I would need to see your web server configuration to be able to help with that. But normally you would add to the particular VHOST:
ServerName tunefind.info
most likely you don’t have it for that particular config file. It may be you are using the default Apache configuration that doesn’t have a vhost or servername set. You can also check the log file /var/log/letsencrypt/letsencrypt.log as there would be more detail here.
Hi ! Dear, iwalker ! Wonderful command line ! for WEB files to be safer. Thanks, so much.
I am going to take a flight from Seoul to Tokyo on June 4th. Back to Hachioji-Tokyo Office, this makes a few days of communication-interruption. If I don’t respond timely manner, please imagine I am on my way to a flight, and be patient. Thanks, so much of communications and correspondences. M.K.
This will be a BIG TEXT FILE COPY, but I would like to post the CONTENT of “letsencrpt.log” file the latest part of it.
--------------------------------------------------
-------------------------------------------------
2025-06-03 04:52:18,300:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for tunefind.info
2025-06-03 04:52:18,304:DEBUG:acme.client:Requesting fresh nonce
2025-06-03 04:52:18,305:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2025-06-03 04:52:18,479:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2025-06-03 04:52:18,480:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 02 Jun 2025 19:52:18 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: _G_8-Az_NwVp3wswNay-5eYhUgKLvuoPv7XEM6QAaqlF1hjnA3s
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2025-06-03 04:52:18,480:DEBUG:acme.client:Storing nonce: _G_8-Az_NwVp3wswNay-5eYhUgKLvuoPv7XEM6QAaqlF1hjnA3s
2025-06-03 04:52:18,481:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "tunefind.info"\n }\n ]\n}'
2025-06-03 04:52:18,487:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjIyMTk2NTE3NSIsICJub25jZSI6ICJfR
184LUF6X053VnAzd3N3TmF5LTVlWWhVZ0tMdnVvUHY3WEVNNlFBYXFsRjFoam5BM3MiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcm
RlciJ9",
"signature": "EjBieCgh-OageIFj9GM_96JkyeQlIlGUicyhI2ZDxIp73cmhpkF8yKhtRuUEkhJYj0dVfUy3TgsWJvvgiIURgGOlueAmzAQ1wjCpHz87DpW86WwAVpYxqChmtlB1CHeUc
3zEUrR54675FDmEOlgo49qaJvlK3p2pGEwIwpRR2DP1veAmZ9qiYfEFDacSPR0_qp7Kt1k-dfukSc-JDYlGofw7fxzXTu6BHCNeLzoByaY2McyVEV-XVDa9t1bRM-UJSaBVepoymBYpEjMrzD
QURA-XGtoVo61rdJT98pOJUPUgEGQsaeipUkNm_12wwfidXBHaiv8KHMbQmdpinjLTXw",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInR1bmVmaW5kLmluZm8iCiAgICB9CiAgXQp9"
}
2025-06-03 04:52:18,748:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 347
2025-06-03 04:52:18,749:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Mon, 02 Jun 2025 19:52:18 GMT
Content-Type: application/json
Content-Length: 347
Connection: keep-alive
Boulder-Requester: 2221965175
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/2221965175/388812618007
Replay-Nonce: LedufNqSuC_Kkm23ptHpqtcHXUvC4VTvmrcasHEhcAQqnIZrV1s
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"status": "pending",
"expires": "2025-06-04T22:42:58Z",
"identifiers": [
{
"type": "dns",
"value": "tunefind.info"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz/2221965175/527378742887"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/2221965175/388812618007"
}
2025-06-03 04:52:18,749:DEBUG:acme.client:Storing nonce: LedufNqSuC_Kkm23ptHpqtcHXUvC4VTvmrcasHEhcAQqnIZrV1s
2025-06-03 04:52:18,750:DEBUG:acme.client:JWS payload:
b''
2025-06-03 04:52:18,753:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz/2221965175/527378742887:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMjIyMTk2NTE3NSIsICJub25jZSI6ICJMZ
WR1Zk5xU3VDX0trbTIzcHRIcHF0Y0hYVXZDNFZUdm1yY2FzSEVoY0FRcW5JWnJWMXMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6Lz
IyMjE5NjUxNzUvNTI3Mzc4NzQyODg3In0",
"signature": "Bu_ZSUZooh5_XKV3n2Y_zn0k55Y78NztEA94qC3po-CriDm6sl9pqwur9MF2Go_NSTHESMz-vYloix2FtjY8xkBpNb8EnL59w8IrNbgiR6umuREyeDUdG0O_OEqeyLM9Y
zGwD-YcpmbEu8vIY_cbhmHg2xg3tUdGU3-GztEmxVkyHCk_qKz6PHoIfytUPjmGrulYJV-2U1AinoQXEKzU9PjMxf5BUvzp5kgatCKNSXF5GWlnODqTlScZ96SO3IwMVdk0rKb_mTIO4MMcr3
jk9D1w8FsxK1aXQn_FVrSC91u7ZZRwzNhxImnXJDh03SUHVIhjk3UMOLWm1CYHuK6Rfg",
"payload": ""
}
2025-06-03 04:52:18,941:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz/2221965175/527378742887 HTTP/1.1"
