Trouble creating a new let's encrypt certificate

Orange Pi 5 (aarch64) (ID=80)

  • Kernel version | Linux DietPi 5.10.160-legacy-rk35xx #1 SMP Mon Aug 28 01:21:24 UTC 2023 aarch64 GNU/Linux
  • Distro | bookworm (ID=7)
  • Command | systemctl restart apache2
  • Exit code | 1
  • Software title | DietPi-LetsEncrypt

Job for apache2.service failed because the control process exited with error code.

I try to change from dyndnshome.de to inwx dyndns

Pls reboot your system and share following afterwards

journalctl -u apache2
Nov 01 16:00:27 DietPi apachectl[720]: apache2: Syntax error on line 225 of /etc/apache2/apach>
Nov 01 16:00:27 DietPi apachectl[703]: Action 'start' failed.
Nov 01 16:00:27 DietPi apachectl[703]: The Apache error log may have more information.
Nov 01 16:00:27 DietPi systemd[1]: apache2.service: Control process exited, code=exited, statu>
Nov 01 16:00:27 DietPi systemd[1]: apache2.service: Failed with result 'exit-code'.
Nov 01 16:00:27 DietPi systemd[1]: Failed to start apache2.service - The Apache HTTP Server.
Nov 01 16:01:15 DietPi systemd[1]: Starting apache2.service - The Apache HTTP Server...
Nov 01 16:01:15 DietPi apachectl[1333]: apache2: Syntax error on line 225 of /etc/apache2/apac>
Nov 01 16:01:15 DietPi apachectl[1330]: Action 'start' failed.
Nov 01 16:01:15 DietPi apachectl[1330]: The Apache error log may have more information.
Nov 01 16:01:15 DietPi systemd[1]: apache2.service: Control process exited, code=exited, statu>
Nov 01 16:01:15 DietPi systemd[1]: apache2.service: Failed with result 'exit-code'.
Nov 01 16:01:15 DietPi systemd[1]: Failed to start apache2.service - The Apache HTTP Server.

after the reboot

Nov 01 16:40:30 DietPi apachectl[723]: apache2: Syntax error on line 225 of /etc/apache2/apach>
Nov 01 16:40:30 DietPi apachectl[706]: Action 'start' failed.
Nov 01 16:40:30 DietPi apachectl[706]: The Apache error log may have more information.
Nov 01 16:40:30 DietPi systemd[1]: apache2.service: Control process exited, code=exited, statu>
Nov 01 16:40:30 DietPi systemd[1]: apache2.service: Failed with result 'exit-code'.
Nov 01 16:40:30 DietPi systemd[1]: Failed to start apache2.service - The Apache HTTP Server.

The problem started when i tried to change my dyndns hoster. I started to built my on webserver with dyndnshome.de and managed to set up my system working. Later i decided to get me a domain and got it from inwx. The domain is working but i got a missing ssl certificate for my homepage. I used to generate one for the dyndnshome.de with letsencrypt. But since Im having trouble to generate a SSl Certificate for the inwx domaini tried to change the dyndns hoster to inwx too. Where is my fault of thinking?

Question is which files you changed. It seem you have some syntax error. Hope you have saved all files you changed or at least a system back

Yes a Backup is available :slight_smile: i also changed the /etc/apache2/sites-available/000-default.conf to

        ServerName dyndns.svenkriegelfotografie.de
        ServerName http://wwww.svenkriegelfotografie.de
DocumentRoot /var/www
RewriteEngine on
RewriteCond %{SERVER_NAME} =dyndns.svenkriegelfotografie.de
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

sites-available contains available config files only. They are not activated.

You need to check sites-enabled/*.conf or conf-enabled/*.conf. Anyway 000-default.conf is the default configuration file and linked between sites-available and sites-enabled.

Can you share the whole content of this file.

[1/3] /etc/apache2/sites-enabled/000-default-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName zenskunstkammer.dnshome.de

Include /etc/letsencrypt/options-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=31536000"
SSLCertificateFile /etc/letsencrypt/live/zenskunstkammer.dnshome.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/zenskunstkammer.dnshome.de/privkey.pem
</VirtualHost>
</IfModule>

Location: /etc/apache2/sites-available/dietpi-nextcloud.conf

# Based on: https://github.com/nextcloud/documentation/blob/2d5c9e801281c335f948de3de60efd1111c13c22/admin_manual/installation/source_installation.rst#apach>
<Directory /var/www/nextcloud>
        Require all granted
        AllowOverride All
        Options FollowSymLinks

        <IfModule mod_dav.c>
                Dav off
        </IfModule>

        # Mute outdated admin panel warning
        Header set X-XSS-Protection "1; mode=block"
</Directory>

# Redirect webfinger and nodeinfo requests to Nextcloud endpoint
Redirect 301 /.well-known/webfinger /nextcloud/index.php/.well-known/webfinger
Redirect 301 /.well-known/nodeinfo  /nextcloud/index.php/.well-known/nodeinfo
#/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
        DocumentRoot /var/www/wordpress
        ServerName zenskunstkammer.dnshome.de
        ServerAlias www.svenkriegelfotografie.de
RewriteEngine on
RewriteCond %{SERVER_NAME} =zenskunstkammer.dnshome.de
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost
# Redirect Cal/CardDAV requests to Nextcloud endpoint:
Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav
Redirect 301 /.well-known/caldav  /nextcloud/remote.php/dav
# /etc/apache2/conf-available/dietpi.conf
# Default server name and webroot
ServerName 192.168.178.11
DocumentRoot /var/www

# Logging to: journalctl -u apache2
ErrorLog syslog

# Allow unlimited Keep-Alive requests
MaxKeepAliveRequests 0

# MPM event configuration
# - Run a single process which does not expire
# - Limit request handler threads to 64
StartServers 1
ServerLimit 1
MaxConnectionsPerChild 0
ThreadsPerChild 64
ThreadLimit 64
MinSpareThreads 1
MaxSpareThreads 64
MaxRequestWorkers 64

# Minimize public info
ServerTokens Prod
ServerSignature Off
TraceEnable Off

# Security headers
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "sameorigin"
Header set X-XSS-Protection "0"
Header set X-Robots-Tag "noindex, nofollow"
Header set X-Permitted-Cross-Domain-Policies "none"
Header set Referrer-Policy "no-referrer"
# Redirect to local php-fpm if mod_php is not available
<IfModule !mod_php8.c>
<IfModule proxy_fcgi_module>
    # Enable http authorization headers
    <IfModule setenvif_module>
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>

    # Using (?:pattern) instead of (pattern) is a small optimization that
    # avoid capturing the matching pattern (as $1) which isn't used here
    <FilesMatch ".+\.ph(?:ar|p|tml)$">
        SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://localhost"
    </FilesMatch>
# The default configuration works for most of the installation, however it could
# be improved in various ways. One simple improvement is to not pass files that
# doesn't exist to the handler as shown below, for more configuration examples
# see https://wiki.apache.org/httpd/PHP-FPM
#    <FilesMatch ".+\.ph(?:ar|p|tml)$">
#        <If "-f %{REQUEST_FILENAME}">
#            SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://localhost"
#        </If>
#    </FilesMatch>
    <FilesMatch ".+\.phps$">
        # Deny access to raw php sources by default
        # To re-enable it's recommended to enable access to the files
        # only in specific virtual host or directory
        Require all denied
    </FilesMatch>
    # Deny access to files without filename (e.g. '.php')
    <FilesMatch "^\.ph(?:ar|p|ps|tml)$">
        Require all denied
    </FilesMatch>
</IfModule>
</IfModule>