No vhost was selected

[hugo-connery]

Firstly, I ran a successful certonly -d ... type run yesterday, and deployed that to https://sec.it.env.dtu.dk So, well done LetsEncrypt for that.

Today, with the release of 0.5.0 I wanted to re-try the --apache plugin, as it failed yesterday.

I'm running RHEL 7 with IPv6 as a virtual machine over a Windows HyperV installation (just to make stuff interesting ;).

$ uname -a
Linux vwww3.env.dtu.dk 3.10.0-327.13.1.el7.x86_64 #1 SMP Thu Mar 31 16:04:38 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
$ httpd -V
Server version: Apache/2.4.6 (CentOS)
Server built: Nov 19 2015 21:43:13
Server's Module Magic Number: 20120211:24
Server loaded: APR 1.4.8, APR-UTIL 1.5.2
Compiled using: APR 1.4.8, APR-UTIL 1.5.2
Architecture: 64-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/etc/httpd"
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="/run/httpd/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
$ ./letsencrypt-auto --version
Checking for new version...
Requesting root privileges to run letsencrypt...
/root/.local/share/letsencrypt/bin/letsencrypt --version
letsencrypt 0.5.0

$ ./letsencrypt-auto --apache -d sec.it.env.dtu.dk
ncurses display .... No names were found in your configuration files.\nYou should specify ServerNames...

Config:
<VirtualHost 192.38.76.15:443 [2001:878:200:2000:0003::2]:443>
ServerAdmin webmaster@env.dtu.dk
DocumentRoot /var/www/html/sec.it.env.dtu.dk
ServerName sec.it.env.dtu.dk
ErrorLog logs/sec.it.env.dtu.dk-error_log
CustomLog logs/sec.it.env.dtu.dk-access_log common
DirectoryIndex index.html
#
# SSL Config
#
SSLEngine on
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"
SSLCertificateKeyFile /etc/letsencrypt/live/sec.it.env.dtu.dk/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/sec.it.env.dtu.dk/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/sec.it.env.dtu.dk/chain.pem
# HSTS
Header add Strict-Transport-Security "max-age=15768000"
<Directory /var/www/html/sec.it.env.dtu.dk>
AllowOverride none
Require all granted
Options +Indexes

As you can verify the site works, thus the config is fine. Apache 2.4.6 does not seem to need NameVirtualHost directives, and they are not in the config.

I dont have a problem as the cert isn't expiring soon, and the "certonly" method works fine and I can easily install them. But, it is funny that the client cant see this obvious virtual host. IPv6 ??

Thanks all for the LE efforts.

/Hugo

[pde]

@joohoi want to take this?

[pde]

@hugo-connery the fact that you have a ServerName directive should be enough for this config to work, so I think this is definitely a bug...

[joohoi]

Yeah, I'll take this.

@hugo-connery thanks for extensive information about the environment! However if you could send us the output of:

python -c 'import platform;print([platform.system(),platform.linux_distribution()[0]])'

to make sure we end up using the correct system layout and defaults for your distribution (want to verify that we are actually searching correct paths for the vhosts)

[hugo-connery]

Hi,

No problem. Will do. I appreciate the fast response.

Long live LE.

Hugo Connery

Head of IT, DTU Environment, http://www.env.dtu.dk
Reduce the risk of using IT by understanding it.

---

From: Joona Hoikkala [notifications@github.com]
Sent: Wednesday, 6 April 2016 19:46
To: letsencrypt/letsencrypt
Cc: Hugo Maxwell Connery
Subject: Re: [letsencrypt/letsencrypt] No vhost was selected (#2776)

Yeah, I'll take this. @hugo-conneryhttps://github.com/hugo-connery thanks for extensive information about the environment! However if you could send us the output of:

python -c 'import platform;print([platform.system(),platform.linux_distribution()[0]])'

to make sure we end up using the correct system layout and defaults for your distribution (want to verify that we are actually searching correct paths for the vhosts)

�
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHubhttps://github.com//issues/2776#issuecomment-206484850

[hugo-connery]

Hi,

I'm not sure that this is going to help you much, but

['Linux', 'CentOS Linux']

is the output of the command you wished me to run.

