Virtualhost not able to be selected - Can't install certificate in a second website

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: teclinux.com and neosys.com.br

I ran this command: sudo certbot --apache -d neosys.com.br -d www.neosys.com.br

It produced this output:

We were unable to find a vhost with a ServerName or Address of neosys.com.br.
The selected vhost would conflict with other HTTPS VirtualHosts within Apache. Please select another vhost or add ServerNames to your configuration.
VirtualHost not able to be selected.

My web server is (include version): Apache2

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.3.0

Well, I had teclinux.com running perfectly using virtual host. Site enabled, etc, SSL certificate installed, etc.

Today I tried to install Let's Encrypt SSL certificate on neosys.com.br using Certbot, and got the above mentioned errors.

It finishes, so, with "VirtualHost not able to be selected.", and I don't understand why is this happening.

Below is the virtual host file for neosys.com.br:

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName www.neosys.com.br
        ServerAlias www.neosys.com.br

        Protocols h2 http/1.1

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/neosys.com.br/public_html

         <Directory /var/www/html/neosys.com.br/public_html>
         Options -Indexes +FollowSymLinks
         AllowOverride All
         Require all granted
         </Directory>   

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog /var/www/html/neosys.com.br/logs/error.log
        CustomLog /var/www/html/neosys.com.br/logs/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

Any idea about why is this happening?

Thanks in advance for any help.

P.S.: and something strange. My browser notices the SSL absence and asks me for that permission. I give it.

But from now on I am redirected to teclinux.com (while trying to access neosys.com.br).

A full list of virtual hosts is going to be what helps:

apachectl -t -D DUMP_VHOSTS

Certbot is probably complaining that you already have an HTTPS virtual host for either one or both of those domains.

One thing you could try is fixing this:

That should probably be:

ServerName neosys.com.br
ServerAlias www.neosys.com.br

Thanks for your answer.

So, it returns the below output:

AH00526: Syntax error on line 41 of /etc/apache2/sites-enabled/teclinux.com-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/teclinux.com/fullchain.pem' does not exist or is empty
Action '-t -D DUMP_VHOSTS' failed.
The Apache error log may have more information.

Try run it as root, or:

sudo apachectl -t -D DUMP_VHOSTS

Ah, sorry, my bad. Here is the output:

*:443                  www.teclinux.com (/etc/apache2/sites-enabled/teclinux.com-le-ssl.conf:2)
*:80                   is a NameVirtualHost
         default server neosys.com.br (/etc/apache2/sites-enabled/neosys.com.br.conf:1)
         port 80 namevhost neosys.com.br (/etc/apache2/sites-enabled/neosys.com.br.conf:1)
                 alias www.neosys.com.br
         port 80 namevhost www.teclinux.com (/etc/apache2/sites-enabled/teclinux.com-le-ssl.conf:46)
                 alias www.teclinux.com
         port 80 namevhost www.teclinux.com (/etc/apache2/sites-enabled/teclinux.com-le-ssl.conf:96)
                 alias www.teclinux.com
         port 80 namevhost www.teclinux.com (/etc/apache2/sites-enabled/teclinux.com.conf:1)
                 alias www.teclinux.com

That looks like you already made the change I suggested in my first reply.

Does Certbot work for you now?

That's great. Fixing that ServerName adjusted everything.

The only problem now is that trying to access neosys.com.br is redirecting me to teclinux.com .

I don't get that problem, it might be a cached redirect in your browser.

Can you try in a different browser or in a private browsing mode?

Great. It was really the cache.

Everything is working great. Thank you very much!

Am I seeing double tripple?
[this other domain is having an identity crisis]
That output shows a name:port overlap [+overlap].

Times two!

There's again a superfluous alias..

But I don't understand that. I have only two virtual hosts. Why all of those are being displayed?

Misconfiguration.

It seems so.

And the problem is that neosys.com.br is now only displaying a blank page. I can curl it and see that there is a permanent redirection, but don't know from where it comes.

