Quantcast
Channel: Raspberry Pi Forums
Viewing all articles
Browse latest Browse all 8013

Networking and servers • Server Rebuild Issues

$
0
0
Short version: About 6 months ago I built a web server on a spare Pi3 to serve data for a personal project; it has its own (free) domain so it can be accessed remotely. When I set it up, it used the prior release of Raspberry Pi OS (Bullseye?), and except for an issue with libc that I fixed, everything worked great. Last weekend we experienced a series of power outages. I fsck'd the server's SD card on a different Pi and, while it found and fixed the inode issue I would expect from the outage, everything appeared fine.

The server crashed unexpectedly on Monday, and even after another fsck on the card that came back clean, it would boot-loop (throw errors starting services, reboot, throw the same errors, reboot, ad nauseam). Hardware/Power-wise, I'm good. I concluded that the card would need a reformat to mask out worn sectors if I want to use the card again. As a result, I got a brand new SD card, and started from scratch.

Everything is 99.9% back as I copied in most of the configs as they were when things choked; those I didn't are ones created on the fly or modified during a setup process (for the server's virtual host I restored the "fresh install" version since certbot modifies it, and for fstab, I added the automount for the USB flash drive since the PARTUUID is different), so I've got everything pretty much where it was.

I have two issues though, and am effectively stuck now because nothing I try works. Hopefully someone here can point me to the fix. The only underlying difference between the orignial setup and this, is that I'm now on Bookworm. I used RPI Imager to use the LITE version...

Issue #1
All the site's data (pages, database, etc.) reside on a USB flash drive connected to the Pi. I cannot change file permissions or owners. This may or may not be okay in the bigger picture, but there's a database that gets data added/changed on that flash drive. This may become a problem if the permissions prevent the necessary I/O. Either way, /etc/fstab says:

Code:

#-------------------------------------------------------------------------------# /etc/fstab## This file contains the filesystem mountpoint mappings table.#-------------------------------------------------------------------------------proc                  /proc           proc    defaults                                   0       0PARTUUID=2fb720ea-01  /boot/firmware  vfat    defaults                                   0       2PARTUUID=2fb720ea-02  /               ext4    defaults,noatime                           0       1UUID="905A-CDB8"      /media/usb      vfat    defaults,rw,owner,auto,uid=1001,gid=1001   0       1# a swapfile is not a swap partition, no line here#   use  dphys-swapfile swap[on|off]  for that
I am not accessing the USB via SAMBA, so I don't need to worry about that. I would consider reformatting, but if I want to move a large file on/off the flash drive from my Windows PC, that won't work. 98% of the files are small and I transit them with FTP on the rare occasion there is one...

Issue #2
This one is a little more baffling: I cannot seem to get Certbot to install my SSL certificate to install.

sudo apachectl -S returns:

Code:

VirtualHost configuration:*:443                  bygraf.freeddns.org (/etc/apache2/sites-enabled/iliad.conf:9)*:80                   is a NameVirtualHost         default server 127.0.0.1 (/etc/apache2/sites-enabled/000-default.conf:1)         port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-default.conf:1)         port 80 namevhost bygraf.freeddns.org (/etc/apache2/sites-enabled/iliad.conf:9)                 alias bygraf.freeddns.org                 alias iliad.bygraf.freeddns.orgServerRoot: "/etc/apache2"Main DocumentRoot: "/var/www/html"Main ErrorLog: "/var/log/apache2/error.log"Mutex ssl-stapling: using_defaultsMutex ssl-cache: using_defaultsMutex default: dir="/var/run/apache2/" mechanism=defaultMutex mpm-accept: using_defaultsMutex watchdog-callback: using_defaultsMutex ssl-stapling-refresh: using_defaultsPidFile: "/var/run/apache2/apache2.pid"Define: DUMP_VHOSTSDefine: DUMP_RUN_CFGUser: name="www-data" id=33 not_usedGroup: name="www-data" id=33 not_used
The config file (iliad.conf) reads:

Code:

# ------------------------------------------------------------------------------# Server Configuration# ------------------------------------------------------------------------------<VirtualHost *:80 *:443>        ServerName bygraf.freeddns.org        ServerAlias bygraf.freeddns.org        ServerAlias iliad.bygraf.freeddns.org        DocumentRoot "/media/usb/iliad/html"        ErrorLog ${APACHE_LOG_DIR}/iliad.log        CustomLog ${APACHE_LOG_DIR}/iliad_access.log combined        <Directory "/media/usb/iliad/html">                Options Indexes FollowSymLinks MultiViews                AllowOverride All                Order allow,deny                allow from all        </Directory>        # SSL Certificate</VirtualHost>
The only changes made to the default apache2.conf file are appends at the bottom; since the rest is unchanged, I'm only including those mods:

Code:

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combinedLogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combinedLogFormat "%h %l %u %t \"%r\" %>s %O" commonLogFormat "%{Referer}i -> %U" refererLogFormat "%{User-agent}i" agent# ---[ Insertions ]---------------------------------------------------------------------LogFormat "[%t] [%l] [client %a] (%U)"# --------------------------------------------------------------------------------------# Include of directories ignores editors' and dpkg's backup files,# see README.Debian for details.# Include generic snippets of statementsIncludeOptional conf-enabled/*.conf# Include the virtual host configurations:IncludeOptional sites-enabled/*.conf# ---[ Additions  ]---------------------------------------------------------------------# Include phpmyadmin configuration# Include /etc/phpmyadmin/apache.conf# Include loopback referenceServerName 127.0.0.1# Custom HTTP RedirectsErrorDocument 403 error/http-403.htmlErrorDocument 404 error/http-404.htmlErrorDocument 500 error/http-500.htmlErrorDocument 503 error/http-503.html# --------------------------------------------------------------------------------------
When I try to install the certificate, I get:

Code:

$ sudo certbot --apacheSaving debug log to /var/log/letsencrypt/letsencrypt.logWhich names would you like to activate HTTPS for?We recommend selecting either all domains, or all domains in a VirtualHost/server block.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1: bygraf.freeddns.org2: iliad.bygraf.freeddns.org- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Select the appropriate numbers separated by commas and/or spaces, or leave inputblank to select all options shown (Enter 'c' to cancel):Requesting a certificate for bygraf.freeddns.org and iliad.bygraf.freeddns.orgSuccessfully received certificate.Certificate is saved at: /etc/letsencrypt/live/bygraf.freeddns.org/fullchain.pemKey is saved at:         /etc/letsencrypt/live/bygraf.freeddns.org/privkey.pemThis certificate expires on 2025-11-25.These files will be updated when the certificate renews.Certbot has set up a scheduled task to automatically renew this certificate in the background.Deploying certificateSuccessfully deployed certificate for bygraf.freeddns.org to /etc/apache2/sites-enabled/iliad.confSuccessfully deployed certificate for iliad.bygraf.freeddns.org to /etc/apache2/sites-enabled/iliad.confFailed redirect for bygraf.freeddns.orgUnable to set the redirect enhancement for bygraf.freeddns.org.NEXT STEPS:- The certificate was saved, but could not be installed (installer: apache). After fixing the error shown below, try installing it again by running:  certbot install --cert-name bygraf.freeddns.orgUnable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirectionAsk for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
The log file says:

Code:

-----END CERTIFICATE-----2025-08-27 14:04:46,801:DEBUG:acme.client:Storing nonce: p_cZL87hLWZgg1JdRmu786uYpWtjuRhlZJClF7rZjp02asJsPLg2025-08-27 14:04:46,813:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/archive/bygraf.freeddns.org.2025-08-27 14:04:46,814:DEBUG:certbot._internal.storage:Creating directory /etc/letsencrypt/live/bygraf.freeddns.org.2025-08-27 14:04:46,816:DEBUG:certbot._internal.storage:Writing certificate to /etc/letsencrypt/live/bygraf.freeddns.org/cert.pem.2025-08-27 14:04:46,817:DEBUG:certbot._internal.storage:Writing private key to /etc/letsencrypt/live/bygraf.freeddns.org/privkey.pem.2025-08-27 14:04:46,818:DEBUG:certbot._internal.storage:Writing chain to /etc/letsencrypt/live/bygraf.freeddns.org/chain.pem.2025-08-27 14:04:46,819:DEBUG:certbot._internal.storage:Writing full chain to /etc/letsencrypt/live/bygraf.freeddns.org/fullchain.pem.2025-08-27 14:04:46,820:DEBUG:certbot._internal.storage:Writing README to /etc/letsencrypt/live/bygraf.freeddns.org/README.2025-08-27 14:04:46,885:DEBUG:certbot._internal.plugins.selection:Requested authenticator apache and installer apache2025-08-27 14:04:46,887:DEBUG:certbot._internal.cli:Var authenticator=apache (set by user).2025-08-27 14:04:46,887:DEBUG:certbot._internal.cli:Var installer=apache (set by user).2025-08-27 14:04:46,890:DEBUG:certbot._internal.storage:Writing new config /etc/letsencrypt/renewal/bygraf.freeddns.org.conf.2025-08-27 14:04:46,905:DEBUG:certbot._internal.display.obj:Notifying user:Successfully received certificate.Certificate is saved at: /etc/letsencrypt/live/bygraf.freeddns.org/fullchain.pemKey is saved at:         /etc/letsencrypt/live/bygraf.freeddns.org/privkey.pemThis certificate expires on 2025-11-25.These files will be updated when the certificate renews.Certbot has set up a scheduled task to automatically renew this certificate in the background.2025-08-27 14:04:46,906:DEBUG:certbot._internal.display.obj:Notifying user: Deploying certificate2025-08-27 14:04:47,060:DEBUG:certbot.reverter:Creating backup of /etc/apache2/sites-enabled/iliad.conf2025-08-27 14:04:47,192:INFO:certbot_apache._internal.configurator:Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/iliad.conf2025-08-27 14:04:47,193:DEBUG:certbot._internal.display.obj:Notifying user: Successfully deployed certificate for bygraf.freeddns.org to /etc/apache2/sites-enabled/iliad.conf2025-08-27 14:04:48,079:INFO:certbot_apache._internal.configurator:Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/iliad.conf2025-08-27 14:04:48,080:DEBUG:certbot._internal.display.obj:Notifying user: Successfully deployed certificate for iliad.bygraf.freeddns.org to /etc/apache2/sites-enabled/iliad.conf2025-08-27 14:04:48,830:INFO:certbot_apache._internal.override_debian:Enabled Apache rewrite module2025-08-27 14:04:49,200:DEBUG:certbot_apache._internal.configurator:Did not find http version of ssl virtual host attempting to create2025-08-27 14:04:49,201:ERROR:certbot_apache._internal.configurator:Failed redirect for bygraf.freeddns.org2025-08-27 14:04:49,201:ERROR:certbot._internal.client:Unable to set the redirect enhancement for bygraf.freeddns.org.2025-08-27 14:04:49,215:DEBUG:certbot._internal.error_handler:Encountered exception:raceback (most recent call last):  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 714, in apply_enhancement    self.installer.enhance(dom, enhancement, options)  File "/usr/lib/python3/dist-packages/certbot_apache/_internal/configurator.py", line 1836, in enhance    func(vhost, options)  File "/usr/lib/python3/dist-packages/certbot_apache/_internal/configurator.py", line 2067, in _enable_redirect    raise errors.PluginError(certbot.errors.PluginError: Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection2025-08-27 14:04:49,216:DEBUG:certbot._internal.error_handler:Calling registered functions2025-08-27 14:04:49,396:DEBUG:certbot._internal.display.obj:Notifying user: NEXT STEPS:2025-08-27 14:04:49,397:DEBUG:certbot._internal.display.obj:Notifying user: - The certificate was saved, but could not be installed (installer: apache). After fixing the error shown below, try installing it again by running:  certbot install --cert-name bygraf.freeddns.org2025-08-27 14:04:49,398:DEBUG:certbot._internal.log:Exiting abnormally:Traceback (most recent call last):  File "/usr/bin/certbot", line 33, in <module>    sys.exit(load_entry_point('certbot==2.1.0', 'console_scripts', 'certbot')())             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^  File "/usr/lib/python3/dist-packages/certbot/main.py", line 19, in main    return internal_main.main(cli_args)           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1736, in main    return config.func(config, plugins)           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1470, in run    raise installer_err  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1454, in run    _install_cert(config, le_client, domains, new_lineage)  File "/usr/lib/python3/dist-packages/certbot/_internal/main.py", line 1051, in _install_cert    le_client.enhance_config(domains, path_provider.chain_path)  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 681, in enhance_config    self.apply_enhancement(domains, enhancement_name, option)  File "/usr/lib/python3/dist-packages/certbot/_internal/client.py", line 714, in apply_enhancement    self.installer.enhance(dom, enhancement, options)  File "/usr/lib/python3/dist-packages/certbot_apache/_internal/configurator.py", line 1836, in enhance    func(vhost, options)  File "/usr/lib/python3/dist-packages/certbot_apache/_internal/configurator.py", line 2067, in _enable_redirect    raise errors.PluginError(certbot.errors.PluginError: Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection2025-08-27 14:04:49,406:ERROR:certbot._internal.log:Unable to find corresponding HTTP vhost; Unable to create one as intended addresses conflict; Current configuration does not support automated redirection
Nevertheless, after running certbot --apache, the following lines are appended to iliad.conf:

Code:

Include /etc/letsencrypt/options-ssl-apache.confSSLCertificateFile /etc/letsencrypt/live/bygraf.freeddns.org/fullchain.pemSSLCertificateKeyFile /etc/letsencrypt/live/bygraf.freeddns.org/privkey.pem
I'm wondering if the problem is missing or buggy bits in CertBot. Issuing certbot --version returns certbot 2.1.0

What am I missing? If anyone needs more config files or other info, please ask :-)

Statistics: Posted by graf_eberstein — Wed Aug 27, 2025 7:00 pm



Viewing all articles
Browse latest Browse all 8013

Trending Articles