Look for the ServerName
directive
can’t find it …
pi@raspberrypi:/etc/apache2 $ ls
apache2.conf conf-enabled magic mods-enabled sites-available
conf-available envvars mods-available ports.conf sites-enabled
pi@raspberrypi:/etc/apache2 $ cd sites-enabled
pi@raspberrypi:/etc/apache2/sites-enabled $ ls
000-default.conf
Inside 000-default.conf
you may use grep
to look for it, grep ServerName 000-default.conf
thanks for your patience
i haven’t result for this command :
pi@raspberrypi:/etc/apache2/sites-enabled $ grep ServerName 000-default.conf
pi@raspberrypi:/etc/apache2/sites-enabled $ grep antar.ddns.net 000-default.conf
pi@raspberrypi:/etc/apache2/sites-enabled $
```
create a new file in /etc/apache2/sites-available/antar.ddns.net.conf
, with this content:
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName antar.ddns.net
# Other directives here
</VirtualHost>
https://httpd.apache.org/docs/2.4/vhosts/examples.html
then run a2ensite antar.ddns.net
then systemctl restart apache2
then certbot install --apache
AMAZING, it works :
pi@raspberrypi:/etc $ pi@raspberrypi:/etc $ ./certbot-auto install --apache
Deploying Certificate to VirtualHost /etc/apache2/sites-available/antar.ddns.net-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/antar.ddns.net-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Enabled Apache rewrite module-bash: pi@raspberrypi:/etc: No such file or directory
Redirecting vhost in /etc/apache2/sites-enabled/antar.ddns.net.conf to ssl vhost in /etc/apache2/sites-available/antar.ddns.net-le-ssl.conf
Really really thank you very much !!
I must say i can’t reproduce all that we done together if the problem restart, but i’m so happy, so long time to fight with this case, and few hours here and it’s solved. great job
PS : i hope eveything is good : https://www.ssllabs.com tell me “certficated not trusted”
There are many reasons why a certificate may not be trusted. The exact problem is indicated on the report card in bright red. The problems fall into three categories:
Invalid certificate
Invalid configuration
Unknown Certificate Authority
https://www.ssllabs.com/ssltest/analyze.html?d=antar.ddns.net#whyNotTrusted
Just create a virtualhost as we did in the last post. The rest is just diagnostics.
I clicked on "Clear cache"
you’re my god !
THANK YOU for your patience, competence and time offer to me.
Hello,
thank you so much for your help here, I had exactly the same issue and this resolved it. To be honest with you, this kind of technical steps are really out of my skills, but I did succeed simply doing what you've suggested.
However, now I need to renew my certificate, and when running the following : "certbot renew", I have this error: "Failed to renew certificate XXX with error: Missing command line flag or config entry for this setting:Input the webroot for XXX".
I think that the error is related to a confusion regarding the path that needs to be used. Indeed when running the command above, it seems to look in "/etc/letsencrypt/renewal/", but when I had installed the certificate using your previous commands few months ago, at the end the certificate was deployed in "/etc/apache2/sites-available/".
Can you help me on this ?
Thank you in advance.
This post is two years old. What command did you run to get/install the certificate?
I've followed these steps, and at the end I had the successful message :
Successfully deployed certificate for XXX to /etc/apache2/sites-available/XXX.ovh-le-ssl.conf
Ok, and before that, how did you obtain your certificate?
j'avais suivi le tuto suivant : Comment sécuriser l'accès à Jeedom en HTTPS avec un certificat SSL gratuit - Page 3 sur 3
Tell me what's in this directory, please (post the appropriate .conf file).
And also tell me if you used certbot --apache
or certbot --webroot
.
I think I had used followings command initially:
sudo certbot --apache
sudo certbot certonly --webroot
Here is what's inside the .conf file in : /etc/letsencrypt/renewal/
renew_before_expiry = 30 days
version = 1.22.0
archive_dir = /etc/letsencrypt/archive/XXX.ovh
cert = /etc/letsencrypt/live/XXX.ovh/cert.pem
privkey = /etc/letsencrypt/live/XXX.ovh/privkey.pem
chain = /etc/letsencrypt/live/XXX.ovh/chain.pem
fullchain = /etc/letsencrypt/live/XXX.ovh/fullchain.pem
Options used in the renewal process
[renewalparams]
account = XXX
authenticator = webroot
server = https://acme-v02.api.letsencrypt.org/directory
thank you again for your help
Ok, check your VirtualHost and make a note of the DocumentRoot
directory.
Then run:
certbot renew --cert-name XXX.ovh --webroot -w <the directory in the DocumentRoot directive>
It will work as long as your server is listening on port 80. It won't if you only listen on 443.
Or you can just run a simpler command:
certbot renew --cert-name XXX.ovh --apache
Just don't use --apache
and --webroot
: you have to pick one, not both.
it seems to work, thank you so much for your help !!!
is there any easy way (base on my technical skills... ) to automate the renewal ?
It should work automatically, check if it is with
certbot renew --dry-run
"Congratulations, all simulated renewals succeeded"
so it will be renewed without any manual action next time ?
You are awesome !! Thank you so much !
If the systemd timer or the crontab are configured, yes.
You can check with
sudo systemctl list-timers
or
sudo crontab -l