It comes from:

Please show these two files:

Sure. Here they are:

teclinux.com-le-ssl.conf:

<IfModule mod_ssl.c>
<VirtualHost *:443>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	ServerName www.teclinux.com
        ServerAlias www.teclinux.com

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html/teclinux.com/public_html

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog /var/www/html/teclinux.com/logs/error.log
	CustomLog /var/www/html/teclinux.com/logs/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
<Location /server-status>
     SetHandler server-status
     Order Deny,Allow
     Deny from all
  Allow from localhost
</Location>


Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias teclinux.com
SSLCertificateFile /etc/letsencrypt/live/teclinux.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/teclinux.com/privkey.pem
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	ServerName www.teclinux.com
        ServerAlias www.teclinux.com

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html/teclinux.com/public_html

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog /var/www/html/teclinux.com/logs/error.log
	CustomLog /var/www/html/teclinux.com/logs/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
<Location /server-status>
     SetHandler server-status
     Order Deny,Allow
     Deny from all
  Allow from localhost
</Location>
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =www.teclinux.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
  <Directory /var/www/html/teclinux.com/public_html/>
        Require all granted
        AllowOverride All
    </Directory>


</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	ServerName www.teclinux.com
        ServerAlias www.teclinux.com

	Protocols h2 http/1.1

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html/teclinux.com/public_html

	 <Directory /var/www/html/teclinux.com/public_html>
         Options -Indexes +FollowSymLinks
         AllowOverride All
         Require all granted
         </Directory>

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog /var/www/html/teclinux.com/logs/error.log
	CustomLog /var/www/html/teclinux.com/logs/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
<Location /server-status>
     SetHandler server-status
     Order Deny,Allow
     Deny from all
  Allow from localhost
</Location>
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =www.teclinux.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
  <Directory /var/www/html/teclinux.com/public_html/>
        Require all granted
        AllowOverride All
    </Directory>


</VirtualHost>
</IfModule>

teclinux.com.conf:

<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	ServerName teclinux.com
        ServerAlias www.teclinux.com

	Protocols h2 http/1.1

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html/teclinux.com/public_html

	 <Directory /var/www/html/teclinux.com/public_html>
         Options -Indexes +FollowSymLinks
         AllowOverride All
         Require all granted
         </Directory>

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog /var/www/html/teclinux.com/logs/error.log
	CustomLog /var/www/html/teclinux.com/logs/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
<Location /server-status>
     SetHandler server-status
     Order Deny,Allow
     Deny from all
  Allow from localhost
</Location>
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.teclinux.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
  <Directory /var/www/html/teclinux.com/public_html/>
        Require all granted
        AllowOverride All
    </Directory>
</VirtualHost>

Thank you.

The names are repeated.
You should remove one of those "www.".

The first file has three vhost server blocks.
The last two seem to be repeated.
I would remove one of the last two.

The second file is also a repeat of those two in the first file.
But it does have HTTP to HTTPS redirection enabled.
But that redirection is only for the "www" name.

Note: None of this has much to do with this forum.
It has all to do with basic web server configuration.

Hi @rg305 ,

Thank you very much. I really don't understand what is happening, since it all began after SSL certificate install.

Thanks for your help and kindness. I done the suggested procedures, but the blank page still being loaded.

And, sorry for posting this here, is that this started to happen after the above Cerbot issues.

The last two are both HTTP vhosts which should not be in the teclinux.com-le-ssl.conf file at all. The file teclinux.com.conf already contains a HTTP vhost.

I have not checked the contents of the vhosts in detail, but I assume both the HTTP port 80 vhosts from teclinux.com-le-ssl.conf are superfluous.

That (location placement) is rather subjective.
Neither location, nor order, actually matters much.
What does matter is the final/complete configuration.
In which, we can all agree, contains three HTTP server blocks for that name - where it only needs one.