I love you.
I am having a hell of a time with Let's Encrypt. I have my domain name, and my firewall rules permit the traffic, even telent mydomain.com 80 responds, however I always get this error:
Code:
[root@nextcloud ~]# acme.sh --issue -d mydomain.com --force -w /usr/local/www/apache24/data -k 4096 --fullchain-file /usr/local/etc/pki/tls/certs/fullchain.pem --key-file /usr/local/etc/pki/tls/private/privkey.pem --reloadcmd "service apache24 reload"
[Thu Dec 13 14:45:59 PST 2018] Registering account
[Thu Dec 13 14:46:00 PST 2018] Registered
[Thu Dec 13 14:46:00 PST 2018] ACCOUNT_THUMBPRINT='gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ'
[Thu Dec 13 14:46:00 PST 2018] Single domain='mydomain.com'
[Thu Dec 13 14:46:00 PST 2018] Getting domain auth token for each domain
[Thu Dec 13 14:46:00 PST 2018] Getting webroot for domain='mydomain.com'
[Thu Dec 13 14:46:00 PST 2018] Getting new-authz for domain='mydomain.com'
[Thu Dec 13 14:46:01 PST 2018] The new-authz request is ok.
[Thu Dec 13 14:46:01 PST 2018] Verifying:mydomain.com
[Thu Dec 13 14:46:04 PST 2018] mydomain.com:Verify error:Invalid response from http://mydomain.com/.well-known/acme-challenge/iBLc17MyCs2CfhMncdAWah0MP5OmhJ-NGp5LjGz-9pQ:
[Thu Dec 13 14:46:04 PST 2018] Please add '--debug' or '--log' to check more details.
[Thu Dec 13 14:46:04 PST 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[root@nextcloud ~]# acme.sh --issue -d mydomain.com --force -w /usr/local/www/apache24/data -k 4096 --fullchain-file /usr/local/etc/pki/tls/certs/fullchain.pem --key-file /usr/local/etc/pki/tls/private/privkey.pem --reloadcmd "service apache24 reload" --debug
[Thu Dec 13 14:46:12 PST 2018] Lets find script dir.
[Thu Dec 13 14:46:12 PST 2018] _SCRIPT_='/root/.acme.sh/acme.sh'
[Thu Dec 13 14:46:12 PST 2018] _script='/root/.acme.sh/acme.sh'
[Thu Dec 13 14:46:12 PST 2018] _script_home='/root/.acme.sh'
[Thu Dec 13 14:46:12 PST 2018] Using config home:/root/.acme.sh
https://github.com/Neilpang/acme.sh
v2.8.0
[Thu Dec 13 14:46:12 PST 2018] _main_domain='mydomain.com'
[Thu Dec 13 14:46:12 PST 2018] _alt_domains='no'
[Thu Dec 13 14:46:12 PST 2018] Using config home:/root/.acme.sh
[Thu Dec 13 14:46:12 PST 2018] ACME_DIRECTORY='https://acme-v01.api.letsencrypt.org/directory'
[Thu Dec 13 14:46:12 PST 2018] DOMAIN_PATH='/root/.acme.sh/mydomain.com'
[Thu Dec 13 14:46:12 PST 2018] Using ACME_DIRECTORY: https://acme-v01.api.letsencrypt.org/directory
[Thu Dec 13 14:46:12 PST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Thu Dec 13 14:46:12 PST 2018] GET
[Thu Dec 13 14:46:12 PST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Thu Dec 13 14:46:12 PST 2018] timeout=
[Thu Dec 13 14:46:12 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Dec 13 14:46:12 PST 2018] ret='0'
[Thu Dec 13 14:46:12 PST 2018] ACME_KEY_CHANGE='https://acme-v01.api.letsencrypt.org/acme/key-change'
[Thu Dec 13 14:46:12 PST 2018] ACME_NEW_AUTHZ='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Dec 13 14:46:12 PST 2018] ACME_NEW_ORDER='https://acme-v01.api.letsencrypt.org/acme/new-cert'
[Thu Dec 13 14:46:12 PST 2018] ACME_NEW_ACCOUNT='https://acme-v01.api.letsencrypt.org/acme/new-reg'
[Thu Dec 13 14:46:12 PST 2018] ACME_REVOKE_CERT='https://acme-v01.api.letsencrypt.org/acme/revoke-cert'
[Thu Dec 13 14:46:12 PST 2018] ACME_AGREEMENT='https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf'
[Thu Dec 13 14:46:12 PST 2018] ACME_NEW_NONCE
[Thu Dec 13 14:46:12 PST 2018] ACME_VERSION
[Thu Dec 13 14:46:13 PST 2018] Le_NextRenewTime
[Thu Dec 13 14:46:13 PST 2018] _on_before_issue
[Thu Dec 13 14:46:13 PST 2018] _chk_main_domain='mydomain.com'
[Thu Dec 13 14:46:13 PST 2018] _chk_alt_domains
[Thu Dec 13 14:46:13 PST 2018] Le_LocalAddress
[Thu Dec 13 14:46:13 PST 2018] d='mydomain.com'
[Thu Dec 13 14:46:13 PST 2018] Check for domain='mydomain.com'
[Thu Dec 13 14:46:13 PST 2018] _currentRoot='/usr/local/www/apache24/data'
[Thu Dec 13 14:46:13 PST 2018] d
[Thu Dec 13 14:46:13 PST 2018] _saved_account_key_hash is not changed, skip register account.
[Thu Dec 13 14:46:13 PST 2018] Read key length:4096
[Thu Dec 13 14:46:13 PST 2018] _createcsr
[Thu Dec 13 14:46:13 PST 2018] Single domain='mydomain.com'
[Thu Dec 13 14:46:13 PST 2018] Getting domain auth token for each domain
[Thu Dec 13 14:46:13 PST 2018] d='mydomain.com'
[Thu Dec 13 14:46:13 PST 2018] Getting webroot for domain='mydomain.com'
[Thu Dec 13 14:46:13 PST 2018] _w='/usr/local/www/apache24/data'
[Thu Dec 13 14:46:13 PST 2018] _currentRoot='/usr/local/www/apache24/data'
[Thu Dec 13 14:46:13 PST 2018] Getting new-authz for domain='mydomain.com'
[Thu Dec 13 14:46:13 PST 2018] _init api for server: https://acme-v01.api.letsencrypt.org/directory
[Thu Dec 13 14:46:13 PST 2018] Try new-authz for the 0 time.
[Thu Dec 13 14:46:13 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Dec 13 14:46:13 PST 2018] payload='{"resource": "new-authz", "identifier": {"type": "dns", "value": "mydomain.com"}}'
[Thu Dec 13 14:46:13 PST 2018] RSA key
[Thu Dec 13 14:46:13 PST 2018] GET
[Thu Dec 13 14:46:13 PST 2018] url='https://acme-v01.api.letsencrypt.org/directory'
[Thu Dec 13 14:46:13 PST 2018] timeout=
[Thu Dec 13 14:46:13 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Dec 13 14:46:13 PST 2018] ret='0'
[Thu Dec 13 14:46:13 PST 2018] POST
[Thu Dec 13 14:46:13 PST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/new-authz'
[Thu Dec 13 14:46:13 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Dec 13 14:46:14 PST 2018] _ret='0'
[Thu Dec 13 14:46:14 PST 2018] code='201'
[Thu Dec 13 14:46:14 PST 2018] The new-authz request is ok.
[Thu Dec 13 14:46:14 PST 2018] entry='"type":"http-01","status":"pending","uri":"https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182","token":"98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0"'
[Thu Dec 13 14:46:14 PST 2018] token='98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0'
[Thu Dec 13 14:46:14 PST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182'
[Thu Dec 13 14:46:14 PST 2018] keyauthorization='98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ'
[Thu Dec 13 14:46:14 PST 2018] dvlist='mydomain.com#98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ#https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182#http-01#/usr/local/www/apache24/data'
[Thu Dec 13 14:46:14 PST 2018] d
[Thu Dec 13 14:46:14 PST 2018] vlist='mydomain.com#98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ#https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182#http-01#/usr/local/www/apache24/data,'
[Thu Dec 13 14:46:14 PST 2018] d='mydomain.com'
[Thu Dec 13 14:46:14 PST 2018] ok, let's start to verify
[Thu Dec 13 14:46:14 PST 2018] Verifying:mydomain.com
[Thu Dec 13 14:46:14 PST 2018] d='mydomain.com'
[Thu Dec 13 14:46:14 PST 2018] keyauthorization='98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ'
[Thu Dec 13 14:46:14 PST 2018] uri='https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182'
[Thu Dec 13 14:46:14 PST 2018] _currentRoot='/usr/local/www/apache24/data'
[Thu Dec 13 14:46:14 PST 2018] wellknown_path='/usr/local/www/apache24/data/.well-known/acme-challenge'
[Thu Dec 13 14:46:14 PST 2018] writing token:98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0 to /usr/local/www/apache24/data/.well-known/acme-challenge/98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0
[Thu Dec 13 14:46:14 PST 2018] Changing owner/group of .well-known to root:wheel
[Thu Dec 13 14:46:14 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182'
[Thu Dec 13 14:46:14 PST 2018] payload='{"resource": "challenge", "keyAuthorization": "98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ"}'
[Thu Dec 13 14:46:14 PST 2018] POST
[Thu Dec 13 14:46:14 PST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182'
[Thu Dec 13 14:46:14 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Dec 13 14:46:14 PST 2018] _ret='0'
[Thu Dec 13 14:46:14 PST 2018] code='202'
[Thu Dec 13 14:46:14 PST 2018] sleep 2 secs to verify
[Thu Dec 13 14:46:16 PST 2018] checking
[Thu Dec 13 14:46:16 PST 2018] GET
[Thu Dec 13 14:46:16 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182'
[Thu Dec 13 14:46:16 PST 2018] timeout=
[Thu Dec 13 14:46:16 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Dec 13 14:46:17 PST 2018] ret='0'
[Thu Dec 13 14:46:17 PST 2018] mydomain.com:Verify error:Fetching http://mydomain.com/.well-known/acme-challenge/98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0: Connection refused
[Thu Dec 13 14:46:17 PST 2018] Debug: get token url.
