See my other answer. Disable the default page by command

sudo a2dissite “config file of default site”

Did you check the content of the sites-enabled folder? Are there only symlinks? One of the first posts in this thread suggested otherwise, that’s why I stick to this point.

sudo ls -l /etc/apache2/sites-enabled

What does this show?

nividan@nivsrvubu:~$ sudo a2dissite
Your choices are: nextcloud-le-ssl nextcloud
Which site(s) do you want to disable (wildcards ok)?

This is the only 2 i got enabled

nividan@nivsrvubu:~$ sudo ls -l /etc/apache2/sites-enabled
total 4
lrwxrwxrwx 1 root root 33 Dec 18 00:10 nextcloud.conf → …/sites-available/nextcloud.conf
lrwxrwxrwx 1 root root 50 Dec 14 17:04 nextcloud-le-ssl.conf → /etc/apache2/sites-available/nextcloud-le-ssl.conf
-rw-r–r-- 1 root root 1597 Dec 16 22:14 nextcloud-le-ssl.conf.save

Remove the file nextcloud-le-ssl.conf.save

Check the contents of
/etc/apache2/sites-available/nextcloud.conf
/etc/apache2/sites-available/nextcloud-le-ssl.conf

Are there duplicates? When I read your other post right, both the *80 and the *443 VirtualHost are in nextcloud-le-ssl.conf. Then you can disable the nextcloud.conf by

sudo a2dissite nextcloud

Must get some sleep now. Good luck.

First of all good night,

For the enabled now it's only le-ssl:
nivsrvubu:~$ sudo ls -l /etc/apache2/sites-enabled
total 0
lrwxrwxrwx 1 root root 50 Dec 14 17:04 nextcloud-le-ssl.conf -> /etc/apache2/sites-available/nextcloud-le-ssl.conf

I still getting “ERR_TOO_MANY_REDIRECTS”
and still:
“I remove the “Redirect permanent / h”
to get the site back to work, now it is going to https but it is on " Apache2 Ubuntu Default Page” and not my nextcloud"

Check this out, I think you do not need to put Virtual Host for port 443 into module, but turn on SSL via SSLEngine on:

Also there you can find tutorial how to setup better TLS, or get A+ on SSLlabs, especially Lests encrypt config include is not optimal: Include /etc/letsencrypt/options-ssl-apache.conf, there you have a lot of things that basically are not needed.

Ty fo the command, i have change my nextcloud-le-ssl.conf to the one you link in the commant.
I’m still stuck on the same problem, I get the massage “ERR_TOO_MANY_REDIRECTS”, if i comment out the per redirect # Redirect permanent / https://"host"/ i’m directed to https://“host” but to the “Apache2 Ubuntu Default Page” insted on my cloud

<VirtualHost "IP":80>

ServerName nextcloud
ServerAdmin "admin@host"

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

Redirect permanent / https://"host"/

</VirtualHost>

<VirtualHost "IP":443>

ServerName nextcloud
ServerAdmin "admin@host"

DocumentRoot /var/www/html/nextcloud/

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/"host"/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/"host"privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/"host"chain.pem
	
<FilesMatch "\.(cgi|shtml|phtml|php)$">
	SSLOptions +StdEnvVars
</FilesMatch>

<Directory /usr/lib/cgi-bin>
	SSLOptions +StdEnvVars
</Directory>
    
<Directory /var/www/html/nextcloud/>
	Options +FollowSymlinks
	AllowOverride All

	<IfModule mod_dav.c>
		Dav off
	</IfModule>

	SetEnv HOME /var/www/html/nextcloud
	SetEnv HTTP_HOME /var/www/html/nextcloud
</Directory>

Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
Header always set Referrer-Policy no-referrer
ErrorDocument 403 "Hmmmm... Looks it is not here xD:)"

</VirtualHost>

Lets start from the scratch:

1. What do you have in a sites-enabled folder? Please post output from:

ls -la /etc/apache2/sites-enabled/

if nextcloud-le-ssl.confis not there, you have to enable it by command

sudo a2ensite nextcloud-le-ssl.conf

and then reload the server as in point 3.

2. Did you check that host and nextcloud from the lines below are the same? E.g. mydomain.com?

Redirect permanent / https://mydomain.com/

and

ServerName mydomain.com

3. Did you restart your apache2 after change the settings?
   You can test your config before to restart the server if you have any error there by command:

apachectl configtest

Then reload the config by, e.g.:

sudo service apache2 reload

P.S. Are you using NAS? Then please check how to restart apache there.

