Unable to set enhancement redirect for cyberfreaks.de

DJThunder · March 13, 2018, 11:20am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
http://www.cyberfreaks.de

I ran this command:
./certbot-auto -d cyberfreaks.de -d www.cyberfreaks.de

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate and install certificates?

1: Apache Web Server plugin - Beta (apache)
2: Nginx Web Server plugin - Alpha (nginx)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Plugins selected: Authenticator apache, Installer apache
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/cyberfreaks.de.conf)

What would you like to do?

1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/cyberfreaks.de-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/cyberfreaks.de-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Failed redirect for cyberfreaks.de
Unable to set enhancement redirect for cyberfreaks.de
Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not supp ort automated redirection

IMPORTANT NOTES:

We were unable to set up enhancement redirect for your server,
however, we successfully installed your certificate.
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/cyberfreaks.de/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/cyberfreaks.de/privkey.pem
Your cert will expire on 2018-06-08. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again with the “certonly” option. To non-interactively renew all
of your certificates, run “certbot-auto renew”

My web server is (include version):
Apache/2.4.25

The operating system my web server runs on is (include version):
Debian 9

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
IMSCP

stevenzhu · March 13, 2018, 12:18pm

Hi,

According to the output, you dont correctly setup a http vHost. Please setup a vHost with server name cyberfreaks.de

Thank you

DJThunder · March 13, 2018, 4:41pm

I have setup the vHost with servername cyberfreaks.de

stevenzhu · March 13, 2018, 4:58pm

Do you setup port 80 and 443? Or only 443?

DJThunder · March 13, 2018, 5:11pm

for both ports, 2 confs, 1 for port 80 and 1 for port 443

stevenzhu · March 13, 2018, 5:41pm

Hi,
Can you share your port 80 http conf file?

Thank you

DJThunder · March 13, 2018, 5:45pm

Port 80 conf

<VirtualHost 89.163.227.165:80>
ServerAdmin webmaster@cyberfreaks.de
ServerName cyberfreaks.de
ServerAlias www.cyberfreaks.de
DocumentRoot /var/www/virtual/cyberfreaks.de/htdocs
DirectoryIndex disabled
LogLevel error
ErrorLog /var/log/apache2/cyberfreaks.de/error.log
Alias /errors/ /var/www/virtual/cyberfreaks.de/errors/
SuexecUserGroup vu2006 vu2006
<Proxy "unix:/run/php/php7.0-fpm-cyberfreaks.de.sock|fcgi://cyberfreaks.de" retry=0>
    ProxySet connectiontimeout=5 timeout=7200
</Proxy>
<Directory /var/www/virtual/cyberfreaks.de/htdocs>
    Options FollowSymLinks
    DirectoryIndex index.php
    AllowOverride All
    <If "%{REQUEST_FILENAME} =~ /\.ph(?:p[3457]?|t|tml)$/ && -f %{REQUEST_FILENAME}">
        SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
        SetHandler proxy:fcgi://cyberfreaks.de
    </If>
    DirectoryIndex index.html index.xhtml index.htm
    Require all granted
</Directory>
Alias /cgi-bin/ /var/www/virtual/cyberfreaks.de/cgi-bin/
<Directory /var/www/virtual/cyberfreaks.de/cgi-bin>
    AllowOverride AuthConfig Indexes Limit Options=Indexes,MultiViews \
        Fileinfo=RewriteEngine,RewriteOptions,RewriteBase,RewriteCond,RewriteRule Nonfatal=Override
    DirectoryIndex index.cgi index.pl index.py index.rb
    Options FollowSymLinks ExecCGI
    AddHandler cgi-script .cgi .pl .py .rb
    Require all granted
</Directory>
<Location /stats>
    ProxyErrorOverride On
    ProxyPreserveHost Off
    ProxyPass http://127.0.0.1:8889/stats/cyberfreaks.de retry=1 acquire=3000 timeout=600 Keepalive=On
    ProxyPassReverse http://127.0.0.1:8889/stats/cyberfreaks.de
</Location>
Include /etc/apache2/imscp/cyberfreaks.de.conf

port 443 conf

<IfModule mod_ssl.c>
<VirtualHost 89.163.227.165:443>
ServerAdmin webmaster@cyberfreaks.de
ServerName cyberfreaks.de
ServerAlias www.cyberfreaks.de vu2006.admin.blackarrowz.de
DocumentRoot /var/www/virtual/cyberfreaks.de/htdocs
DirectoryIndex disabled
LogLevel error
ErrorLog /var/log/apache2/cyberfreaks.de/error.log
Alias /errors/ /var/www/virtual/cyberfreaks.de/errors/
SuexecUserGroup vu2006 vu2006
<Proxy "unix:/run/php/php7.0-fpm-cyberfreaks.de.sock|fcgi://cyberfreaks.de" retry=0>
    ProxySet connectiontimeout=5 timeout=7200
</Proxy>
<Directory /var/www/virtual/cyberfreaks.de/htdocs>
    Options FollowSymLinks
    DirectoryIndex index.php
    AllowOverride All
    <If "%{REQUEST_FILENAME} =~ /\.ph(?:p[3457]?|t|tml)$/ && -f %{REQUEST_FILENAME}">
        SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
        SetHandler proxy:fcgi://cyberfreaks.de
    </If>
    DirectoryIndex index.html index.xhtml index.htm
    Require all granted
</Directory>
Alias /cgi-bin/ /var/www/virtual/cyberfreaks.de/cgi-bin/
<Directory /var/www/virtual/cyberfreaks.de/cgi-bin>
    AllowOverride AuthConfig Indexes Limit Options=Indexes,MultiViews \
        Fileinfo=RewriteEngine,RewriteOptions,RewriteBase,RewriteCond,RewriteRule Nonfatal=Override
    DirectoryIndex index.cgi index.pl index.py index.rb
    Options FollowSymLinks ExecCGI
    AddHandler cgi-script .cgi .pl .py .rb
    Require all granted
</Directory>
Include /etc/apache2/imscp/cyberfreaks.de.conf

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/cyberfreaks.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cyberfreaks.de/privkey.pem
</VirtualHost>
</IfModule>

jmorahan · March 14, 2018, 12:31am

So your port 80 vhost covers 2 domain names, your port 443 vhost covers 3, and the cert you’re using seems to cover only one. I suspect that might be what’s confusing certbot and preventing it from figuring out where to put the redirect. Maybe it will work if you get them all to match up.

Or you can just add a redirect yourself, if you prefer.

Rip · March 14, 2018, 3:31am

Good reference @jmorahan … one should consider using separate vhost config file for each subdomain.
Could solve the issue. Include the Server Alias one by one. JAT (Just a Thought)

system · April 13, 2018, 3:31am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.