LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 10-25-2016, 08:39 AM   #1
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,240

Rep: Reputation: 103Reputation: 103
unable to install letsencrypt certificate with apache


I'm trying to install a let's encrypt certificate on my Centos 7 running Apache, running:
Code:
certbot --apache -d mydomain.com -d www.mydomain.com -d mail.mydomain.com
But the following error occurs:

Code:
Error while running apachectl graceful.

Job for httpd.service invalid.


IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: mail.mydomain.com
   Type:   connection
   Detail: Failed to connect to SERVER'S IP:443 for TLS-SNI-01
   challenge

   Domain: mydomain.com
   Type:   connection
   Detail: Failed to connect to SERVER'S IP:443 for TLS-SNI-01
   challenge

   Domain: www.mydomain.com
   Type:   connection
   Detail: Failed to connect to SERVER'S IP:443 for TLS-SNI-01
   challenge

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.
This is my httpd.conf (it's default, really, with the exception of the last line - IncludeOptional):
Code:
ServerRoot "/etc/httpd"
Listen 0.0.0.0:80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
    AllowOverride none
    Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
    AllowOverride None
    Require all granted
</Directory>
<Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>
<Files ".ht*">
    Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>
<IfModule mime_module>
    TypesConfig /etc/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf
IncludeOptional sites-enabled/*.conf
I also have /etc/httpd/sites-enabled/mydomain.com.conf:
<VirtualHost *:80>
ServerName domain.com
ServerAlias www.mydomain.com
DocumentRoot /var/www/html
ErrorLog /var/log/httpd/caleidoscop.xyz/error.log
</VirtualHost>

And on ssl.conf there's a Listen 443 directive.

After I run the certbot command, Apache is stopped for some reason. But if I start it again, it works fine. On netstat both 80 and 443 show up as listening ports.

The Apache welcome test page works both with the server's ip and with the domain.
 
Old 10-25-2016, 09:02 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 3,461

Rep: Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552Reputation: 1552
If you've an already running apache instance then read up on:

Code:
certbot certonly --webroot
I've had a lot of success with that on running websites.
 
1 members found this post helpful.
Old 10-25-2016, 09:45 AM   #3
vincix
Senior Member
 
Registered: Feb 2011
Distribution: Ubuntu, Centos
Posts: 1,240

Original Poster
Rep: Reputation: 103Reputation: 103
Thank you. Indeed, I had forgotten completely about webroot. Works now
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How to setup a intermediate compatible SSL website with LetsEncrypt certificate LXer Syndicated Linux News 0 01-19-2016 04:30 PM
Unable to install apache mannmaniyar Linux - Server 6 06-15-2013 01:15 PM
SSL Apache client certificate - CentOS 5 - How to install ? dlugasx Linux - Server 1 09-23-2010 10:11 AM
Unable to Install mod_auth_ldap on Apache 2.0 DavidV Linux - Software 1 02-04-2007 04:00 PM
Unable to install Apache::AuthCookieDBI smaida Programming 1 06-24-2004 11:19 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 05:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration