I’m having trouble understanding what’s missing where I’ve added a LetsEncrypt certificate to a Django web application hosted on Linode (CentOS 7) and using Apache.
I used the certbot command to obtain an SSL certificate and noted the changes it added to the VirtualHosts files.
certbot --apache
I included with the root and www domains when prompted.
Here’s what LetsEncrypt added to the /etc/httpd/sites-available directory.
<server_name>.com.conf
<VirtualHost *:80>
# Default from LetsEncrypt
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.<server_name>.com [OR]
RewriteCond %{SERVER_NAME} =<server_name>.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
And
<server_name>.com-le-ssl.conf (where it wrapped it in mod_ssl and added the LE certificate lines)
<IfModule mod_ssl.c>
<VirtualHost *:443>
# Load wsgi module
LoadModule wsgi_module <details>
# NOTE. When assigning a LetEncrypt certbot --apache the WSGI lines need to
# be commented out.
WSGIDaemonProcess <name> <details>
WSGIProcessGroup <name>
WSGIScriptAlias / <wsgi.py path>
Alias /static <static_folder_path>
<Directory <static_folder_path>>
Require all granted
</Directory>
Alias /media <media_folder_path>
<Directory <media_folder_path>>
Require all granted
</Directory>
<Directory <Django_app_path>>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
ServerName <servername.com>
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias www.<servername.com>
SSLCertificateFile /etc/letsencrypt/live/<servername.com>/cert.pem
SSLCertificateFile /etc/letsencrypt/live/<server_name>.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<server_name>.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/<server_name>.com/chain.pem
</VirtualHost>
</IfModule>
It also added an Include httpd.conf referencing the above.
It may have added more. These were the changes I'm aware of.
I had previously configured a symbolic link to /etc/httpd/sites-available/<server_name>.com.conf via /etc/httpd/sites-enabled/<server_name>.com.conf
The process did mention the following:
We were unable to find a vhost with a ServerName or Address of www.<server_name>.com.
Which virtual host would you like to choose?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: ssl.conf | | HTTPS | Enabled
2: <server_name>.com.conf | | | Enabled
3: <server_name>.com-le-ssl.conf | <server_name>.com | HTTPS | Enabled
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 3
Deploying Certificate to VirtualHost /etc/httpd/sites-avilable/<server_name>.com-le-ssl.conf
Redirecting vhost in /etc/httpd/sites-enabled/<server_name>.com.conf to ssl vhost in /etc/httpd/sites-avilable/<server_name>.com-le-ssl.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://<server_name>.com and
https://www.<server_name>.com
I chose option 3.
While the root address https://<server_name>.com/home/ works fine and I get the secure padlock icon with a valid LetsEncrypt certificate, if I type https://www.<server_name>.com/home/ it entered fails and I get a 404 “Not Found” error:
”The requested URL /home/ was not found on this server.”
The url remains https://www.<server_name>.com/home/ so clearly is failing to redirect as intended.
In addition, it’s appearing as an unsecure link so I don’t is picking up the LetsEncrypt certificate either.
Same for the rest of the links. ie. https://<server_name>.com/weblog/2018/jan/15 works just fine but if it’s attempted as https://www.<server_name>.com/weblog/2018/jan/15 then it fails with the same “Not Found” error and again doesn’t redirect.
There’s nothing in the access or error logs that I could see. I was tailing them as I got the error.
I am redirecting in my app ie. <server_name>.com goes to <server_name>.com/home/ - as per the James Bennett’s Practical Django Projects book but I did note that if I tried this url https://www.<server_name>.com then I default to the /var/www/html directory and see the Apache Test page. I know this is the case since I can add an index.html file to /var/www/html and it will display ie.
<html>
<p>Hello</p>
</html>
I’m not experienced with Apache having previously relied on WebFaction support (sadly no longer). Links that seem to have cover the same area are here but I’ve not yet managed to fix this following any of the solutions offered up here.
https://serverfault.com/questions/816392/lets-encrypt-automatically-redirect-to-https-not-working
https://community.letsencrypt.org/t/we-were-unable-to-find-a-vhost-with-a-servername-or-address/117900
Following up in the suggestions in the comments. Here is a copy of the VirtualHost file which doens't using LetsEncrpyt for http (port 80)
<VirtualHost *:80>
# Load wsgi module
LoadModule wsgi_module <details>
# NOTE. When assigning a LetEncrypt certbot --apache the WSGI lines need to
# be commented out.
WSGIDaemonProcess <name> <details>
WSGIProcessGroup <name>
WSGIScriptAlias / <wsgi.py path>
Alias /static <static_folder_path>
<Directory <static_folder_path>>
Require all granted
</Directory>
Alias /media <media_folder_path>
<Directory <media_folder_path>>
Require all granted
</Directory>
<Directory <Django_app_path>>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
# Try some redirects redirect all www to domain.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www. [NC]
RewriteCond %{HTTP_HOST} ^(?:www.)?(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>
Under these circumstance the Rewrite works.
So having proved that the redirect works using http without LetsEncrypt to simplify things I comment out the line in http.conf so that I'm just focusing on one VirtualHost file - the one produced by LetsEncrpyt
IncludeOptional conf.d/*.conf
#IncludeOptional sites-enabled/*.conf
Include /etc/httpd/sites-avilable/<server_name>.com-le-ssl.conf
Restart Apache and the https://<server_name>.com works just fine. As before https://www.<server_name>.com fails with a 404.
Right now then I'm assuming there's only one VirtualHost file being used /etc/httpd/sites-avilable/<server_name>.com-le-ssl.conf so I try adding Redirects directly within that.
RewriteEngine on
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTPS_HOST} ^www. [NC]
RewriteCond %{HTTPS_HOST} ^(?:www.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
I put these at the end of the VirtualHost file immediately after references to the LetsEncrypt config. I'm not seeing a redirect. I put www in the request, www stays in the request presenting me with the 404.
question from:
https://stackoverflow.com/questions/65641323/redirect-www-to-root-django-wsgi-letsencrypt-is-failing-not-found 