[Thu Dec 13 14:46:17 PST 2018] GET
[Thu Dec 13 14:46:17 PST 2018] url='http://mydomain.com/.well-known/acme-challenge/98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0'
[Thu Dec 13 14:46:17 PST 2018] timeout=1
[Thu Dec 13 14:46:17 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g --connect-timeout 1'
[Thu Dec 13 14:46:17 PST 2018] Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 7
[Thu Dec 13 14:46:17 PST 2018] ret='7'
[Thu Dec 13 14:46:17 PST 2018] Debugging, skip removing: /usr/local/www/apache24/data/.well-known
[Thu Dec 13 14:46:17 PST 2018] pid
[Thu Dec 13 14:46:17 PST 2018] No need to restore nginx, skip.
[Thu Dec 13 14:46:17 PST 2018] _clearupdns
[Thu Dec 13 14:46:17 PST 2018] skip dns.
[Thu Dec 13 14:46:17 PST 2018] _on_issue_err
[Thu Dec 13 14:46:17 PST 2018] Please add '--debug' or '--log' to check more details.
[Thu Dec 13 14:46:17 PST 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
[Thu Dec 13 14:46:17 PST 2018] url='https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182'
[Thu Dec 13 14:46:17 PST 2018] payload='{"resource": "challenge", "keyAuthorization": "98cKjd_xwEfRKbeNn0vuatPnLKT1qCZqFKgdXv8qdn0.gT2r6W9GJwy97TEUzD6by1wutrk1ynJ7dGS8JemRNKQ"}'
[Thu Dec 13 14:46:17 PST 2018] POST
[Thu Dec 13 14:46:17 PST 2018] _post_url='https://acme-v01.api.letsencrypt.org/acme/challenge/m1TSXz_3bLdKuxsHA1IgaZF8MUpIiZLTHyqgIQ7NQlQ/10299960182'
[Thu Dec 13 14:46:17 PST 2018] _CURL='curl -L --silent --dump-header /root/.acme.sh/http.header -g '
[Thu Dec 13 14:46:17 PST 2018] _ret='0'
[Thu Dec 13 14:46:17 PST 2018] code='400'
[Thu Dec 13 14:46:17 PST 2018] Diagnosis versions:
openssl:openssl
OpenSSL 1.0.2o-freebsd 27 Mar 2018
apache:
apache doesn't exists.
nginx:
nginx doesn't exists.
