Troubleshooting Apache » History » Version 1
Lance Edgar, 07/22/2022 09:03 PM
Add "nameless" hack/fix for some Let's Encrypt failures
| 1 | 1 | Lance Edgar | # Troubleshooting Apache |
|---|---|---|---|
| 2 | |||
| 3 | TODO: this should be organized to allow for multiple issues; for now i just describe one |
||
| 4 | |||
| 5 | ## Let's Encrypt fails the 'http' challenge |
||
| 6 | |||
| 7 | I often leave the default site unchanged from the OS install, and then add e.g. `rattail.example.com.conf` as a separate site. This *should* let `certbot` do its 'http' challenge; however sometimes it doesn't work! |
||
| 8 | |||
| 9 | The problem may be that Apache is not treating your "default" site as the first virtual host, and is instead serving up an alternate virtual host when `certbot` tries the challenge. |
||
| 10 | |||
| 11 | TODO: i should understand / describe the issue better |
||
| 12 | |||
| 13 | To confirm which site Apache will consider the default: |
||
| 14 | |||
| 15 | ```sh |
||
| 16 | sudo apachectl -S |
||
| 17 | ``` |
||
| 18 | |||
| 19 | If the default site is unchanged from upstream, but Apache is not treating it as the first virtual host, consider replacing the default site with this: |
||
| 20 | |||
| 21 | ```apache |
||
| 22 | <VirtualHost *:80> |
||
| 23 | |||
| 24 | # note, it apparently is important that we *do* overwrite the |
||
| 25 | # default site config, and in particular "pretend" that it is a |
||
| 26 | # named virtual host, which will not really ever match a real |
||
| 27 | # request. so access to this site then is mostly just by way of |
||
| 28 | # direct IP, when applicable. using a "fake name" for this site |
||
| 29 | # ensures that certbot can correctly update certificate etc. |
||
| 30 | ServerName nameless |
||
| 31 | |||
| 32 | DocumentRoot "/var/www/html/" |
||
| 33 | |||
| 34 | </VirtualHost> |
||
| 35 | |||
| 36 | ``` |