Certbot verification fails

Posted February 16, 2018 34.4k views
CentOSApacheLAMP StackLet's Encrypt

Certbot returns the error:

Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80.

This is after a fresh install. I’m keeping it simple and not using any virtual hosts, etc. Just a few pages in the /var/www/html directory. httpd is enabled and I can access the website in my browser.

What am I doing wrong?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
3 answers

As far as I know, Certbot supports virtual hosts only, so it won’t be able to proceed if you don’t have any configured. Try adding a basic virtual host like so and see if that helps:

<VirtualHost *:80>
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

In case anyone else runs into this: I’ve run into this problem before (and again today); apache is endlessly configurable, and the certbot apache module is not able to cope with every configuration. I have the document root for various virtual hosts in different directories. Even though apache is quite happy with this, the certbot module is not always happy. I solved my problem using the –apache-vhost-root option:
# certbot –apache certonly –apache-vhost-root /var/www/html/www
and it solved my problem. For help see:
# certbot –help apache

Also don’t forget to a2ensite 000-default