Unable to Generate SSL Certificate using certbot on Ubuntu 22.04

Unable to Generate SSL Certificate using certbot on Ubuntu 22.04

I am trying to request and set up an SSL certificate using certbot for Apache Server running on my AWS EC2 instance and using an Elastic IP. The instance type is Ubuntu 22.04

Linux ip-XX-XX-XX-XX 5.19.0-1025-aws #26~22.04.1-Ubuntu SMP Mon Apr 24 01:58:15 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

  • I ran apt-get install certbot python3-certbot-apache -y fine without any issues.
  • I then ran certbot --apache -d XXXXX.ddns.net which gave me the error below
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for sandeepc.ddns.net
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

/etc/apache2/sites-available/XXXXX.ddns.net.conf

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com
        #ServerAdmin webmaster@localhost
        #DocumentRoot /var/www/html

        ServerName XX.XX.XX.XX
        DocumentRoot /var/www/html
        ServerAlias XXXXX.ddns.net

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

I have gone through a few posts on Stackoverflow, for example - this but didn't help me resolve the issue.

Hence, I am raising the issue here and seeking a solution.

Letsencrypt Error Log

2023-10-01 04:00:59,935:DEBUG:acme.client:Storing nonce: 3hclikJO1AZvq43OY5NV5EmjOq_YEGxz_k2wSzErGtdIb82SYok
2023-10-01 04:00:59,935:INFO:certbot._internal.auth_handler:Performing the following challenges:
2023-10-01 04:00:59,936:INFO:certbot._internal.auth_handler:http-01 challenge for sandeepc.ddns.net
2023-10-01 04:00:59,944:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/usr/lib/python3/dist-packages/certbot_apache/_internal/configurator.py", line 2532, in perform
    http_response = http_doer.perform()
  File "/usr/lib/python3/dist-packages/certbot_apache/_internal/http_01.py", line 76, in perform
    self._mod_config()
  File "/usr/lib/python3/dist-packages/certbot_apache/_internal/http_01.py", line 116, in _mod_config
    selected_vhosts += self._relevant_vhosts()
  File "/usr/lib/python3/dist-packages/certbot_apache/_internal/http_01.py", line 166, in _relevant_vhosts
    raise errors.PluginError(
certbot.errors.PluginError: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

2023-10-01 04:00:59,945:DEBUG:certbot._internal.error_handler:Calling registered functions
2023-10-01 04:00:59,945:INFO:certbot._internal.auth_handler:Cleaning up challenges
2023-10-01 04:01:00,074:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 33, in <module>
    sys.exit(load_entry_point('certbot==1.21.0', 'console_scripts', 'certbot')())
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 15, in main
    return internal_main.main(cli_args)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1574, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1287, in run
    new_lineage = _get_and_save_cert(le_client, config, domains,
  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 133, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 459, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 389, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 439, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/_internal/auth_handler.py", line 70, in handle_authorizations
    resps = self.auth.perform(achalls)
  File "/usr/lib/python3/dist-packages/certbot_apache/_internal/configurator.py", line 2532, in perform
    http_response = http_doer.perform()
  File "/usr/lib/python3/dist-packages/certbot_apache/_internal/http_01.py", line 76, in perform
    self._mod_config()
  File "/usr/lib/python3/dist-packages/certbot_apache/_internal/http_01.py", line 116, in _mod_config
    selected_vhosts += self._relevant_vhosts()
  File "/usr/lib/python3/dist-packages/certbot_apache/_internal/http_01.py", line 166, in _relevant_vhosts
    raise errors.PluginError(
certbot.errors.PluginError: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
2023-10-01 04:01:00,078:ERROR:certbot._internal.log:Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
1 Like

Hi @sndpchatterjee07, and welcome to the LE community forum :slight_smile:

You should follow the recommended installation instructions at:

[choose Ubuntu 20 - it also works for 22]

3 Likes

That said, having a config file in sites-available doesn't ensure that it is in use.

Show:
sudo apachectl -t -D DUMP_VHOSTS

3 Likes

I am not sure why sudo apachectl -t -D DUMP_VHOSTS just gives
VirtualHost configuration:

I think my VirtualHost is configured okay as http://sandeepc.ddns.net/ loads as expected.

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com
        #ServerAdmin webmaster@localhost
        #DocumentRoot /var/www/html

        ServerName @@.@@.@@.@@
        DocumentRoot /var/www/html
        ServerAlias sandeepc.ddns.net

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

I have only 3 files on /etc/apache2/sites-available

000-default_backup30thSep2023.conf
default-ssl.conf
sandeepc.ddns.net.conf
1 Like

Hi @rg305,

I followed the instructions certbot instructions and ran the following one by one

apt-get remove certbot
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot

and then

certbot --apache and followed the onscreen prompts.

But it gave me the same error

Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
1 Like

Please understand that you can have many files in the "sites-available" folder.
But only the files in the "sites-enabled" folder will be active.

Again

If it is not shown, it is NOT active.

5 Likes

Okay. Let me review my apache site configurations.

It is now working. Thanks a lot for pointing me in the right direction.

apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443                  3.11.143.110 (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80                   3.11.143.110 (/etc/apache2/sites-enabled/000-default.conf:1)
2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.