200 821
2025-06-03 04:52:18,942:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Mon, 02 Jun 2025 19:52:18 GMT
Content-Type: application/json
Content-Length: 821
Connection: keep-alive
Boulder-Requester: 2221965175
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: _G_8-Az_pncPIZVJKf0L4DpkV6gk2naoBg73wl9OgvLyRtEsq2E
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
"identifier": {
"type": "dns",
"value": "tunefind.info"
},
"status": "pending",
"expires": "2025-06-04T22:42:58Z",
"challenges": [
{
"type": "http-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2221965175/527378742887/01Y_3w",
"status": "pending",
"token": "EVJ84TeNfrHwy4RXgcGr6L7eYlfTlkrsScbH32yAdts"
},
{
"type": "dns-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2221965175/527378742887/ZFTaVw",
"status": "pending",
"token": "EVJ84TeNfrHwy4RXgcGr6L7eYlfTlkrsScbH32yAdts"
},
{
"type": "tls-alpn-01",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall/2221965175/527378742887/pPBYxA",
"status": "pending",
"token": "EVJ84TeNfrHwy4RXgcGr6L7eYlfTlkrsScbH32yAdts"
}
]
}
2025-06-03 04:52:18,943:DEBUG:acme.client:Storing nonce: _G_8-Az_pncPIZVJKf0L4DpkV6gk2naoBg73wl9OgvLyRtEsq2E
2025-06-03 04:52:18,944:INFO:certbot._internal.auth_handler:Performing the following challenges:
2025-06-03 04:52:18,944:INFO:certbot._internal.auth_handler:http-01 challenge for tunefind.info
2025-06-03 04:52:18,953:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
resps = self.auth.perform(achalls)
File "/usr/lib/python3.9/site-packages/certbot_apache/_internal/configurator.py", line 2474, in perform
http_response = http_doer.perform()
File "/usr/lib/python3.9/site-packages/certbot_apache/_internal/http_01.py", line 66, in perform
self._mod_config()
File "/usr/lib/python3.9/site-packages/certbot_apache/_internal/http_01.py", line 102, in _mod_config
selected_vhosts += self._relevant_vhosts()
File "/usr/lib/python3.9/site-packages/certbot_apache/_internal/http_01.py", line 145, in _relevant_vhosts
raise errors.PluginError(
certbot.errors.PluginError: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you
control your domain. Please add a virtual host for port 80.
2025-06-03 04:52:18,954:DEBUG:certbot._internal.error_handler:Calling registered functions
2025-06-03 04:52:18,954:INFO:certbot._internal.auth_handler:Cleaning up challenges
2025-06-03 04:52:19,043:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/usr/bin/certbot", line 8, in <module>
sys.exit(main())
File "/usr/lib/python3.9/site-packages/certbot/main.py", line 19, in main
return internal_main.main(cli_args)
File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1873, in main
return config.func(config, plugins)
File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 1429, in run
new_lineage = _get_and_save_cert(le_client, config, domains,
File "/usr/lib/python3.9/site-packages/certbot/_internal/main.py", line 142, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 518, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 429, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "/usr/lib/python3.9/site-packages/certbot/_internal/client.py", line 497, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "/usr/lib/python3.9/site-packages/certbot/_internal/auth_handler.py", line 88, in handle_authorizations
resps = self.auth.perform(achalls)
File "/usr/lib/python3.9/site-packages/certbot_apache/_internal/configurator.py", line 2474, in perform
http_response = http_doer.perform()
File "/usr/lib/python3.9/site-packages/certbot_apache/_internal/http_01.py", line 66, in perform
self._mod_config()
File "/usr/lib/python3.9/site-packages/certbot_apache/_internal/http_01.py", line 102, in _mod_config
selected_vhosts += self._relevant_vhosts()
File "/usr/lib/python3.9/site-packages/certbot_apache/_internal/http_01.py", line 145, in _relevant_vhosts
raise errors.PluginError(
certbot.errors.PluginError: Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you
control your domain. Please add a virtual host for port 80.
2025-06-03 04:52:19,044:ERROR:certbot._internal.log:Unable to find a virtual host listening on port 80 which is currently needed for Certbot to p
rove to the CA that you control your domain. Please add a virtual host for port 80.
