Unable to find a virtual host listening on port 80.... Please add a virtual host for port 80

Question

My web server is set up like this:

• Linux
• Apache 2.4

Certbot is giving me an error like this when I try to run it:

Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

Answer 1

This all assumes that you have Apache installed and are trying to use Certbot. First, make sure an A record is set to your IP address in DNS. Also, as a basic introduction here, in CentOS, Apache is called "httpd", while in Ubuntu, Apache is called "apache2".

Short Answer for CentOS

cd /etc/httpd/conf.d
sudo nano yourDomainName.conf

Paste, edit, and save the following:

<VirtualHost *:80>
    ServerName yourDomainName.com
    DocumentRoot /var/www/html
    ServerAlias www.yourDomainName.com
    ErrorLog /var/www/error.log
    CustomLog /var/www/requests.log combined
</VirtualHost>

Then:

    sudo service httpd restart  

And with this you should see the virtual host:

httpd -D DUMP_VHOSTS  

Short Answer for Ubuntu

sudo su  (so that you can cd to apache directory)
cd /etc/apache2/sites-available
vim yourDomainName.com.conf         (this file needs to end with ".conf")

Paste, edit, and save the following:

<VirtualHost *:80>
    ServerName yourDomainName.com
    DocumentRoot /var/www/html
    ServerAlias www.yourDomainName.com
    ErrorLog /var/www/error.log
    CustomLog /var/www/requests.log combined
</VirtualHost>

Then:

a2ensite yourDomainName
service apache2 restart
ctrl-d to exit root

To install certbot ****Updated, since certbot-auto is no longer available:

It used to be that you would download certbot-auto and just run that script to get your ssl certs. Let's encrypt no longer supports this. There are now two different supported methods. One method is installing certbot with Snap, which requires that you install Snap first. I'm not going to go over that method here, there are plenty of instructions for it on their site. The other method is with the Certbot Docker image. This is much lighter in weight, since Snap is a big install.

Ubuntu

sudo service apache2 stop

sudo docker run -it --rm --name certbot -p 80:80 -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" certbot/certbot certonly
sudo service apache2 start / sudo service httpd start

CentOS

sudo service httpd stop

sudo docker run -it --rm --name certbot -p 80:80 -v "/etc/letsencrypt/live:/etc/letsencrypt/live:z" -v "/etc/letsencrypt/archive:/etc/letsencrypt/archive:z" -v "/var/lib/letsencrypt:/var/lib/letsencrypt:z" certbot/certbot certonly

sudo chcon -R -t cert_t /etc/letsencrypt/archive/host.yourdomain.tld/
sudo chcon -R -t cert_t /etc/letsencrypt/live/host.yourdomain.tld/

Note that, with SELinux, you need to change the context of the certs after you get them (shown above). Replace host.yourdomain.tld with your own.

You're temporarily turning off Apache and running a special Certbot server to get the certificate, but you will still need the virtual host, after you get the cert, as that's just how Apache works.

...

Additional info for once you have your cert OK. Certbot says it successfully installed the certificate. Now what? Well, it isn't just going to work just yet. You still need to enable ssl in apache, and also add another virtual host for port 443.

Open the same file that you pasted into earlier and add the following:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName yourDomainName.com
    DocumentRoot /var/www/html
    ServerAlias www.yourDomainName.com
    ErrorLog /var/www/error.log
    CustomLog /var/www/requests.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
LogLevel alert rewrite:trace3
SSLCertificateFile /etc/letsencrypt/live/yourDomainName.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourDomainName.com/privkey.pem
</VirtualHost>
</IfModule>

For CentOS, you may need to install the ssl module:

sudo yum install mod_ssl

For Ubuntu, you will likely need to enable the ssl module:

sudo a2enmod ssl

For both, restart Apache:

sudo service apache2 restart / sudo service httpd restart

For CentOS, you might need to enable port 443 on your firewall. I'm not going to cover that here, but the "iptables" service (and associated commands) are what you'll be looking at.

Finally, for both: you're going to want to redirect all requests on port 80 (http) to port 443 (https). Apache should already have the rewrite module installed by default, but you'll need to enable it:

sudo a2enmod rewrite

Inside the *:80 virtual host that you added earlier, you'll add some lines that look something like this:

<VirtualHost *:80>  (you've already added this line, don't copy this part)
       <IfModule mod_rewrite.c>
        # Force https secure connection
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
        </IfModule>

sudo service apache2 restart / sudo service httpd restart

Answer 2

I have no httpd service, so I have know such directory and file. But thanks for the advice before I found the file mydomain.conf in the directory (in your case you should replace mydomain

/etc/apache2/sites-available and I modified it as it was advised above sudo nano /etc/apache2/sites-available/mydomain.conf

<VirtualHost *:80> DocumentRoot /var/www/mydomain ServerName mydomain </VirtualHost>

then check for correct sudo apache2ctl configtest then restart apache systemctl reload apache2

and then run certbot certbot --apache -d mydomain

Answer 3

Try option 1, "spin up a temporary web server"

I had running nginx on port 80, even setup xamp on port 80, curl on port 80 worked, but it could not find server at localhost

A probable issue with certbot trying to setup and authenticate host with existing servers.

Use of temporary webserver (option 1) worked, ensure no service is running on port 80