Letsencrypt errors with new apache2 virtualhosts

by Grégoire MOLVEAU

31 January 2017 · 136 words · 1 minute read apache2 letsencrypt 

I wanted to use letsencrypt on new virtualhosts with apache2 that didn’t have any certificates.

I encountered all these errors …
- The server could not connect to the client to verify the domain :: Failed to connect to x.x.x.x:443 for TLS-SNI-01 challenge
- Server only speaks HTTP, not TLS
- MisconfigurationError: Error while running apache2ctl graceful.
- AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist

but these errors can be avoided 99% of the time by checking the following

  • check that you have mod_ssl enabled :
sudo a2enmod ssl
  • make sure that your virtualhost files have these lines :
<IfModule mod_ssl.c>
<VirtualHost *:443>
    SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
    Include /etc/letsencrypt/options-ssl-apache.conf
  • check that your firewall is accepting port 443 :
 sudo ufw allow 443
  • apache configuration is correct :
sudo service apache2 reload
sudo apachectl -t