Short version: About 6 months ago I built a web server on a spare Pi3 to serve data for a personal project; it has its own (free) domain so it can be accessed remotely. When I set it up, it used the prior release of Raspberry Pi OS (Bullseye?), and except for an issue with libc that I fixed, everything worked great. Last weekend we experienced a series of power outages. I fsck'd the server's SD card on a different Pi and, while it found and fixed the inode issue I would expect from the outage, everything appeared fine.
The server crashed unexpectedly on Monday, and even after another fsck on the card that came back clean, it would boot-loop (throw errors starting services, reboot, throw the same errors, reboot, ad nauseam). Hardware/Power-wise, I'm good. I concluded that the card would need a reformat to mask out worn sectors if I want to use the card again. As a result, I got a brand new SD card, and started from scratch.
Everything is 99.9% back as I copied in most of the configs as they were when things choked; those I didn't are ones created on the fly or modified during a setup process (for the server's virtual host I restored the "fresh install" version since certbot modifies it, and for fstab, I added the automount for the USB flash drive since the PARTUUID is different), so I've got everything pretty much where it was.
I have two issues though, and am effectively stuck now because nothing I try works. Hopefully someone here can point me to the fix. The only underlying difference between the orignial setup and this, is that I'm now on Bookworm. I used RPI Imager to use the LITE version...
Issue #1
All the site's data (pages, database, etc.) reside on a USB flash drive connected to the Pi. I cannot change file permissions or owners. This may or may not be okay in the bigger picture, but there's a database that gets data added/changed on that flash drive. This may become a problem if the permissions prevent the necessary I/O. Either way, /etc/fstab says:I am not accessing the USB via SAMBA, so I don't need to worry about that. I would consider reformatting, but if I want to move a large file on/off the flash drive from my Windows PC, that won't work. 98% of the files are small and I transit them with FTP on the rare occasion there is one...
Issue #2
This one is a little more baffling: I cannot seem to get Certbot to install my SSL certificate to install.
sudo apachectl -S returns:
The config file (iliad.conf) reads:The only changes made to the default apache2.conf file are appends at the bottom; since the rest is unchanged, I'm only including those mods:When I try to install the certificate, I get:The log file says:Nevertheless, after running certbot --apache, the following lines are appended to iliad.conf:I'm wondering if the problem is missing or buggy bits in CertBot. Issuing certbot --version returns certbot 2.1.0
What am I missing? If anyone needs more config files or other info, please ask :-)
The server crashed unexpectedly on Monday, and even after another fsck on the card that came back clean, it would boot-loop (throw errors starting services, reboot, throw the same errors, reboot, ad nauseam). Hardware/Power-wise, I'm good. I concluded that the card would need a reformat to mask out worn sectors if I want to use the card again. As a result, I got a brand new SD card, and started from scratch.
Everything is 99.9% back as I copied in most of the configs as they were when things choked; those I didn't are ones created on the fly or modified during a setup process (for the server's virtual host I restored the "fresh install" version since certbot modifies it, and for fstab, I added the automount for the USB flash drive since the PARTUUID is different), so I've got everything pretty much where it was.
I have two issues though, and am effectively stuck now because nothing I try works. Hopefully someone here can point me to the fix. The only underlying difference between the orignial setup and this, is that I'm now on Bookworm. I used RPI Imager to use the LITE version...
Issue #1
All the site's data (pages, database, etc.) reside on a USB flash drive connected to the Pi. I cannot change file permissions or owners. This may or may not be okay in the bigger picture, but there's a database that gets data added/changed on that flash drive. This may become a problem if the permissions prevent the necessary I/O. Either way, /etc/fstab says:
Code:
#-------------------------------------------------------------------------------# /etc/fstab## This file contains the filesystem mountpoint mappings table.#-------------------------------------------------------------------------------proc /proc proc defaults 0 0PARTUUID=2fb720ea-01 /boot/firmware vfat defaults 0 2PARTUUID=2fb720ea-02 / ext4 defaults,noatime 0 1UUID="905A-CDB8" /media/usb vfat defaults,rw,owner,auto,uid=1001,gid=1001 0 1# a swapfile is not a swap partition, no line here# use dphys-swapfile swap[on|off] for thatIssue #2
This one is a little more baffling: I cannot seem to get Certbot to install my SSL certificate to install.
