Let’s Encrypt Certbot Apache plugin problem with Apache Configuration Without using Virtual Host

Published by Peter Au on

Let’s Encrypt provides free SSL certificates to any sites which make the TLS encryption universal to the Internet. Setting up Let’s encrypt for Apache webs erver is supposed to be easy and straight forward, especially in linux environment. However, if your Apache is configured only with base configuration (without using virtual host). Certbot apache plugin seems to fail to recognize the based configuration and complaining no vhost defined.

Problem

Multiple plugins are provided with Certbot to deal with different situations.

  1. apache plugin
  2. webroot plugin
  3. standalone plugin
  4. nginx plugin
  5. DNS plugins
  6. manual plugin

If you are using Apache web server, the recommended way to set up Let’s Encrypt is through the apache plugin, as simple as running this command:

certbot --apache

However, if your Apache is configured using just the main configuration without any virtual host set up, certbot apache plugin would likely fail complaining ‘no vhost’ found.

This is because certbot apache plugin is relying on ServerName directive on virtual host section to figure out the domain name to request. If your apache configuration is lack of any virtual host definition, certbot apache plugin would most likely failed.

Solutions

You can re-configure the Apache to virtual host. But the easiest solution is to use another plugin called webroot. Webroot plugin has option to allow you to specify your domain name. The downside is that you need to configure the Apache with the location of the key and certificate files manually. This is not something complicated if you are a legitimate linux user. Run this instead:

certbot --webroot -d <domain_name> -w <webroot_path> 

<webroot_path> - the web root location, i.e. the value of DocumentRoot directive
<domain_name> - your domain name

You can even enter multiple domains and their corresponding webroot:

-d your-domain-1.com -w /var/www/your-domain-1.com -d your-domain-2.com -d www.your-domain-3.com -w /var/www/your-domain-3.com

You certificate and private key will be saved at /etc/letsencrypt/archive/your-domain.com/ directory. Certbot also creates symlinks at /etc/letsencrypt/live/your-domain.com/ that points to each file in the archive directory. All subsequent renewal, Certbot will update these /etc/letsencrypt/live/… symlinks to the new key and certificate. So, you can safely use these symlinks to configure your apache.

Put or update these lines in your Apache SSL configuration to use the Let’s Encrypt SSL certificate you just obtained.

SSLCertificateFile /etc/letsencrypt/live/your-domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/your-domain.com/privkey.pem

Remember to reload your Apache server after your configuration update.

Categories: Linux/LAMP
Tags:

Peter Au

A full-stack software professional with over 20 years’ experience of developing and managing complex software applications in both start-up and enterprise environments.

Related Posts

Linux/LAMP

PHP json_encode() and json_decode() functions missing in RHEL 8

If you have just set up a RHEL 8 server, this includes CentOS 8, AlmaLinux 8, and Rocky Linux 8, you might have run into a fatal PHP error when using JSON related functions. For Read more…

Linux/LAMP

Apache/MySQL Optimization for AWS Micro Instance (or other low resource VPS)

Amazon Web Services EC2 micro instance is available within its first year free tier. This instance type is a good way to start building your LAMP server for website or web application. However, it is Read more…

Linux/LAMP

PHP 7.3 php-gd failed to load ( undefined symbol: hb_ft_font_set_load_flags)

If you recently upgraded your CentOS 7 PHP to version 7.3 (or probably 7.2) using remi repository, you might encounter an error complaining php-gd dynamic library failed to load when running any php command. You Read more…