:/etc/apache2/sites-enabled$ ls -la /etc/apache2/sites-enabled/
total 12
drwxr-xr-x 2 root root 4096 Dec 19 11:01 .
drwxr-xr-x 8 root root 4096 Dec 19 10:43 …
-rw-r–r-- 1 root root 1024 Dec 19 08:21 .nextcloud.conf.swp
lrwxrwxrwx 1 root root 50 Dec 14 17:04 nextcloud-le-ssl.conf → /etc/apache2/sites-available/nextcloud-le-ssl.conf

Server name was “nextcloud” and in the https://“was my domain”,
i cange the server name to the domain aswell but i got the same problem

/etc/apache2/sites-enabled$ sudo apachectl configtest
Syntax OK

I’m usining ubuntu server

I don’t know if it’s helps but this is my VH conf:

VirtualHost configuration:

“IP”:80 “Domain” (/etc/apache2/sites-enabled/nextcloud-le-ssl.conf:2)
“IP”:443 “Domain” (/etc/apache2/sites-enabled/nextcloud-le-ssl.conf:14)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir=“/var/run/apache2/” mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

Good, did you reload the config afterwars?

Can we try to do debugging in browser? We need to open debugging Network tool, for Firefox it is under Web Developer → Network (choice Persistent Logs):

image949×353 179 KB

Now we will be able to see what is redirected and where. On a screenshot above I goes to http to my server and it replays with 301 and redirected me to https://mydoamin.com (location in headers below the screenshot), then it is starting to loading with code 200. Basically this is what this config should do. Please open http connection to your server.

I did reload and restart the service few times yes.

image1643×728 51 KB

As you can see it’s find nothing when the “Redirect permanent” is on.
When it’s off “#Redirect permanent”:

image1695×921 69.6 KB

Lets check logs, please check what is in your /var/log/apache2/access.log and error.log.
Also is first 301 pointing to your server URL with https?

I suppose something is wrong with your SSL module or openSSL, here is Gist how to setup it quickly

And I really wondering why you see Apache web page…
Is your nextcloud really under /var/www/html/nextcloud/???

Please check your /etc/apache2/mods-enabled/dir.conf, it should looks like this (index.php is on a first place):

<IfModule mod_dir.c>
    DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
</IfModule>

access.log:

172.69.130.101 - - [20/Dec/2019:00:05:05 +0000] "PROPFIND /remote.php/dav/files/nividan/World%20of%20warcraft/Interface HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:05 +0000] "PROPFIND /remote.php/dav/files/nividan/World%20of%20warcraft/WTF HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:05 +0000] "PROPFIND /remote.php/dav/files/nividan/Niv%20Pc/Documents HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:05 +0000] "PROPFIND /remote.php/dav/files/nividan/Niv%20Pc/Pictures HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:10 +0000] "PROPFIND /remote.php/dav/files/nividan/World%20of%20warcraft/Interface HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:10 +0000] "PROPFIND /remote.php/dav/files/nividan/World%20of%20warcraft/WTF HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:10 +0000] "PROPFIND /remote.php/dav/files/nividan/Niv%20Pc/Documents HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:10 +0000] "PROPFIND /remote.php/dav/files/nividan/Niv%20Pc/Pictures HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:15 +0000] "PROPFIND /remote.php/dav/files/nividan/World%20of%20warcraft/Interface HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:15 +0000] "PROPFIND /remote.php/dav/files/nividan/World%20of%20warcraft/WTF HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:15 +0000] "PROPFIND /remote.php/dav/files/nividan/Niv%20Pc/Documents HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"
172.69.130.101 - - [20/Dec/2019:00:05:15 +0000] "PROPFIND /remote.php/dav/files/nividan/Niv%20Pc/Pictures HTTP/1.1" 400 0 "-" "Mozilla/5.0 (Windows) mirall/2.6.1stable-Win64 (build 20191105) (Nextcloud)"

error.log:

