I am back here again to set up myWEB server to be https (currently http). It sounds for me that Certbot is the easiest way to do. But when I run the following command line,
# certbot --apache
After successful account registration, I get the error message as in the title,
Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.
How to add a virtual host? There is a brand new ssl.conf file, not at all edited, is still sitting there. Should I get into editing the ssh.conf file at /etc/httpd/conf.d. I found the <Virtual_Host> </Virtual_Host> tag there in ssh.conf file. Sorry a SSL/https newbie is here, I hardly donât know anything about it. Thanks. Hope any help.
Should I uncomment these two lines, and should I go ahead to provide the my domain names here ? Sounds like it is better to do so, but I havenât read any documentation to do so. I am carefully double checking it to this forum before I do the change. Thanks.
My error is absolutely apache_httpd or ssl.conf error. Up to now, I canât figure it out. Any suggestion to where to look at or which error log message to pay my attention? Mitsuru Kido
Thatâs probably because you donât realise, certbot is part of the LetsEncrypt stuff. And when you want to create a certificate you need to have a web server listening on port 80, so that LetsEncrypt can verify things that:
You own the domain you are trying to create a certificate for.
You own the web server that you are trying to create the certificate for.
To verify both points it therefore needs to connect to your web server on port 80 and when successful it will create the SSL certificate.
@mkido remove the redirect to HTTPS from your VHOST configuration because you donât have an active certificate yet. Also make sure you can browse your website on http to verify that the vhost configuration is working properly. Then once this is correct, you can try the certbot command again.
Dear, Dear iwalker, thank you so much with your comment. I am sorry for this slow replies.
I was too busy because I have enrolled a language class, and its assignments took time. No time for SSL/https study. Anyway, I am today back here to continue my study on https.
Now, I understood that the certificates I created by Certbot a few weeks ago are not good. It appears that my VHOST configuration was not good. I will keep work on VHOST configuration.
I have been studying a few references about VHOST configuration at Apache.org Documentation, then I found a similar case of configuration at my Hachioji-JAPAN WEB-casting. My WEB-casting server has two domains; one is Internal-LAN setup 192.168.1.6/24 and the other is the router connecting to the Internet 110.3.33.130. The Aoache Documentation example of Internal LAN domain and Router domain is as below,
<VirtualHost 192.168.1.1 172.20.30.40>
DocumentRoot "/www/server1"
ServerName server.example.com
ServerAlias server
</VirtualHost>
When I setup my server with "nmtui" I typed my internal LAN domain as 192.168.1.6/24. Should I keep the /24 or just 192.168.1.6 is good enough.
Let's me edit the above example to my Server, in the file "tunefind.info.conf" at /etc/http/conf.d/.
Well, I told you, I am completely a newbie to this VHOST configuration, I have no idea what I suppose to do. I wish to have a good documentation in addition to Apache documentation. Thanks. It is a very minor note but I have been typing CLOSING TAG
<_/_VirtualHost> in a appropriate place in this draft, but when I Save Edit, it get gone, why?
The vhost you can configure in a file under /etc/httpd/conf.d - you can create a new file for each vhost, or have one singular file for multiple vhosts. Once it has been configured, you can check itâs correctly formatted by doing:
apachectl configtest
then try to connect to the vhost via port 80 http and once itâs working and displaying the website, at this point you can then start looking at getting certbot to create LetsEncrypt certificate.
You didnât bother to run the commands I suggested above, so Iâll do it for you.
This one indicates that you already have a web server listening on port 80 using plain http curl --include --head "http://www.tunefind.info:80/"
I can see things like âindex_language_group_explanationâ
I notice the response seems slow from here in the UK, both the name server and the web server.
Now regarding port 443, I think you are trying to run plain http on port 443, but you need to change it to âhttpsâ. You should be able to do this even if you donât have a cert yet. e.g. with the built-in self-signed certs, youâll get a browser warning, but it should work. Actually, the default Rocky config should work for both. You should see a file already exists in /etc/httpd/conf.d for ssl.
Thanks, Dear iwalker, I feel I am getting close to successful configuration of âtunefind.info.confâ which I placed at the /etc/httpd.conf.d/ location. I keep working around by Trial-and-Error approach.
It looks good. I have been seeing various Warning or Error messages in yellow colour or red colour as the response of certbot --apache. That sounds good for me. A little further step I should try to. It looks promising. Thank you, gerru660uk, Bye now.