sudo apachectl -S returns:
Code:
VirtualHost configuration:*:443 bygraf.freeddns.org (/etc/apache2/sites-enabled/iliad.conf:9)*:80 is a NameVirtualHost default server 127.0.0.1 (/etc/apache2/sites-enabled/000-default.conf:1) port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-default.conf:1) port 80 namevhost bygraf.freeddns.org (/etc/apache2/sites-enabled/iliad.conf:9) alias bygraf.freeddns.org alias iliad.bygraf.freeddns.orgServerRoot: "/etc/apache2"Main DocumentRoot: "/var/www/html"Main ErrorLog: "/var/log/apache2/error.log"Mutex ssl-stapling: using_defaultsMutex ssl-cache: using_defaultsMutex default: dir="/var/run/apache2/" mechanism=defaultMutex mpm-accept: using_defaultsMutex watchdog-callback: using_defaultsMutex ssl-stapling-refresh: using_defaultsPidFile: "/var/run/apache2/apache2.pid"Define: DUMP_VHOSTSDefine: DUMP_RUN_CFGUser: name="www-data" id=33 not_usedGroup: name="www-data" id=33 not_usedCode:
# ------------------------------------------------------------------------------# Server Configuration# ------------------------------------------------------------------------------<VirtualHost *:80 *:443> ServerName bygraf.freeddns.org ServerAlias bygraf.freeddns.org ServerAlias iliad.bygraf.freeddns.org DocumentRoot "/media/usb/iliad/html" ErrorLog ${APACHE_LOG_DIR}/iliad.log CustomLog ${APACHE_LOG_DIR}/iliad_access.log combined <Directory "/media/usb/iliad/html"> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> # SSL Certificate</VirtualHost>Code:
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combinedLogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combinedLogFormat "%h %l %u %t \"%r\" %>s %O" commonLogFormat "%{Referer}i -> %U" refererLogFormat "%{User-agent}i" agent# ---[ Insertions ]---------------------------------------------------------------------LogFormat "[%t] [%l] [client %a] (%U)"# --------------------------------------------------------------------------------------# Include of directories ignores editors' and dpkg's backup files,# see README.Debian for details.# Include generic snippets of statementsIncludeOptional conf-enabled/*.conf# Include the virtual host configurations:IncludeOptional sites-enabled/*.conf# ---[ Additions ]---------------------------------------------------------------------# Include phpmyadmin configuration# Include /etc/phpmyadmin/apache.conf# Include loopback referenceServerName 127.0.0.1# Custom HTTP RedirectsErrorDocument 403 error/http-403.htmlErrorDocument 404 error/http-404.htmlErrorDocument 500 error/http-500.htmlErrorDocument 503 error/http-503.html# --------------------------------------------------------------------------------------Code:
$ sudo certbot --apacheSaving debug log to /var/log/letsencrypt/letsencrypt.logWhich names would you like to activate HTTPS for?We recommend selecting either all domains, or all domains in a VirtualHost/server block.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1: bygraf.freeddns.org2: iliad.bygraf.freeddns.org- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Select the appropriate numbers separated by commas and/or spaces, or leave inputblank to select all options shown (Enter 'c' to cancel):Requesting a certificate for bygraf.freeddns.org and iliad.bygraf.freeddns.orgSuccessfully received certificate.Certificate is saved at: /etc/letsencrypt/live/bygraf.freeddns.org/fullchain.pemKey is saved at: /etc/letsencrypt/live/bygraf.freeddns.org/privkey.pemThis certificate expires on 2025-11-25.These files will be updated when the certificate renews.Certbot has set up a scheduled task to automatically renew this certificate in the background.Deploying certificateSuccessfully deployed certificate for bygraf.freeddns.org to /etc/apache2/sites-enabled/iliad.confSuccessfully deployed certificate for iliad.bygraf.freeddns.org to /etc/apache2/sites-enabled/iliad.confFailed redirect for bygraf.freeddns.orgUnable to set the redirect enhancement for bygraf.freeddns.org.NEXT STEPS:- The certificate was saved, but could not be installed (installer: apache). After fixing the error shown below, try installing it again by running: certbot install --cert-name bygraf.freeddns.orgUnable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirectionAsk for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.Code:
-----END CERTIFICATE-----2025-08-27 14:04:46,801:DEBUG:acme.client:Storing nonce: p_cZL87hLWZgg1JdRmu786uYpWtjuRhlZJClF7rZjp02asJsPLg2025-08-27 14:04:46,813:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/archive/bygraf.freeddns.org.2025-08-27 14:04:46,814:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/live/bygraf.freeddns.org.2025-08-27 14:04:46,816:DEBUG:certbot._internal.storage:Writing certificate to /etc/letsencrypt/live/bygraf.freeddns.org/cert.pem.2025-08-27 14:04:46,817:DEBUG:certbot._internal.storage:Writing private key to /etc/letsencrypt/live/bygraf.freeddns.org/privkey.pem.2025-08-27 14:04:46,818:DEBUG:certbot._internal.storage:Writing chain to /etc/letsencrypt/live/bygraf.freeddns.org/chain.pem.2025-08-27 14:04:46,819:DEBUG:certbot._internal.storage:Writing full chain to /etc/letsencrypt/live/bygraf.freeddns.org/fullchain.pem.2025-08-27 