Look for the ServerName directive

can’t find it …

pi@raspberrypi:/etc/apache2 $ ls
apache2.conf    conf-enabled  magic           mods-enabled  sites-available
conf-available  envvars       mods-available  ports.conf    sites-enabled
pi@raspberrypi:/etc/apache2 $ cd sites-enabled
pi@raspberrypi:/etc/apache2/sites-enabled $ ls
000-default.conf

Inside 000-default.conf

you may use grep to look for it, grep ServerName 000-default.conf

thanks for your patience

i haven’t result for this command :

pi@raspberrypi:/etc/apache2/sites-enabled $ grep ServerName 000-default.conf    
pi@raspberrypi:/etc/apache2/sites-enabled $ grep antar.ddns.net 000-default.conf
pi@raspberrypi:/etc/apache2/sites-enabled $
```

create a new file in /etc/apache2/sites-available/antar.ddns.net.conf, with this content:

<VirtualHost *:80>
    DocumentRoot "/var/www/html"
    ServerName antar.ddns.net

    # Other directives here
</VirtualHost>

https://httpd.apache.org/docs/2.4/vhosts/examples.html

then run a2ensite antar.ddns.net

then systemctl restart apache2

then certbot install --apache

AMAZING, it works :

pi@raspberrypi:/etc $ pi@raspberrypi:/etc $ ./certbot-auto install --apache
Deploying Certificate to VirtualHost /etc/apache2/sites-available/antar.ddns.net-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/antar.ddns.net-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Enabled Apache rewrite module-bash: pi@raspberrypi:/etc: No such file or directory

Redirecting vhost in /etc/apache2/sites-enabled/antar.ddns.net.conf to ssl vhost in /etc/apache2/sites-available/antar.ddns.net-le-ssl.conf

Really really thank you very much !!

I must say i can’t reproduce all that we done together if the problem restart, but i’m so happy, so long time to fight with this case, and few hours here and it’s solved. great job

PS : i hope eveything is good : https://www.ssllabs.com tell me “certficated not trusted”
There are many reasons why a certificate may not be trusted. The exact problem is indicated on the report card in bright red. The problems fall into three categories:

Invalid certificate
Invalid configuration
Unknown Certificate Authority

https://www.ssllabs.com/ssltest/analyze.html?d=antar.ddns.net#whyNotTrusted

Just create a virtualhost as we did in the last post. The rest is just diagnostics.

I clicked on "Clear cache"

immagine1092×540 36.3 KB

you’re my god !

THANK YOU for your patience, competence and time offer to me.

Hello,

thank you so much for your help here, I had exactly the same issue and this resolved it. To be honest with you, this kind of technical steps are really out of my skills, but I did succeed simply doing what you've suggested.
However, now I need to renew my certificate, and when running the following : "certbot renew", I have this error: "Failed to renew certificate XXX with error: Missing command line flag or config entry for this setting:Input the webroot for XXX".
I think that the error is related to a confusion regarding the path that needs to be used. Indeed when running the command above, it seems to look in "/etc/letsencrypt/renewal/", but when I had installed the certificate using your previous commands few months ago, at the end the certificate was deployed in "/etc/apache2/sites-available/".

Can you help me on this ?

Thank you in advance.

This post is two years old. What command did you run to get/install the certificate?

I've followed these steps, and at the end I had the successful message :
Successfully deployed certificate for XXX to /etc/apache2/sites-available/XXX.ovh-le-ssl.conf

Ok, and before that, how did you obtain your certificate?

j'avais suivi le tuto suivant : Comment sécuriser l'accès à Jeedom en HTTPS avec un certificat SSL gratuit - Page 3 sur 3

Tell me what's in this directory, please (post the appropriate .conf file).

And also tell me if you used certbot --apache or certbot --webroot.

I think I had used followings command initially:
sudo certbot --apache
sudo certbot certonly --webroot

Here is what's inside the .conf file in : /etc/letsencrypt/renewal/

renew_before_expiry = 30 days

version = 1.22.0
archive_dir = /etc/letsencrypt/archive/XXX.ovh
cert = /etc/letsencrypt/live/XXX.ovh/cert.pem
privkey = /etc/letsencrypt/live/XXX.ovh/privkey.pem
chain = /etc/letsencrypt/live/XXX.ovh/chain.pem
fullchain = /etc/letsencrypt/live/XXX.ovh/fullchain.pem

Options used in the renewal process

[renewalparams]
account = XXX
authenticator = webroot
server = https://acme-v02.api.letsencrypt.org/directory

thank you again for your help

Ok, check your VirtualHost and make a note of the DocumentRoot directory.

Then run:

certbot renew --cert-name XXX.ovh --webroot -w <the directory in the DocumentRoot directive>

It will work as long as your server is listening on port 80. It won't if you only listen on 443.

Or you can just run a simpler command:

certbot renew --cert-name XXX.ovh --apache

Just don't use --apache and --webroot: you have to pick one, not both.

it seems to work, thank you so much for your help !!!
is there any easy way (base on my technical skills... ) to automate the renewal ?

It should work automatically, check if it is with

certbot renew --dry-run

"Congratulations, all simulated renewals succeeded"

so it will be renewed without any manual action next time ?

You are awesome !! Thank you so much !

If the systemd timer or the crontab are configured, yes.

You can check with

sudo systemctl list-timers

or

sudo crontab -l