Unable to install on a new debian apache

:/var/www/letsencrypt# ./letsencrypt-auto --apache

Updating letsencrypt and virtual environment dependencies…

Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --apache

The apache plugin is not working; there may be problems with your existing configuration.
The error was: PluginError(‘Unable to parse runtime variables’,)

does

apache2ctl -S
print out your apache info and domains correctly ?

VirtualHost configuration:
wildcard NameVirtualHosts and default servers:
default:443 your_domain.com (/etc/apache2/sites-enabled/default-ssl.conf:2)
*:80 is a NameVirtualHost
default server vps-7809.fhnet.fr (/etc/apache2/sites-enabled/000-default:1)
port 80 namevhost vps-7809.fhnet.fr (/etc/apache2/sites-enabled/000-default:1)
Syntax OK

Are you using apache 2.2 ? if so it looks as if it’s a known bug - https://github.com/letsencrypt/letsencrypt/issues/1208

according to discussion in The apache plugin is not working; there may be problems with your existing configuration other methods (other than the -apache) should still work

ok… but clearly: do you know what command should I type in ?

(I guess many people still use apache2.2): that would be great to just have the command for apache2.2 instead of trying to make tests, search, posts in forums…

What to you want to achieve ?

I’m guessing you want to obtain an SSL cert for vps-7809.fhnet.fr and www.vps-7809.fhnet.fr ? anything else ?

Infact just an HTTPs on an IP address 86.105.212.202 so I can access it with https://86.105.212.202

Eh, why did you put LE inside your webdir?
I can't think of any reason why you would want it there.

1 Like

According to this Certificate for public IP without domain name Let’s Encrypt is not issuing SSL certificates for IP addresses

You can not have aN LE certificate for an IP address, it needs to be a domain name.

On: now new problems :frowning:

> ./letsencrypt-auto certonly --standalone -d nextechanisme.com -d www.nextechangisme.com

Updating letsencrypt and virtual environment dependencies.......
Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly --standalone -d nextechanisme.com -d www.nextechangisme.com
Failed authorization procedure. nextechanisme.com (http-01): urn:acme:error:connection :: The server could not connect to the client for DV :: Server failure at resolver

Any idea ?

Do you own nextechangisme.com? if so you need to point the domain to your server, as it’s currently hosted elsewhere.

LE is checking that you own the domain before it issues a certificate, hence it expects the domain to be on the server you are asking for an SSL certificate for.

yes I own it and it is hosted on the SAME server where I try to run that command: 91.121.158.139

I am running that SSH command from 91.121.158.139 where nextechangisme.com is hosted

root@ns333468:/letsencrypt# dig nextechangisme.com

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> nextechangisme.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65152
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;nextechangisme.com.            IN      A

;; ANSWER SECTION:
nextechangisme.com.     3366    IN      A       91.121.158.139

;; AUTHORITY SECTION:
nextechangisme.com.     55564   IN      NS      ns110.ovh.net.
nextechangisme.com.     55564   IN      NS      dns110.ovh.net.

How does LE makes that check : how does LE check I own the domain name ?

Have you read the documentation and the overview of how it works - https://letsencrypt.org/howitworks/technology/ ?

for the method you are using ( default) it needs to place code within a specific place on your webserver ( in .well-known/acme-challenge folder ) that it then checks - so confirm that you have control on that domain.

ok, any idea why it just does not work ?
I am on the nextechangisme.com server with SSH, type in the right command and … nothing.
Still did not find the solution to my problem.

I am fighting for 2 hours to make it work on apache2.2
I guess many people are using apache2.2 so… why not to publish a step/step guide for apache2.2 ?

Yeah, you mistyped your domain: it's missing a g in this post.

I feel so ashamed :flushed:
Forgive me for that : it works !

Last (stupid) question: once I got that certificate: what is the next step ?

regards

As you are doing a non-automatic configuration, you should edit the Apache configuration file of your HTTPS (virtual)host yourself. You should set the following settings:

SSLCertificateFile /etc/letsencrypt/live/yourdomain/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/yourdomain/chain.pem

And reload your Apache ofcourse :smile:

WORKS 100%

Thanks you so much for your great help !