{"id":1793,"date":"2017-03-21T21:31:02","date_gmt":"2017-03-22T02:31:02","guid":{"rendered":"http:\/\/osric.com\/chris\/accidental-developer\/?p=1793"},"modified":"2017-03-22T09:32:48","modified_gmt":"2017-03-22T14:32:48","slug":"lets-encrypt-certbot-error-no-vhost-exists-with-servername-or-alias-of","status":"publish","type":"post","link":"https:\/\/osric.com\/chris\/accidental-developer\/2017\/03\/lets-encrypt-certbot-error-no-vhost-exists-with-servername-or-alias-of\/","title":{"rendered":"Let’s Encrypt: certbot error “No vhost exists with servername or alias of”"},"content":{"rendered":"

It’s about time–or rather, years past time–I enabled HTTPS for this site. I decided to try Let’s Encrypt<\/a>. It wasn’t as turnkey as I expected, so I’ve included some notes here in case anyone else has similar issues.<\/p>\n

The Let’s Encrypt site suggested installing Certbot<\/a> and included specific instructions for using Certbot with Apache on CentOS 7<\/a>. It suggested that a single command might do the trick:<\/p>\n

$ sudo certbot --apache<\/code><\/p>\n

Unfortunately, I received a couple error messages and it was ultimately able to create the certificate for me, but unable to update my Apache configuration. An excerpt of the output of the certbot<\/code> command is below:<\/p>\n

Saving debug log to \/var\/log\/letsencrypt\/letsencrypt.log
\nNo names were found in your configuration files. Please enter in your domain
\nname(s) (comma and\/or space separated) (Enter 'c' to cancel):osric.com,www.osric.com
\n...
\nNo vhost exists with servername or alias of: osric.com (or it's in a file with multiple vhosts, which Certbot can't parse yet). No vhost was selected. Please specify ServerName or ServerAlias in the Apache config, or split vhosts into separate files.
\nFalling back to default vhost *:443...
\nNo vhost exists with servername or alias of: www.osric.com (or it's in a file with multiple vhosts, which Certbot can't parse yet). No vhost was selected. Please specify ServerName or ServerAlias in the Apache config, or split vhosts into separate files.
\nFalling back to default vhost *:443...
\n...
\nNo vhost selected<\/p>\n

IMPORTANT NOTES:
\n - Unable to install the certificate
\n...<\/code><\/p>\n

I’m guessing it’s because my Apache virtual host configuration is in \/etc\/httpd\/conf\/vhosts\/chris\/osric.com<\/code> instead of the expected location.<\/p>\n

I looked at the certbot documentation<\/a> hoping to find a way I could pass the certbot<\/code> command the path to my virtual host configuration file. I did not find an option to do that. The logs at \/var\/log\/letsencrypt\/letsencrypt.log<\/code> are fairly verbose, but it still does not indicate what files or directories it looked at to attempt to find my Apache configuration.<\/p>\n

I noted that \/etc\/letsencrypt\/options-ssl-apache.conf<\/code> contains Apache directives. I thought maybe I could just include it in my config file using Apache’s Include directive<\/a>, e.g.:<\/p>\n

Include \/etc\/letsencrypt\/options-ssl-apache.conf<\/code><\/p>\n

I restarted Apache using systemctl<\/code> (I know, I should be using apachectl restart<\/code> instead):<\/p>\n

$ sudo systemctl restart httpd
\nJob for httpd.service failed because the control process exited with error code. See \"systemctl status httpd.service\" and \"journalctl -xe\" for details.<\/code><\/p>\n

Two problems there. One, options-ssl-apache.conf<\/code> appears to be a generic file with no data specific to the host or cert. Additionally, I had just added it to a VirtualHost<\/code> directive listening on port 80.<\/p>\n

I duplicated the VirtualHost<\/code> directive in my config file at \/etc\/httpd\/conf\/vhosts\/chris\/osric.com<\/code> and made a few modifications and additions:<\/p>\n

<IfModule mod_ssl.c>
\n<VirtualHost 216.154.220.53:443>
\n ...all the directives from the port 80 VirtualHost...
\n SSLEngine on
\n SSLCertificateFile \/etc\/letsencrypt\/live\/osric.com\/cert.pem
\n SSLCertificateKeyFile \/etc\/letsencrypt\/live\/osric.com\/privkey.pem
\n SSLCertificateChainFile \/etc\/letsencrypt\/live\/osric.com\/chain.pem
\n<\/VirtualHost>
\n<\/IfModule><\/code><\/p>\n

I restarted Apache:<\/p>\n

$ sudo apachectl restart<\/code><\/p>\n

The server restarted, but still did not respond to HTTPS requests. It didn’t appear to be listening on 443:<\/p>\n

$ curl https:\/\/www.osric.com
\ncurl: (7) Failed connect to www.osric.com:443; Connection refused<\/code><\/p>\n

As a sanity check, I confirmed that mod_ssl<\/code> was indeed installed:<\/p>\n

$ yum list mod_ssl
\nInstalled Packages
\nmod_ssl.x86_64 1:2.4.6-45.el7.centos @base<\/code><\/p>\n

And I checked to confirm that Apache was loading mod_ssl<\/code>:<\/p>\n

$ cat \/etc\/httpd\/conf.modules.d\/00-ssl.conf
\nLoadModule ssl_module modules\/mod_ssl.so<\/code><\/p>\n

I looked at some other Apache configurations where I knew SSL was working and I noted the Listen directive<\/a>:<\/p>\n

Listen 443<\/code><\/p>\n

I added that line to the top of my configuration file at \/etc\/httpd\/conf\/vhosts\/chris\/osric.com<\/code>, above the VirtualHost<\/code> directive. I restarted Apache and it worked!<\/p>\n","protected":false},"excerpt":{"rendered":"

A WordPress site without SSL is basically begging to be compromised. I used Let’s Encrypt to add an SSL certificate to the Apache web server configuration osric.com, but I found that the process was not as simple as advertised. I’ve included the steps I took to get it working, in case it should prove helpful to anyone else.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[48,422],"tags":[73,415,436,437,435,438,117],"class_list":["post-1793","post","type-post","status-publish","format-standard","hentry","category-security","category-sysadmin","tag-apache","tag-centos-7","tag-certbot","tag-certificates","tag-lets-encrypt","tag-mod_ssl","tag-ssl"],"_links":{"self":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts\/1793","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/comments?post=1793"}],"version-history":[{"count":7,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts\/1793\/revisions"}],"predecessor-version":[{"id":1809,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts\/1793\/revisions\/1809"}],"wp:attachment":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/media?parent=1793"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/categories?post=1793"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/tags?post=1793"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}