Website not working over ssl

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: xist.nu

I ran this command: sudo certbot apache

It produced this output:Failed redirect for xist.nu
Unable to set enhancement redirect for xist.nu
Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection

My web server is (include version): Apache 2.4.38

The operating system my web server runs on is (include version): Fedora 29

My hosting provider, if applicable, is: Myself

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):0.31.0

I cannot access my website over ssl even after installing it using certbot and I keep getting this error. I’d appreciate all help

Hi @lmaobadatmath

your main configuration looks ok ( https://check-your-website.server-daten.de/?q=xist.nu ):

Domainname Http-Status redirect Sec. G
http://www.xist.nu/
85.229.73.92 301 http://xist.nu/ 0.933 D
http://xist.nu/
85.229.73.92 200 0.786 H
https://xist.nu/
85.229.73.92 -14 10.030 T
Timeout - The operation has timed out
https://www.xist.nu/
85.229.73.92 -14 10.027 T
Timeout - The operation has timed out

http works, https doesn't.

And you have already created three certificates.

So it looks that certbot doesn't understand your configuration, so Certbot can't create the correct vHost.

What says

apachectl configtest
apachectl fullstatus
apachectl -S

certbot certificates

For this it gives file "/etc/letsencrypt/live/xist.nu/fullchain.pem' does not exist or is empty
But it returns syntax ok when I run the command with sudo

This returns “The links package is required for this functionality”

This returns file "/etc/letsencrypt/live/xist.nu/fullchain.pem' does not exist or is empty When run with sudo it returnsVirtualHost configuration:
*:443 is a NameVirtualHost
default server xist.nu (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost xist.nu (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost xist.nu (/etc/httpd/conf/httpd.conf:353)
alias xist.nu
port 443 namevhost xist (/etc/httpd/conf/httpd-le-ssl.conf:2)
alias xist.nu
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/usr/share/wordpress/”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex cache-socache: using_defaults
PidFile: “/run/httpd/httpd.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: MODPERL2
User: name=“apache” id=48
Group: name=“apache” id=48
[customriguf@localhost live]$
`

This returns this:
The following error was encountered:
[Errno 13] Permission denied: ‘/var/log/letsencrypt/.certbot.lock’
Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.
When run as root, it returns:
Found the following certs:
Certificate Name: xist.nu
Domains: xist.nu
Expiry Date: 2019-07-26 15:05:39+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/xist.nu/fullchain.pem
Private Key Path: /etc/letsencrypt/live/xist.nu/privkey.pem

That's bad, every combination of port and vHost should be unique.

There is a vHost.

Check the rows with

SSLCertificateKeyFile
SSLCertificateFile 

and add the paths of your new certificate.

PS: root rights are required, so the non-root results are expected.

They were already correct, but I changed them anyways with no result.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.