Unable to set enhancement redirect

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:www.mominoun.com

I ran this command: ```
/opt/letsencrypt/letsencrypt-auto --authenticator standalone --installer apache -d www.mominoun.com --pre-hook “service apache2 stop” --post-hook “service apache2 start” --renew-by-default


It produced this output: Failed redirect for www.mominoun.com
Unable to set enhancement redirect for www.mominoun.com
Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection

IMPORTANT NOTES:
 - We were unable to set up enhancement redirect for your server,
   however, we successfully installed your certificate.
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/www.mominoun.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/www.mominoun.com/privkey.pem
   Your cert will expire on 2019-09-02. To obtain a new or tweaked
   version of this certificate in the future, simply run
   letsencrypt-auto again with the "certonly" option. To
   non-interactively renew *all* of your certificates, run


My web server is (include version): apache2

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of `certbot --version` or `certbot-auto --version` if you're using Certbot):
2

Hi @seraj

checking your domain you have already redirects http -> https ( https://check-your-website.server-daten.de/?q=mominoun.com ):

Domainname Http-Status redirect Sec. G
• http://mominoun.com/
34.247.10.109 301 https://mominoun.com/ 0.073 A
• http://www.mominoun.com/
34.247.10.109 302 https://www.mominoun.com/ 0.077 A
• https://mominoun.com/
34.247.10.109 200 1.264 N
Certificate error: RemoteCertificateNameMismatch
• https://www.mominoun.com/
34.247.10.109 200 0.936 I

So you can ignore the error.

But: Your certificate has only the www domain name:

CN=www.mominoun.com
	04.06.2019
	02.09.2019
expires in 90 days	www.mominoun.com - 1 entry

So you should create one certificate with both domain names - non-www and www.

And it should be possible that you use --apache as authenticator, not standalone. Then you don't need to stop your running webserver. And you can remove the pre- and the post-hook.

1 Like
3

I already have the certificate but I do not know why the mistake appears.

Please help me how I can solve this problem

4

You have already redirects. So you can ignore that message:

And

isn't good, there is the risk that you create too much certificates.

Try

/opt/letsencrypt/letsencrypt-auto --apache -d www.mominoun.com -d mominoun.com

so both connections are secure.

If that works, perhaps add a redirect https + non-www -> https + www.

1 Like
5

i try but :

root@ip-172-31-45-103:~# /opt/letsencrypt/letsencrypt-auto --apache -d www.mominoun.com -d mominoun.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/mominoun.com.conf)

What would you like to do?

1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Renewing an existing certificate
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Failed redirect for www.mominoun.com
Unable to set enhancement redirect for www.mominoun.com
Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection

IMPORTANT NOTES:

  • We were unable to set up enhancement redirect for your server,
    however, we successfully installed your certificate.
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/mominoun.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/mominoun.com/privkey.pem
    Your cert will expire on 2019-09-02. To obtain a new or tweaked
    version of this certificate in the future, simply run
    letsencrypt-auto again with the “certonly” option. To
    non-interactively renew all of your certificates, run
    “letsencrypt-auto renew”
    root@ip-172-31-45-103:~#
6

Rechecked your domain ( https://check-your-website.server-daten.de/?q=mominoun.com ):

Now you have installed the correct certificate.

CN=www.mominoun.com
	04.06.2019
	02.09.2019
expires in 90 days	
mominoun.com, www.mominoun.com - 2 entries

So both connections are secure.

Domainname Http-Status redirect Sec. G
• http://mominoun.com/
34.247.10.109 301 https://mominoun.com/ 0.073 A
• http://www.mominoun.com/
34.247.10.109 302 https://www.mominoun.com/ 0.070 A
• https://mominoun.com/
34.247.10.109 200 1.030 I
• https://www.mominoun.com/
34.247.10.109 200 0.910 I

What says

apachectl -S

Looks like you have only a default port 80 vHost, not an explicit named vHost.

1 Like
7

root@ip-172-31-45-103:~# apachectl -S
VirtualHost configuration:
*:443 mominoun.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80 is a NameVirtualHost
default server www.mominoun.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:50)
port 80 namevhost www.mominoun.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:50)
port 80 namevhost www.mominoun.com (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost mominoun.com (/etc/apache2/sites-enabled/000-default.conf:61)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33
root@ip-172-31-45-103:~#

8

There you see some problems:

You have port 80 vHosts defined in 000-default-le-ssl, that's curious.

And you have three port 80 + www, that's terrible.

Merge these definitions to one vHost in a new file (not ssl in the file name) and rename your default server (maybe localhost or something else).

So you have only one port 80 named vHost with non-www and www, same with port 443.

1 Like
9

Please help me
What do I do in this situation

10

Greettings
please what i do in this problem

11

Hi @seraj,

In this situation you need to audit your vhosts and ensure you don’t have duplicates vhost entries like @JuergenAuer stated above. If you could post the entirety of your vhost configuration, that would be helpful.

12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.