3

I’ve setup Certbot on Ubuntu, the certificate was created successfully outputting the following:

Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/bin-depot.co.uk/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/bin-depot.co.uk/privkey.pem

After restarting apache https was not working, it simply failed to connect so I ran:

sudo lsof -iTCP -sTCP:LISTEN -P

...and noted port 443 was not listed to (only port 80).

So I updated default-ssl.conf as shown in steps 3 & 4 here: tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04

After updating default-ssl.cons I ran: sudo a2ensite default-ssl.conf

...and got the message that default-ssl was enabled.

I then restarted Apache but am still unable to connect. It appears port 443 is still not configured.

I’m not sure what steps to take next. Any input would be appreciated. The domain is https://bin-depot.co.uk

EDIT:

Suspected virtual host issue. Have tried the following in a file named "bin-depot.co.uk.conf". Fails to activate on "systemctl reload apache2" giving the error "Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.":

SSLCertificateFile /etc/letsencrypt/live/bin-depot.co.uk/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/bin-depot.co.uk/privkey.pem

<VirtualHost *:80>
        ServerAdmin dan@***.com
        DocumentRoot /var/www/html

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:443>
    SSLEngine On
    ServerName bin-depot.co.uk
    ServerAlias www.bin-depot.co.uk
    DocumentRoot /var/www/html
</VirtualHost>
Dan382
  • 211
  • 1
  • 2
  • 9
  • Could you post your apache2 virtual host config file? My guess is that the certs are not linked correctly. – digijay Nov 11 '18 at 18:10
  • Yes, I think it is a virtualhost issue. Just tried to follow this guide: https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts. Copied '000-default.conf' and updated to 'bin-depot.co.uk.conf', added what I think is needed for 443/TLS and ran 'systemctl reload apache2' and got the error: 'Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.' Will append my broken bin-depot.co.uk.conf to my initial question. Sorry guys, I'm new to Ubuntu. – Dan382 Nov 11 '18 at 18:31
  • yepp, that was it. See my answer below. – digijay Nov 11 '18 at 18:52

1 Answers1

3

You need to edit /etc/apache2/ports.conf. Right now, it says

Listen 80

Change it to:

Listen 443

Next, restart the service. Then, run:

netstat -tanp

And you'll see apache2 listening on port 443.

Nasir Riley
  • 2,035
  • 8
  • 9
  • Thanks for that, I've now got it listening to the correct port, however when I try and access the site I get the following error: SSL_ERROR_RX_RECORD_TOO_LONG – Dan382 Nov 11 '18 at 18:01
  • @Dan382: Did you ever fix that SSL_ERROR_.... error, I'm getting this after updating my letsencrypt certificate – Skizz Oct 19 '21 at 16:40
  • @Skizz really sorry, I honestly can’t recall as this was years back. From memory, I think it was a series of stupid mistakes on my side. Just check through the usual suspects (.conf files) and see if you can see anything obvious. – Dan382 Oct 24 '21 at 10:18