Understanding Virtual Hosts requirement


#1

I am attempting to get a certificate issued to a machine running Apache and Web Help Desk from Solarwinds.

When I issue

‘sudo certbot --apache’

I get back

‘Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.’

But I’m struggling to understand what is wrong. It seems to be asking me to add a new virtual host in the Apache config, but why?
If I give Certbot it’s own vhost, what does that achieve? I’m guessing I’d still have to manually copy the certs when they are renewed…

Thanks for any help!


#2

Hi,

Because you’re using the Apache plugin of certbot, it will trying to find a vHost that contains the hostname you entered…

For now, I’m guessing you are trying to obtain a certificate first, then setup vHosts?

If you don’t want to do this… you can use this command

sudo certbot certonly (only obtain the certificate, not installing or modify vHost files)

Then when you are done setup Apache vHosts, just specify the certificates instead of let certbot install that for you.

Thank you


#3

Hi StephenZhu,

Thank you for your reply. I’m still struggling to understand this.
I’ve said ‘why do this method of obtaining a cert require a V-host to be setup’ and you’ve pretty much answered ‘because it does’

I’m not trying to be critical, but here’s why I asked the question- I’ll try to be clearer (and the documentation doesn’t mention this directly.

My server at ‘support.xxxx.com.au’ is already up and running on port 80, and has it’s document root at
/Library/WebHelpDesk/bin/webapps/helpdesk

It’s running Apache, and I’m trying to work out why I am getting this error.

So if V-hosts is required-

I hope you can see why I am confused!

Thanks again

Adam


#4

It is possible for Apache to be configured without virtual hosts.

For instance, if your configuration was just:

Listen 80
ServerName example.org
DocumentRoot /var/www/html

Apache would work just fine, but it would do so without any virtual hosts.

Virtual hosts refer to a specific way of enabling Apache to serve multiple websites from a single instance. You can find the documentation for them here: https://httpd.apache.org/docs/2.4/vhosts/

As I understand it, Certbot’s Apache plugin relies on the presence of virtual hosts to understand how your websites are split up and how to apply configuration changes to individual sites.

In my previous example, if you tried to run Certbot against such an Apache configuration, it would surely complain:

Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

However, this can easily be addressed by re-forming that piece of configuration as a virtual host:

<VirtualHost *:80>
  ServerName example.org
  DocumentRoot /var/www/html
</VirtualHost>

With this variant, Certbot is able to understand your Apache configuration and do its job in issuing and installing a certificate.

I believe it is has been a best practice for some time to configure all websites as name-based virtual hosts. Most Linux distributions configure their Apache packages by default using virtual hosts.

I hope that somewhat addresses your question.


#5

ah, that’s awesome _az
Thank you- I’ll revisit this tomorrow

cheers

Adam


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.