LINUX.ORG.RU
ФорумAdmin

Не удается получить SSL сертефикат

 , ,


0

3

На VPS стоит ubuntu 22.04. На этом VPS три сайта - site1.ru, site2.ru, site3.ru. Нужно для site1.ru получить и установить SSL серетфикат. Для site2.ru сертефикат установился без проблем. Ставлю через:

certbot --apache
Выдается такая ошибка:
Certbot failed to authenticate some domains (authenticator: apache). The Certificate Authority reported these problems:
Domain: site1.ru
Type: unauthorized
Detail: 2a00:f940:2:2:1:1:0:183: Invalid response from https://site1.ru:443/.well-known/acme-challenge/SYUrKew9XgU6NhvFEhnRPIo72MlkcDCPvh1KWEXyGgU: 404

Hint: The Certificate Authority failed to verify the temporary Apache configuration changes made by Certbot. Ensure that the listed domains point to this Apache server and that it is accessible from the internet.

Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.

Почему в ошибке cerbot присутствует https?

https://site1.ru:443

Насколько я понимаю эта ошибка из за того что сайт пока не доступен по HTTPS, а обращение к сайту идет по HTTPS.

Значит на сервере где то стоит редирект с http на https. Не могу найти где прописан редирект.

cat /etc/apache2/apache2.conf | egrep -v '^#|^$'

DefaultRuntimeDir ${APACHE_RUN_DIR}
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
Include ports.conf
<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>
<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>
<Directory /var/www/html/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>
AccessFileName .htaccess
<FilesMatch "^\.ht">
        Require all denied
</FilesMatch>
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf

cat /etc/apache2/sites-enabled/* | egrep -v '^#|^$'^C

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost

                DocumentRoot /var/www/html

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>


        </VirtualHost>
</IfModule>

<IfModule mod_ssl.c>
<VirtualHost *:443>


        ServerAdmin webmaster@localhost
        ServerName gangga-development.store
        ServerAlias www.gangga-development.store
        DocumentRoot /var/www/html/gangga-development.store/


        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/html/gangga-development.store/>
 Options Indexes FollowSymLinks
 AllowOverride All
</Directory>



SSLCertificateFile /etc/letsencrypt/live/gangga-development.store/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/gangga-development.store/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
<VirtualHost *:80>
   

        ServerAdmin webmaster@localhost
        ServerName gangga-development.store
<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost

                DocumentRoot /var/www/html

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>


        </VirtualHost>
</IfModule>

<VirtualHost *:80>


        ServerAdmin webmaster@localhost
        ServerName site3.ru
        ServerAlias www.site3.ru
        DocumentRoot /var/www/html/site3.ru/


        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/html/site3.ru/>
 Options Indexes FollowSymLinks
 AllowOverride All
</Directory>

</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>


        ServerAdmin webmaster@localhost
        ServerName site2.ru
        ServerAlias www.site2.ru
        DocumentRoot /var/www/html/site2.ru/


        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/html/site2.ru/>
 Options Indexes FollowSymLinks
 AllowOverride All
</Directory>



SSLCertificateFile /etc/letsencrypt/live/site2.ru/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/site2.ru/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
<VirtualHost *:80>
   

        ServerAdmin webmaster@localhost
        ServerName site2.ru
        DocumentRoot /var/www/html/site2.ru/



        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/html/site2.ru/>
 Options Indexes FollowSymLinks
 AllowOverride All
</Directory>

RewriteEngine on
RewriteCond %{SERVER_NAME} =site2.ru
</VirtualHost>

<VirtualHost *:80>


        ServerAdmin webmaster@localhost
        ServerName site1.ru
        DocumentRoot /var/www/html/site1.ru/
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

<Directory /var/www/html/site1.ru/>
 Options Indexes FollowSymLinks
 AllowOverride All
</Directory>

</VirtualHost>

Что еще можно проверить и посмотреть? Или эта проблемма не свзанна с редиректом все таки?