14:04:46,820:DEBUG:certbot._internal.storage:Writing README to /etc/letsencrypt/live/bygraf.freeddns.org/README.2025-08-27 14:04:46,885:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache2025-08-27 14:04:46,887:DEBUG:certbot._internal.cli:Var authenticator=apache (set by user).2025-08-27 14:04:46,887:DEBUG:certbot._internal.cli:Var installer=apache (set by user).2025-08-27 14:04:46,890:DEBUG:certbot._internal.storage:Writing new config /etc/letsencrypt/renewal/bygraf.freeddns.org.conf.2025-08-27 14:04:46,905:DEBUG:certbot._internal.display.obj:Notifying user:Successfully received certificate.Certificate is saved at: /etc/letsencrypt/live/bygraf.freeddns.org/fullchain.pemKey is saved at: /etc/letsencrypt/live/bygraf.freeddns.org/privkey.pemThis certificate expires on 2025-11-25.These files will be updated when the certificate renews.Certbot has set up a scheduled task to automatically renew this certificate in the background.2025-08-27 14:04:46,906:DEBUG:certbot._internal.display.obj:Notifying user: Deploying certificate2025-08-27 14:04:47,060:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/iliad.conf2025-08-27 14:04:47,192:INFO:certbot_apache._internal.configurator:Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/iliad.conf2025-08-27 14:04:47,193:DEBUG:certbot._internal.display.obj:Notifying user: Successfully deployed certificate for bygraf.freeddns.org to /etc/apache2/sites-enabled/iliad.conf2025-08-27 14:04:48,079:INFO:certbot_apache._internal.configurator:Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/iliad.conf2025-08-27 14:04:48,080:DEBUG:certbot._internal.display.obj:Notifying user: Successfully deployed certificate for iliad.bygraf.freeddns.org to /etc/apache2/sites-enabled/iliad.conf2025-08-27 14:04:48,830:INFO:certbot_apache._internal.override_debian:Enabled Apache rewrite module2025-08-27 14:04:49,200:DEBUG:certbot_apache._internal.configurator:Did not find http version of ssl virtual host attempting to create2025-08-27 14:04:49,201:ERROR:certbot_apache._internal.configurator:Failed redirect for bygraf.freeddns.org2025-08-27 14:04:49,201:ERROR:certbot._internal.client:Unable to set the redirect enhancement for bygraf.freeddns.org.2025-08-27 14:04:49,215:DEBUG:certbot._internal.error_handler:Encountered exception:raceback (most recent call last): File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 714, in apply_enhancement self.installer.enhance(dom, enhancement, options) File "/usr/lib/python3/dist-packages/certbot_apache/_internal/configurator.py", line 1836, in enhance func(vhost, options) File "/usr/lib/python3/dist-packages/certbot_apache/_internal/configurator.py", line 2067, in _enable_redirect raise errors.PluginError(certbot.errors.PluginError: Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection2025-08-27 14:04:49,216:DEBUG:certbot._internal.error_handler:Calling registered functions2025-08-27 14:04:49,396:DEBUG:certbot._internal.display.obj:Notifying user: NEXT STEPS:2025-08-27 14:04:49,397:DEBUG:certbot._internal.display.obj:Notifying user: - The certificate was saved, but could not be installed (installer: apache). After fixing the error shown below, try installing it again by running: certbot install --cert-name bygraf.freeddns.org2025-08-27 14:04:49,398:DEBUG:certbot._internal.log:Exiting abnormally:Traceback (most recent call last): File "/usr/bin/certbot", line 33, in <module> sys.exit(load_entry_point('certbot==2.1.0', 'console_scripts', 'certbot')()) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main return internal_main.main(cli_args) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1736, in main return config.func(config, plugins) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1470, in run raise installer_err File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1454, in run _install_cert(config, le_client, domains, new_lineage) File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1051, in _install_cert le_client.enhance_config(domains, path_provider.chain_path) File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 681, in enhance_config self.apply_enhancement(domains, enhancement_name, option) File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 714, in apply_enhancement self.installer.enhance(dom, enhancement, options) File "/usr/lib/python3/dist-packages/certbot_apache/_internal/configurator.py", line 1836, in enhance func(vhost, options) File "/usr/lib/python3/dist-packages/certbot_apache/_internal/configurator.py", line 2067, in _enable_redirect raise errors.PluginError(certbot.errors.PluginError: Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection2025-08-27 14:04:49,406:ERROR:certbot._internal.log:Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirectionCode:
Include /etc/letsencrypt/options-ssl-apache.confSSLCertificateFile /etc/letsencrypt/live/bygraf.freeddns.org/fullchain.pemSSLCertificateKeyFile /etc/letsencrypt/live/bygraf.freeddns.org/privkey.pemWhat am I missing? If anyone needs more config files or other info, please ask :-)
Statistics: Posted by graf_eberstein — Wed Aug 27, 2025 7:00 pm