I´m having a similar problem to the op, but my DocumentRoot´s are correct in the generated configuration files.
I did enable ssl with a2enmod ssl
and it also told me it´s already enabled. Everything works fine with http, but with https nothing is reachable. The domain in the configs below I replaced with example.at
. The first site is just a dummy index.html with one h1 tag, the other one well gitlab. As said both work fine without https. I don´t have ufw installed (might do that later once it works like this). The os is ubuntu 16.04.
example.at.conf
<VirtualHost *:80>
ServerName example.at
ServerAlias www.example.at
ServerSignature Off
DocumentRoot /var/www/html
</VirtualHost>
Generated by certbot example.at-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.at
ServerAlias www.example.at
ServerSignature Off
DocumentRoot /var/www/html
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.at/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.at/privkey.pem
</VirtualHost>
</IfModule>
gitlab.example.conf
<VirtualHost *:80>
ServerName gitlab.example.at
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Require all granted
ProxyPassReverse http://127.0.0.1:8080
ProxyPassReverse http://gitlab.example.at/
</Location>
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA]
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog /var/log/apache2/gitlab_error.log
CustomLog /var/log/apache2/gitlab_forwarded.log common_forwarded
CustomLog /var/log/apache2/gitlab_access.log combined env=!dontlog
CustomLog /var/log/apache2/gitlab.log combined
</VirtualHost>
Generated by certbot gitlab.example.at-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName gitlab.example.at
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Require all granted
ProxyPassReverse http://127.0.0.1:8080
ProxyPassReverse http://gitlab.example.at/
</Location>
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA]
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog /var/log/apache2/gitlab_error.log
CustomLog /var/log/apache2/gitlab_forwarded.log common_forwarded
CustomLog /var/log/apache2/gitlab_access.log combined env=!dontlog
CustomLog /var/log/apache2/gitlab.log combined
SSLCertificateFile /etc/letsencrypt/live/gitlab.example.at/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/gitlab.example.at/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Output of sudo apache2ctl -S
*:443 is a NameVirtualHost
default server gitlab.example.at (/etc/apache2/sites-enabled/gitlab.example.at-le-ssl.conf:2)
port 443 namevhost gitlab.example.at (/etc/apache2/sites-enabled/gitlab.example.at-le-ssl.conf:2)
port 443 namevhost example.at (/etc/apache2/sites-enabled/example.at-le-ssl.conf:2)
alias www.example.at
*:80 is a NameVirtualHost
default server gitlab.example.at (/etc/apache2/sites-enabled/gitlab.example.at.conf:1)
port 80 namevhost gitlab.example.at (/etc/apache2/sites-enabled/gitlab.example.at.conf:1)
port 80 namevhost example.at (/etc/apache2/sites-enabled/example.at.conf:1)
alias www.example.at
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
When running netstat -plnt
it also sais apache is listening on port 443 and 80
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 17355/apache2
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 17355/apache2