0

To this question

When does Ubuntu 16.04 use /etc/apache2/ssl/apache.crt?

there's an answer on how to create certificates, but there isn't one on what to do if apache can't start https when you make the necessary changes to the virtual host file.

I'm interested in that situation, what we should we do?

I have used all necessary steps to achieve this.

I'm using Ubuntu 16.04 with Apache/2.4.18 as a web server. After I was enable ssl, I follow this next steps to include valid ssl certificate in web server

(https://certbot.eff.org/#ubuntuxenial-apache)

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache
sudo certbot --apache certonly

After that I get fullchain.pem certificate as a file and key file privkey.pem.

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/myserver.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/myserver.com/privkey.pem

When I included those lines in default-ssl.conf file and enable virtual host using these commands in terminal:

a2dissite default-ssl.conf
a2ensite default-ssl.conf
service apache2 reload/restart

I get error that ssl certificate is not valid and Apache web server couldn't start https.

How can I resolve this situation with Ubuntu & certbot to get valid ssl certification for 30 days?

virtual host file:

  < IfModule mod_ssl.c>
    < VirtualHost _default_:443 >
        ServerName mysite.com               

        ServerAdmin webmaster@mysite.com

        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on

        SSLCertificateKeyFile /etc/letsencrypt/live/mysite.com/privkey.pem
        SSLCertificateFile /etc/letsencrypt/live/mysite.com/cert.pem
        SSLCertificateChainFile /etc/letsencrypt/live/mysite.com/fullchain.pem
        Include /etc/letsencrypt/options-ssl-apache.conf

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>
    </VirtualHost>
</IfModule>
Zanna
  • 70,465
Pajsije
  • 101
  • Certbot should have created a site-file with the actual name of your site. Example: /etc/apache2/sites-available/<site-name>-le-ssl.conf – Videonauth Nov 30 '17 at 23:16
  • I looked at /etc/apache2/site-available and I didn't find any similar file with *-le-ssl.conf. – Pajsije Dec 01 '17 at 11:04
  • Im assuming youre setting this servr up for the first time, backup your files in /etc/apache2/sites-available and run certbot with the --apache flag so you can see how certbot changes the files around and then edit your files accordingly. – Videonauth Dec 01 '17 at 12:49

0 Answers0