Trouble creating a new let's encrypt certificate

Zen · November 1, 2023, 4:05pm

Orange Pi 5 (aarch64) (ID=80)

Kernel version | Linux DietPi 5.10.160-legacy-rk35xx #1 SMP Mon Aug 28 01:21:24 UTC 2023 aarch64 GNU/Linux
Distro | bookworm (ID=7)
Command | systemctl restart apache2
Exit code | 1
Software title | DietPi-LetsEncrypt

Job for apache2.service failed because the control process exited with error code.

I try to change from dyndnshome.de to inwx dyndns

Joulinar · November 1, 2023, 4:18pm

Pls reboot your system and share following afterwards

journalctl -u apache2

Zen · November 1, 2023, 4:33pm

Nov 01 16:00:27 DietPi apachectl[720]: apache2: Syntax error on line 225 of /etc/apache2/apach>
Nov 01 16:00:27 DietPi apachectl[703]: Action 'start' failed.
Nov 01 16:00:27 DietPi apachectl[703]: The Apache error log may have more information.
Nov 01 16:00:27 DietPi systemd[1]: apache2.service: Control process exited, code=exited, statu>
Nov 01 16:00:27 DietPi systemd[1]: apache2.service: Failed with result 'exit-code'.
Nov 01 16:00:27 DietPi systemd[1]: Failed to start apache2.service - The Apache HTTP Server.
Nov 01 16:01:15 DietPi systemd[1]: Starting apache2.service - The Apache HTTP Server...
Nov 01 16:01:15 DietPi apachectl[1333]: apache2: Syntax error on line 225 of /etc/apache2/apac>
Nov 01 16:01:15 DietPi apachectl[1330]: Action 'start' failed.
Nov 01 16:01:15 DietPi apachectl[1330]: The Apache error log may have more information.
Nov 01 16:01:15 DietPi systemd[1]: apache2.service: Control process exited, code=exited, statu>
Nov 01 16:01:15 DietPi systemd[1]: apache2.service: Failed with result 'exit-code'.
Nov 01 16:01:15 DietPi systemd[1]: Failed to start apache2.service - The Apache HTTP Server.

Zen · November 1, 2023, 4:42pm

after the reboot

Nov 01 16:40:30 DietPi apachectl[723]: apache2: Syntax error on line 225 of /etc/apache2/apach>
Nov 01 16:40:30 DietPi apachectl[706]: Action 'start' failed.
Nov 01 16:40:30 DietPi apachectl[706]: The Apache error log may have more information.
Nov 01 16:40:30 DietPi systemd[1]: apache2.service: Control process exited, code=exited, statu>
Nov 01 16:40:30 DietPi systemd[1]: apache2.service: Failed with result 'exit-code'.
Nov 01 16:40:30 DietPi systemd[1]: Failed to start apache2.service - The Apache HTTP Server.

Zen · November 1, 2023, 5:08pm

The problem started when i tried to change my dyndns hoster. I started to built my on webserver with dyndnshome.de and managed to set up my system working. Later i decided to get me a domain and got it from inwx. The domain is working but i got a missing ssl certificate for my homepage. I used to generate one for the dyndnshome.de with letsencrypt. But since Im having trouble to generate a SSl Certificate for the inwx domaini tried to change the dyndns hoster to inwx too. Where is my fault of thinking?

Joulinar · November 1, 2023, 5:20pm

Question is which files you changed. It seem you have some syntax error. Hope you have saved all files you changed or at least a system back

Zen · November 1, 2023, 5:24pm

Yes a Backup is available i also changed the /etc/apache2/sites-available/000-default.conf to

        ServerName dyndns.svenkriegelfotografie.de
        ServerName http://wwww.svenkriegelfotografie.de
DocumentRoot /var/www
RewriteEngine on
RewriteCond %{SERVER_NAME} =dyndns.svenkriegelfotografie.de
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Joulinar · November 2, 2023, 11:01am

sites-available contains available config files only. They are not activated.

You need to check sites-enabled/*.conf or conf-enabled/*.conf. Anyway 000-default.conf is the default configuration file and linked between sites-available and sites-enabled.

Can you share the whole content of this file.

