LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   unable to install letsencrypt certificate with apache (https://www.linuxquestions.org/questions/linux-server-73/unable-to-install-letsencrypt-certificate-with-apache-4175592182/)

vincix 10-25-2016 08:39 AM
unable to install letsencrypt certificate with apache
 
I'm trying to install a let's encrypt certificate on my Centos 7 running Apache, running:
Code:
certbot --apache -d mydomain.com -d www.mydomain.com -d mail.mydomain.com
But the following error occurs:

Code:
Error while running apachectl graceful.

Job for httpd.service invalid.


IMPORTANT NOTES:
 - The following errors were reported by the server:

  Domain: mail.mydomain.com
  Type:  connection
  Detail: Failed to connect to SERVER'S IP:443 for TLS-SNI-01
  challenge

  Domain: mydomain.com
  Type:  connection
  Detail: Failed to connect to SERVER'S IP:443 for TLS-SNI-01
  challenge

  Domain: www.mydomain.com
  Type:  connection
  Detail: Failed to connect to SERVER'S IP:443 for TLS-SNI-01
  challenge

  To fix these errors, please make sure that your domain name was
  entered correctly and the DNS A record(s) for that domain
  contain(s) the right IP address. Additionally, please check that
  your computer has a publicly routable IP address and that no
  firewalls are preventing the server from communicating with the
  client. If you're using the webroot plugin, you should also verify
  that you are serving files from the webroot path you provided.
This is my httpd.conf (it's default, really, with the exception of the last line - IncludeOptional):
Code:
ServerRoot "/etc/httpd"
Listen 0.0.0.0:80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
    AllowOverride none
    Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
    AllowOverride None
    Require all granted
</Directory>
<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>
<Files ".ht*">
    Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>
<IfModule mime_module>
    TypesConfig /etc/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf
IncludeOptional sites-enabled/*.conf
I also have /etc/httpd/sites-enabled/mydomain.com.conf:
<VirtualHost *:80>
ServerName domain.com
ServerAlias www.mydomain.com
DocumentRoot /var/www/html
ErrorLog /var/log/httpd/caleidoscop.xyz/error.log
</VirtualHost>

And on ssl.conf there's a Listen 443 directive.

After I run the certbot command, Apache is stopped for some reason. But if I start it again, it works fine. On netstat both 80 and 443 show up as listening ports.

The Apache welcome test page works both with the server's ip and with the domain.

TenTenths 10-25-2016 09:02 AM
If you've an already running apache instance then read up on:

Code:
certbot certonly --webroot
I've had a lot of success with that on running websites.

vincix 10-25-2016 09:45 AM
Thank you. Indeed, I had forgotten completely about webroot. Works now :)


All times are GMT -5. The time now is 10:15 AM.