socat:
socat by Gerhard Rieger and contributors - see www.dest-unreach.org
Usage:
socat [options] <bi-address> <bi-address>
options:
-V print version and feature information to stdout, and exit
-h|-? print a help text describing command line options and addresses
-hh like -h, plus a list of all common address option names
-hhh like -hh, plus a list of all available address option names
-d increase verbosity (use up to 4 times; 2 are recommended)
-D analyze file descriptors before loop
-ly[facility] log to syslog, using facility (default is daemon)
-lf<logfile> log to file
-ls log to stderr (default if no other log)
-lm[facility] mixed log mode (stderr during initialization, then syslog)
-lp<progname> set the program name used for logging
-lu use microseconds for logging timestamps
-lh add hostname to log messages
-v verbose data traffic, text
-x verbose data traffic, hexadecimal
-b<size_t> set data buffer size (8192)
-s sloppy (continue on error)
-t<timeout> wait seconds before closing second channel
-T<timeout> total inactivity timeout in seconds
-u unidirectional mode (left to right)
-U unidirectional mode (right to left)
-g do not check option groups
-L <lockfile> try to obtain lock, or fail
-W <lockfile> try to obtain lock, or wait
-4 prefer IPv4 if version is not explicitly specified
-6 prefer IPv6 if version is not explicitly specified
bi-address:
pipe[,<opts>] groups=FD,FIFO
<single-address>!!<single-address>
<single-address>
single-address:
<address-head>[,<opts>]
address-head:
create:<filename> groups=FD,REG,NAMED
exec:<command-line> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
fd:<num> groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
gopen:<filename> groups=FD,FIFO,CHR,BLK,REG,SOCKET,NAMED,OPEN,TERMIOS,UNIX
ip-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recv:<protocol> groups=FD,SOCKET,RANGE,IP4,IP6
ip-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6
ip-sendto:<host>:<protocol> groups=FD,SOCKET,IP4,IP6
ip4-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recv:<protocol> groups=FD,SOCKET,RANGE,IP4
ip4-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP4
ip4-sendto:<host>:<protocol> groups=FD,SOCKET,IP4
ip6-datagram:<host>:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recv:<protocol> groups=FD,SOCKET,RANGE,IP6
ip6-recvfrom:<protocol> groups=FD,SOCKET,CHILD,RANGE,IP6
ip6-sendto:<host>:<protocol> groups=FD,SOCKET,IP6
open:<filename> groups=FD,FIFO,CHR,BLK,REG,NAMED,OPEN,TERMIOS
openssl:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,OPENSSL
openssl-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP,OPENSSL
pipe:<filename> groups=FD,FIFO,NAMED,OPEN
proxy:<proxy-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,HTTP
pty groups=FD,NAMED,TERMIOS,PTY
sctp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,SCTP
sctp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,SCTP
sctp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,SCTP
sctp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,SCTP
sctp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,SCTP
sctp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,SCTP
socket-connect:<domain>:<protocol>:<remote-address> groups=FD,SOCKET,CHILD,RETRY
socket-datagram:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET,RANGE
socket-listen:<domain>:<protocol>:<local-address> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE
socket-recv:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,RANGE
socket-recvfrom:<domain>:<type>:<protocol>:<local-address> groups=FD,SOCKET,CHILD,RANGE
socket-sendto:<domain>:<type>:<protocol>:<remote-address> groups=FD,SOCKET
socks4:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
socks4a:<socks-server>:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP,SOCKS4
stderr groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdin groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdio groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
stdout groups=FD,FIFO,CHR,BLK,REG,SOCKET,TERMIOS,UNIX,IP4,IP6,UDP,TCP,SCTP
system:<shell-command> groups=FD,FIFO,SOCKET,EXEC,FORK,TERMIOS,PTY,PARENT,UNIX
tcp-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,IP6,TCP
tcp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,IP6,TCP
tcp4-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP4,TCP
tcp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP4,TCP
tcp6-connect:<host>:<port> groups=FD,SOCKET,CHILD,RETRY,IP6,TCP
tcp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RETRY,RANGE,IP6,TCP
udp-connect:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,IP6,UDP
udp-recv:<port> groups=FD,SOCKET,RANGE,IP4,IP6,UDP
udp-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,IP6,UDP
udp-sendto:<host>:<port> groups=FD,SOCKET,IP4,IP6,UDP
udp4-connect:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp4-datagram:<remote-address>:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP4,UDP
udp4-recv:<port> groups=FD,SOCKET,RANGE,IP4,UDP
udp4-recvfrom:<host>:<port> groups=FD,SOCKET,CHILD,RANGE,IP4,UDP
udp4-sendto:<host>:<port> groups=FD,SOCKET,IP4,UDP
udp6-connect:<host>:<port> groups=FD,SOCKET,IP6,UDP
udp6-datagram:<host>:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-listen:<port> groups=FD,SOCKET,LISTEN,CHILD,RANGE,IP6,UDP
udp6-recv:<port> groups=FD,SOCKET,RANGE,IP6,UDP
udp6-recvfrom:<port> groups=FD,SOCKET,CHILD,RANGE,IP6,UDP
udp6-sendto:<host>:<port> groups=FD,SOCKET,IP6,UDP
unix-client:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-connect:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-listen:<filename> groups=FD,SOCKET,NAMED,LISTEN,CHILD,RETRY,UNIX
unix-recv:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
unix-recvfrom:<filename> groups=FD,SOCKET,NAMED,CHILD,RETRY,UNIX
unix-sendto:<filename> groups=FD,SOCKET,NAMED,RETRY,UNIX
I'm not sure what comes first here, but apache24 will not start because the SSL configuration is invalid without the cert. So I remove the HTTPS config and started apache and re-ran the script: