still supports both for now).

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.