I would think that this is a sub-set of the information
I already supplied.

Whatever.

Hugo Connery

Head of IT, DTU Environment, http://www.env.dtu.dk
Reduce the risk of using IT by understanding it.

---

From: Joona Hoikkala [notifications@github.com]
Sent: Wednesday, 6 April 2016 19:46
To: letsencrypt/letsencrypt
Cc: Hugo Maxwell Connery
Subject: Re: [letsencrypt/letsencrypt] No vhost was selected (#2776)

Yeah, I'll take this. @hugo-conneryhttps://github.com/hugo-connery thanks for extensive information about the environment! However if you could send us the output of:

python -c 'import platform;print([platform.system(),platform.linux_distribution()[0]])'

to make sure we end up using the correct system layout and defaults for your distribution (want to verify that we are actually searching correct paths for the vhosts)

�
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHubhttps://github.com//issues/2776#issuecomment-206484850

[joohoi]

Yeah, it's just the actual calls we're using to get the distribution / os string, so wanted to make sure that it's detected correctly - just like it seems to be.

I confirmed that your VirtualHost configuration parses fine, so it must be something related to configuration layout / distribution defaults.

Does your virtualhost configuration file reside under /etc/httpd/conf.d and does the configuration file that holds the vhost have other vhosts in it?

[bmw]

Perhaps another instance of this?

[bret-miller]

In case it is, here is some information:
Letsencrypt says:

We were unable to find a vhost with a ServerName or Address of www.cbmission.org.
Which virtual host would you like to choose?

/etc/apache2/sites-available/cbmission.org.conf says at the top:

<VirtualHost *:80>
        ServerName cbmission.org
        ServerAlias www.cbmission.org

and later:

</VirtualHost>
<VirtualHost *:443>
        ServerName cbmission.org
        ServerAlias www.cbmission.org

python -c 'import platform;print([platform.system(),platform.linux_distribution()[0]])' says:
['Linux', 'Ubuntu']
Note that this configuration was working perfectly until I updated to client version 0.5.0 today. Now I have to manually edit the apache config files after letsencrypt issues the certificate.

Let me know if there's other information that would be helpful.

[thorstensiefert]

Got the same issue with two vhosts which where perfectly configured before - and destroyed after the renewal process.

Am 07.04.2016 um 21:45 schrieb Bret Miller notifications@github.com:

In case it is, here is some information:
Letsencrypt says:
We were unable to find a vhost with a ServerName or Address of www.cbmission.org.
Which virtual host would you like to choose?

/etc/apache2/sites-available/cbmission.org.conf says at the top:

ServerName cbmission.org
ServerAlias www.cbmission.org

and later:

ServerName cbmission.org
ServerAlias www.cbmission.org

python -c 'import platform;print([platform.system(),platform.linux_distribution()[0]])' says:
['Linux', 'Ubuntu']

Note that this configuration was working perfectly until I updated to client version 0.5.0 today. Now I have to manually edit the apache config files after letsencrypt issues the certificate.

Let me know if there's other information that would be helpful.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub

[joohoi]

@bret-miller & @thorstensiefert & @hugo-connery : could you post the contents of LE log file to a pastebin in case it has some more information on this. The file in question is /var/log/letsencrypt/letsencrypt.log

[bret-miller]

I did several domains on Friday. Here's the log from then:
http://pastebin.com/tZtV9eks

[joohoi]

@bret-miller The log file doesn't seem to have a reference to the failed run you reported earlier, or did the run(s) on the log also result into similarily broken config files? If not, could you check /var/log/letsencrypt/letsencrypt.log.1 letsencrypt.log.2 and so on, for the one that has the information on the run with domain www.cbmission.org