Lets Encrypt and Apache2

keithellis · 15 2016 16:02

I’ve just done a clean install, and installed the following on a Raspberry Pi 3:

ProFTP
NextCloud
LAMP
CertBot
Fail2Ban

All went well and was working fine.

I ran dietpi-letsencrypt and setup http://www.mydomain.com

and everything was fine.

I ran dietpi-letsencrypt again with mydomain.com

All was good, but http://www.mydomain.com stopped working.

So I tried entering two entries into dietpi-letsencrypt, i.e. “mydomain.com http://www.mydomain.com” without the quotes.

This created an error, and now apache2 is not starting up, I get the following error

root@HomePi:~# service apache2 status
● apache2.service - LSB: Apache2 web server
   Loaded: loaded (/etc/init.d/apache2)
  Drop-In: /lib/systemd/system/apache2.service.d
           └─forking.conf
   Active: failed (Result: exit-code) since Sat 2016-10-15 14:52:23 UTC; 52min ago
  Process: 2054 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE)

Oct 15 14:52:23 HomePi apache2[2054]: Starting web server: apache2 failed!
Oct 15 14:52:23 HomePi apache2[2054]: The apache2 configtest failed. ... (w...).
Oct 15 14:52:23 HomePi apache2[2054]: Output of config test was:
Oct 15 14:52:23 HomePi apache2[2054]: AH00526: Syntax error on line 3 of /e...f:
Oct 15 14:52:23 HomePi apache2[2054]: ServerName takes one argument, The ho...er
Oct 15 14:52:23 HomePi apache2[2054]: Action 'configtest' failed.
Oct 15 14:52:23 HomePi apache2[2054]: The Apache error log may have more in...n.
Oct 15 14:52:23 HomePi systemd[1]: apache2.service: control process exited,...=1
Oct 15 14:52:23 HomePi systemd[1]: Failed to start LSB: Apache2 web server.
Oct 15 14:52:23 HomePi systemd[1]: Unit apache2.service entered failed state.
Hint: Some lines were ellipsized, use -l to show in full.
root@HomePi:~#

any idea how I can get apache2 working again
How do I set up lets encrypt properly with http://www.mydomain.com and mydomain.com?

Thanks.
Regards,
Keith Ellis

Fourdee · 15 2016 17:31

I’ll need to see the apache2 config files to see whats up, please paste results of:

cat /etc/apache2/apache2.conf
cat /etc/apache2/sites-available/000-default.conf

keithellis · 15 2016 19:04

Fourdee:

keithellis:
I’ll need to see the apache2 config files to see whats up, please paste results of:
cat /etc/apache2/apache2.conf
cat /etc/apache2/sites-available/000-default.conf

root@HomePi:/DietPi/dietpi# cat /etc/apache2/apache2.conf
Mutex file:${APACHE_LOCK_DIR} default

PidFile ${APACHE_PID_FILE}

Timeout 60

KeepAlive On

MaxKeepAliveRequests 20

KeepAliveTimeout 5

User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

HostnameLookups Off

ErrorLog ${APACHE_LOG_DIR}/error.log

LogLevel error

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# Include list of ports to listen on
Include ports.conf

<Directory />
	Options FollowSymLinks
	AllowOverride None
	Require all denied
</Directory>

<Directory /usr/share>
	AllowOverride None
	Require all granted
</Directory>

<Directory /var/www/>
	DirectoryIndex index.php index.html
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted
</Directory>

AccessFileName .htaccess

<FilesMatch "^\.ht">
	Require all denied
</FilesMatch>

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf

# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
root@HomePi:/DietPi/dietpi#

root@HomePi:~# cat /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
#        ServerName http://www.mydomain.me.uk mydomain.me.uk
        ServerName http://www.mydomain.me.uk
DocumentRoot /var/www

ErrorLog /error.log
        #CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =keithellis.me.uk
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
root@HomePi:~#

Having seen these files I have now fixed the issue, the commented line in /etc/apache2/sites-available/000-default.conf was the original line and the line below is my edit. Thanks many thanks for your help.

Regards,
Keith

Fourdee · 15 2016 19:16

Hi Keith,

Great to hear its all working.

I checked the source code on this, dietpi-letsencrypt should replace the default site entry if it already exists:
https://github.com/Fourdee/DietPi/blob/master/dietpi/dietpi-letsencrypt#L100-L113

Can you remember what value you used exactly for the Domain name input box entry? eg: was it http://www.mydomain.com or mydomain.com?

Thanks Keith

Fourdee · 15 2016 19:29

Hi Keith,

I think I know what went wrong here, I’ve updated the code in v134 that should prevent the issue you experienced from occurring again:

DietPi-LetsEncrypt | Resolved an issue where an empty string value in Input_Box function could cause a incorrect value being set in Apache2 confs. Many thanks to Keith for reporting this issue: > DietPi Community Forum - Welcome to the DietPi OS Community Forum

Thanks for reporting this issue!

keithellis · 15 2016 19:33

It was probably my own fault, I put both options in separated by a space

Regards
Keith