The Let's Encrypt cert doesn't work on Apache and FreeBSD

stkuser

10/11/23, 11:34 AM

Our server administrator installed via Certbot the free Let's Encrypt certificate on our server with FreeBSD. But the cert doesn't work and we can't understand how exaclty we should configure the file /usr/local/etc/apache24/httpd.conf and/or /usr/local/etc/apache24/extra/httpd-vhosts.conf ?

We use virtual hosts to host a few websites at the server. And the directory with websites is /usr/local/www/apache24/

Should we duplicate <VirtualHost> for the domain but with the port :443?

How in SSH to check whether the cert is working?

EDIT

I've just run the command certbot --apache -d example.com, but now if I open the website I get the 502 Bad Gateway error.

Here is our updated httpd-vhosts.conf:

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
DocumentRoot "/usr/local/www/apache24/public_html"
    SSLEngine on

   <Directory "/usr/local/www/apache24/public_html">
   Options -Indexes
   Order allow,deny
   Allow from all
AllowOverride All
   Require all granted
      </Directory>
            SSLCertificateFile /usr/local/etc/letsencrypt/live/example.com-0001/fullchain.pem
SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/example.com-0001/privkey.pem
Include /usr/local/etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

I see that Apache stopped working. If I try to run service apache24 start I get the error

Address already in use: make_sock: could not bind to address 0.0.0.0:443

231

0 + 6

ssl

ssl-certificate

apache-2.2

apache-2.4

lets-encrypt

Nikita Kipriyanov

10/11/23, 11:45 AM

What do you mean by "doesn't work"? How do you know that? SSH has nothing to do with that, you need to use web browser to see if the certificate appears on the site. (You can also use `openssl s_client` to check it and see the details, but not necessarily over SSH.)

Gerald Schneider

10/11/23, 11:46 AM

HTTPS configuration is documented. If you have trouble with the configuration provide what you have configured and the exact error messages you encounter.

stkuser

10/11/23, 11:52 AM

@GeraldSchneider Please see my edit to the question

Nikita Kipriyanov

10/11/23, 12:20 PM

Your message means something is already running and bound to that address:port (likely, that is old or orphaned Apache httpd process). Try to kill it and restart a service. After that, please check Apache's *error log*, especially messages generated during startup.

stkuser

10/11/23, 12:34 PM

@NikitaKipriyanov The admin said that the command `certbot --apache ...` I run replaced all the Apache config with its own, so all the websites stopped working

stark

10/11/23, 1:01 PM

certbot creates 000-default-le-ssl.conf. Was that where your apache config was stored?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: The Let's Encrypt cert doesn't work on Apache and FreeBSD

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.