Troubleshooting Apache¶

TODO: this should be organized to allow for multiple issues; for now i just describe one

Let's Encrypt fails the 'http' challenge¶

I often leave the default site unchanged from the OS install, and then add e.g. rattail.example.com.conf as a separate site. This should let certbot do its 'http' challenge; however sometimes it doesn't work!

The problem may be that Apache is not treating your "default" site as the first virtual host, and is instead serving up an alternate virtual host when certbot tries the challenge.

TODO: i should understand / describe the issue better

To confirm which site Apache will consider the default:

sudo apachectl -S

If the default site is unchanged from upstream, but Apache is not treating it as the first virtual host, consider replacing the default site with this:

<VirtualHost *:80>

    # note, it apparently is important that we *do* overwrite the
    # default site config, and in particular "pretend" that it is a
    # named virtual host, which will not really ever match a real
    # request.  so access to this site then is mostly just by way of
    # direct IP, when applicable.  using a "fake name" for this site
    # ensures that certbot can correctly update certificate etc.
    ServerName nameless

    DocumentRoot "/var/www/html/"

</VirtualHost>