[root@svr1 letsencrypt]#
I have never created any Virtual Host. Except Virtualmin tried to create something during it installation to the current subject tunefind.info WER server computer a few months ago. Sorry about this newbie’s question, but what is Virtual Host ? WHAT FOR does an administrator create a Virtual Host ? WHAT kind of usefulness (advantage) Virtaul Host has? Is it possible to run the WEB-Server without any Virtual Host set up? I am so sorry, I am completely new to this Virtual Host concept. I will also study this Virtual Host topic in Wikipedia or else. Please be patient about my elementary questions. Thanks so much.
As far as I know, tunefind.info WEB-server is not running inside of a big company like environment with multiple computers, but it completely simple enough, and one computer. I don’t think I need to use the VIRTUAL set up to handle just one computer. Our WEB serving computer (tunefind.info) is one desktop computer with ONE IP address (110.3.33.130 IPv4), although ROUTER has the IP address (110.3.33.130), and the real WEB-Serving computer is inside the Home-Office LAN, and it has the intra-LAN IP (192.168.1.6/24). I and my co-administrator configured it by using [ nmtui ] command in Rocky9.1 about a year ago. I don’t feel any necessity of Virtual set up. Do I need ? How does everyone think ?
Here is one more, very simple question, but I want to make sure about it. When I ran the certbot command line, I have been running always from the subject computer inside by ssh -access. The subject computer was installed most of necessary software packages and I issued the command line
(194.168.1.6/24 behind the Router of 110.3.33.130) # cerbot --apache -d tunefind.info
That is what I have been running. Is this O.K.?? right? I ssh-ed to get into tunefind.info (or 110.3.33.130) and LOGIN, then I issued this command line from inside of subject computer. Am I doing the Right thing, amn’t I. Thank you, thank you, thank you. I am a complete newbie about this subject. Please be patient to me about these elementary questions.
I am going to post one more screen-shot, which shows WEB console which shows unusal port number for https. As I described above, due to Virtualmin trial loading (and I didn’t pursue finalization.), this could be the trace (record) of Virtual setup by Virtualmin. If the things get complicated, I will completely re-new the WEB-Server set up at Hachioji’s office on another backup computer, and will try to run “certbot --apache” on a fresh server.
SSH-scrennshot
Yes it is possible to run it without VirtualHost, it would just mean at this point your server would only display one website and not multiple ones. About the only way you could do it this way would be to have url’s like:
http://mydomain.com/site1
http://mydomain.com/site2
which wouldn’t be great. With VirtualHosts, you can configure Apache or Nginx to display multiple domains. So you could then have for example: www.mydomain1.com and www.mydomain2.com displaying different sites. For Apache, you then configure VirtualHost sections in your configuration files with the appropriate name.
It seems LetsEncrypt for some reason based on the logs I see wants you to have configured VirtualHosts. Normally it would be enough to create the site under /etc/httpd/conf.d/mysite.conf replacing “mysite” with “tunefind” or whatever identifier you want to give to the name of the file.
You can find plenty of VirtualHost or vhost config examples from this search I did:
Thanks, thanks, ESPECIALLY to Dear iwalker. Thanks so much of your time for spending with me. GREAT, GREAT appreciation. I will close this discussion here, since I will completely Re-new (Replace) the WEB server (.ORG) at Los Angeles. And carefully work together with ISP (co-administrator), and then I will try Certbot sometime around.
Also, at .INFO side of WEB server (Tokyo) I will also very likely Re-new (a new Hard-disk replacement) and COPY ALL FILES and re-do Network configuration as before. Without Virturlmin attempt, I will go ahead to try to run [ cerbot --apache -d tunefind.info ]. THANKs, THANKs so much with everyone, and Mr. iwalker. Bye now, till then.
Good luck! I’m sure it’ll work out fine on the new servers.
As for the port you noticed when you login via SSH, this is just for something called cockpit, which is web management of your server. You do not need to worry about it, it has nothing to do with Apache.
However, this port is accessible publicly, so you may want to disable cockpit if you are not using it, since it leaves the possibility for someone to try and hack your server by logging in via this port in their web browser. I would do this:
systemctl disable --now cockpit
And then make sure port 9090 is not listening anymore on your server.
Hi, you don’t need certbot. Rocky/RHEL comes with mod_md, an Apache HTTPD module. Read this Automatically acquire and renew certificates using mod_md and Automated Certificate Management Environment (ACME) in Identity Management (IdM)
Certbot has lots of dependencies or comes as snap package. My prefered solution besides mod_md is acme.sh.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.