Zen · November 2, 2023, 2:52pm

[1/3] /etc/apache2/sites-enabled/000-default-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName zenskunstkammer.dnshome.de

Include /etc/letsencrypt/options-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=31536000"
SSLCertificateFile /etc/letsencrypt/live/zenskunstkammer.dnshome.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/zenskunstkammer.dnshome.de/privkey.pem
</VirtualHost>
</IfModule>

Zen · November 2, 2023, 2:52pm

Location: /etc/apache2/sites-available/dietpi-nextcloud.conf

# Based on: https://github.com/nextcloud/documentation/blob/2d5c9e801281c335f948de3de60efd1111c13c22/admin_manual/installation/source_installation.rst#apach>
<Directory /var/www/nextcloud>
        Require all granted
        AllowOverride All
        Options FollowSymLinks

        <IfModule mod_dav.c>
                Dav off
        </IfModule>

        # Mute outdated admin panel warning
        Header set X-XSS-Protection "1; mode=block"
</Directory>

# Redirect webfinger and nodeinfo requests to Nextcloud endpoint
Redirect 301 /.well-known/webfinger /nextcloud/index.php/.well-known/webfinger
Redirect 301 /.well-known/nodeinfo  /nextcloud/index.php/.well-known/nodeinfo

Zen · November 2, 2023, 2:53pm

#/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
        DocumentRoot /var/www/wordpress
        ServerName zenskunstkammer.dnshome.de
        ServerAlias www.svenkriegelfotografie.de
RewriteEngine on
RewriteCond %{SERVER_NAME} =zenskunstkammer.dnshome.de
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost

Zen · November 2, 2023, 2:54pm

# Redirect Cal/CardDAV requests to Nextcloud endpoint:
Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav
Redirect 301 /.well-known/caldav  /nextcloud/remote.php/dav

Zen · November 2, 2023, 2:54pm

# /etc/apache2/conf-available/dietpi.conf
# Default server name and webroot
ServerName 192.168.178.11
DocumentRoot /var/www

# Logging to: journalctl -u apache2
ErrorLog syslog

# Allow unlimited Keep-Alive requests
MaxKeepAliveRequests 0

# MPM event configuration
# - Run a single process which does not expire
# - Limit request handler threads to 64
StartServers 1
ServerLimit 1
MaxConnectionsPerChild 0
ThreadsPerChild 64
ThreadLimit 64
MinSpareThreads 1
MaxSpareThreads 64
MaxRequestWorkers 64

# Minimize public info
ServerTokens Prod
ServerSignature Off
TraceEnable Off

# Security headers
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "sameorigin"
Header set X-XSS-Protection "0"
Header set X-Robots-Tag "noindex, nofollow"
Header set X-Permitted-Cross-Domain-Policies "none"
Header set Referrer-Policy "no-referrer"

Zen · November 2, 2023, 2:55pm

# Redirect to local php-fpm if mod_php is not available
<IfModule !mod_php8.c>
<IfModule proxy_fcgi_module>
    # Enable http authorization headers
    <IfModule setenvif_module>
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
    </IfModule>

    # Using (?:pattern) instead of (pattern) is a small optimization that
    # avoid capturing the matching pattern (as $1) which isn't used here
    <FilesMatch ".+\.ph(?:ar|p|tml)$">
        SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://localhost"
    </FilesMatch>
# The default configuration works for most of the installation, however it could
# be improved in various ways. One simple improvement is to not pass files that
# doesn't exist to the handler as shown below, for more configuration examples
# see https://wiki.apache.org/httpd/PHP-FPM
#    <FilesMatch ".+\.ph(?:ar|p|tml)$">
#        <If "-f %{REQUEST_FILENAME}">
#            SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://localhost"
#        </If>
#    </FilesMatch>
    <FilesMatch ".+\.phps$">
        # Deny access to raw php sources by default
        # To re-enable it's recommended to enable access to the files
        # only in specific virtual host or directory
        Require all denied
    </FilesMatch>
    # Deny access to files without filename (e.g. '.php')
    <FilesMatch "^\.ph(?:ar|p|ps|tml)$">
        Require all denied
    </FilesMatch>
</IfModule>
</IfModule>