Yes, you can also use:
sudo systemctl restart apache2
when I run "apachectl -S", one of the lines in the output was
but it is
"DocumentRoot /var/www/wordpress" in (/etc/apache2/sites-enabled/sankofakids.org.conf
Does that make any difference? In other words, is it ok to have the ff below in the "apachectl -S" output?
Please show all the output.
And that might just be the default setting - which is usually overridden in the vhost file.
The output for ‘apachectl -S’?
yes.
VirtualHost configuration:
*:80 sankofakids.org (/etc/apache2/sites-enabled/sankofakids.org.conf:1)
*:443 sankofakids.org (/etc/apache2/sites-enabled/sankofakids.org.conf:39)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
Except for the lack of the “www” alias, that all seems correct.
Can we have a look at the current file?:
cat /etc/apache2/sites-enabled/sankofakids.org.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
# ServerName www.example.com
ServerAdmin webmaster@localhost
ServerAlias www.sankofakids.org
DocumentRoot /var/www/wordpress
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
# LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
# Include conf-available/serve-cgi-bin.conf
ServerName sankofakids.org
SSLCertificateFile /etc/letsencrypt/live/sankofakids.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sankofakids.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Redirect / https://sankofakids.org/
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/sankofakids.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sankofakids.org/privkey.pem
SSLProtocol -all +TLSv1.2
# SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt #If using a self-signed certificate, omit this line
ServerAdmin webmaster@localhost
ServerName sankofakids.org
ServerAlias www.sankofakids.org
DocumentRoot /var/www/wordpress
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Please remove the first occurence of:
SSLCertificateFile /etc/letsencrypt/live/sankofakids.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sankofakids.org/privkey.pem
And add after first ServerName
:
ServerAlias www.sankofakids.org
Wait the alias is there - the order is just upside down.
Just use this:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName sankofakids.org
ServerAlias www.sankofakids.org
DocumentRoot /var/www/wordpress
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect / https://sankofakids.org/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName sankofakids.org
ServerAlias www.sankofakids.org
DocumentRoot /var/www/wordpress
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/sankofakids.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sankofakids.org/privkey.pem
SSLProtocol -all +TLSv1.2
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
ok, just remove the 2 lines in :80?
Unfortunately order (for some things) matters.
Use the reordered file provided above.
ok, I will use the reordered copy
Having both HTTP and HTTPS blocks in the same file may throw certbot off - not sure.
I would go ahead and use the --webroot
option to ensure it knows where to go and doesn’t have to try to modify your code to obtain a cert.
Try:
sudo certbot --apache --webroot -w /var/www/wordpress -d sankofakids.org -d www.sankofakids.org --dry-run
If the dry run is successful, then remove “--dry-run
” parameter and get a real cert.
Note: Cerbot may tell you that you already have a cert with one of those domains and ask you what you want to do - if so, choose EXPAND the current cert with the other name.
[because you only need one cert (with both names on it)]
I ran the dry run. This is the ouput
cebroot does not exist or is not a directory
I had a TYPO - missing one dash
Try:
sudo certbot --apache --webroot -w /var/www/wordpress -d sankofakids.org -d www.sankofakids.org --dry-run
--dry-run currently only works with the 'certonly' or 'renew' subcommands ('run')
OK, lets add RENEW:
sudo certbot renew --apache --webroot -w /var/www/wordpress -d sankofakids.org -d www.sankofakids.org --dry-run
[you’d think it would be implied - lol]
Currently, the renew verb is capable of either renewing all installed certificates that are due to be renewed or renewing a single certificate specified by its name. If you would like to renew specific certificates by their domains, use the certonly command instead. The renew verb may provide other options for selecting certificates to renew in the future.