3

I’ve setup Certbot on Ubuntu, the certificate was created successfully outputting the following:

Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/bin-depot.co.uk/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/bin-depot.co.uk/privkey.pem

After restarting apache https was not working, it simply failed to connect so I ran:

sudo lsof -iTCP -sTCP:LISTEN -P

...and noted port 443 was not listed to (only port 80).

So I updated default-ssl.conf as shown in steps 3 & 4 here: tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04

After updating default-ssl.cons I ran: sudo a2ensite default-ssl.conf

...and got the message that default-ssl was enabled.

I then restarted Apache but am still unable to connect. It appears port 443 is still not configured.

I’m not sure what steps to take next. Any input would be appreciated. The domain is https://bin-depot.co.uk

EDIT:

Suspected virtual host issue. Have tried the following in a file named "bin-depot.co.uk.conf". Fails to activate on "systemctl reload apache2" giving the error "Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.":

SSLCertificateFile /etc/letsencrypt/live/bin-depot.co.uk/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/bin-depot.co.uk/privkey.pem <VirtualHost *:80> ServerAdmin dan@***.com DocumentRoot /var/www/html <Directory /var/www/html/> Options FollowSymLinks AllowOverride All Require all granted </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> <VirtualHost *:443> SSLEngine On ServerName bin-depot.co.uk ServerAlias www.bin-depot.co.uk DocumentRoot /var/www/html </VirtualHost>
Improve this question
3
  • Could you post your apache2 virtual host config file? My guess is that the certs are not linked correctly. Commented Nov 11, 2018 at 18:10
  • Yes, I think it is a virtualhost issue. Just tried to follow this guide: digitalocean.com/community/tutorials/…. Copied '000-default.conf' and updated to 'bin-depot.co.uk.conf', added what I think is needed for 443/TLS and ran 'systemctl reload apache2' and got the error: 'Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.' Will append my broken bin-depot.co.uk.conf to my initial question. Sorry guys, I'm new to Ubuntu. Commented Nov 11, 2018 at 18:31
  • yepp, that was it. See my answer below. Commented Nov 11, 2018 at 18:52

1 Answer 1

Reset to default
4

You need to edit /etc/apache2/ports.conf. Right now, it says

Listen 80

Change it to:

Listen 443

Next, restart the service. Then, run:

netstat -tanp

And you'll see apache2 listening on port 443.

Improve this answer
3
  • Thanks for that, I've now got it listening to the correct port, however when I try and access the site I get the following error: SSL_ERROR_RX_RECORD_TOO_LONG Commented Nov 11, 2018 at 18:01
  • @Dan382: Did you ever fix that SSL_ERROR_.... error, I'm getting this after updating my letsencrypt certificate Commented Oct 19, 2021 at 16:40
  • @Skizz really sorry, I honestly can’t recall as this was years back. From memory, I think it was a series of stupid mistakes on my side. Just check through the usual suspects (.conf files) and see if you can see anything obvious. Commented Oct 24, 2021 at 10:18

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.