$
[Fri Dec 20 00:05:20.810208 2019] [core:info] [pid 20977] [client 172.69.130.101:25246] AH00561: Request header exceeds LimitRequestFieldSize: Cookie
[Fri Dec 20 00:05:20.810221 2019] [core:debug] [pid 20977] protocol.c(1375): [client 172.69.130.101:25246] AH00567: request failed: error reading the headers
[Fri Dec 20 00:05:20.844208 2019] [core:debug] [pid 20975] protocol.c(1022): (28)No space left on device: [client 172.69.130.101:25284] Failed to read request header line Cookie: __cfduid=da2ba5eb34dfd8b754c3fc7de5c84db321576707635$
[Fri Dec 20 00:05:20.844312 2019] [core:info] [pid 20975] [client 172.69.130.101:25284] AH00561: Request header exceeds LimitRequestFieldSize: Cookie
[Fri Dec 20 00:05:20.844328 2019] [core:debug] [pid 20975] protocol.c(1375): [client 172.69.130.101:25284] AH00567: request failed: error reading the headers
[Fri Dec 20 00:05:20.877213 2019] [core:debug] [pid 20976] protocol.c(1022): (28)No space left on device: [client 172.69.130.101:25298] Failed to read request header line Cookie: __cfduid=da2ba5eb34dfd8b754c3fc7de5c84db321576707635$
[Fri Dec 20 00:05:20.877316 2019] [core:info] [pid 20976] [client 172.69.130.101:25298] AH00561: Request header exceeds LimitRequestFieldSize: Cookieq
[Fri Dec 20 00:05:20.877327 2019] [core:debug] [pid 20976] protocol.c(1375): [client 172.69.130.101:25298] AH00567: request failed: error reading the headers
[Fri Dec 20 00:05:25.763660 2019] [core:debug] [pid 20978] protocol.c(1022): (28)No space left on device: [client 172.69.130.101:26982] Failed to read request header line Cookie: __cfduid=da2ba5eb34dfd8b754c3fc7de5c84db321576707635$
[Fri Dec 20 00:05:25.763823 2019] [core:info] [pid 20978] [client 172.69.130.101:26982] AH00561: Request header exceeds LimitRequestFieldSize: Cookie

I am trying now to do the openssl.

But after i fix the defult page I an now getting:

Forbidden

You don’t have permission to access / on this server.
I tryid to take owner for www-data, I am now looking into it

protocol.c(1022): (28)No space left on device

Seems your disk is full? Or the /var partition

Yea, it’s been fix and wasent the problem.
I am prety sure this is somthing withe the nextcloud-le-ssl,
If i go back to nextcloud.conf all working fine (ofc it’s not https)

You see Apache Web page via HTTP only because we delete all Nexctloud settings from the HTTP server and configure redirect only.

<VirtualHost "IP":80>

ServerName nextcloud
ServerAdmin "admin@host"

DocumentRoot /var/www/html/nextcloud/

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

#Redirect permanent / https://"host"/

<Directory /var/www/html/nextcloud/>
	Options +FollowSymlinks
	AllowOverride All

	<IfModule mod_dav.c>
		Dav off
	</IfModule>

	SetEnv HOME /var/www/html/nextcloud
	SetEnv HTTP_HOME /var/www/html/nextcloud
</Directory>

</VirtualHost>

<VirtualHost "IP":443>

ServerName nextcloud
ServerAdmin "admin@host"

DocumentRoot /var/www/html/nextcloud/

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/"host"/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/"host"/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/"host"/chain.pem
	
<FilesMatch "\.(cgi|shtml|phtml|php)$">
	SSLOptions +StdEnvVars
</FilesMatch>

<Directory /usr/lib/cgi-bin>
	SSLOptions +StdEnvVars
</Directory>
    
<Directory /var/www/html/nextcloud/>
	Options +FollowSymlinks
	AllowOverride All

	<IfModule mod_dav.c>
		Dav off
	</IfModule>

	SetEnv HOME /var/www/html/nextcloud
	SetEnv HTTP_HOME /var/www/html/nextcloud
</Directory>

Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
Header always set Referrer-Policy no-referrer
ErrorDocument 403 "Hmmmm... Looks it is not here xD:)"

</VirtualHost>

Can we check if all needed modules are enabled in apache? Run:

apache2ctl -M | sort

Again, ty for the time you put to help me

access_compat_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 core_module (static)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 filter_module (shared)
 headers_module (shared)
 http_module (static)
Loaded Modules:
 log_config_module (static)
 logio_module (static)
 mime_module (shared)
 mpm_prefork_module (shared)
 negotiation_module (shared)
 php7_module (shared)
 reqtimeout_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 socache_shmcb_module (shared)
 so_module (static)
 ssl_module (shared)
 status_module (shared)
 unixd_module (static)
 version_module (static)
 watchdog_module (static)

This is what i get when i cange the conf to what you link:

****@nivsrvubu:/etc/apache2/sites-available$ sudo service apache2 restart
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.
****@nivsrvubu:/etc/apache2/sites-available$ sudo service apache2 status
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2019-12-20 09:25:37 UTC; 6s ago
  Process: 33632 ExecStop=/usr/sbin/apachectl stop (code=exited, status=1/FAILURE)
  Process: 31894 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
  Process: 33638 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
 Main PID: 32611 (code=exited, status=0/SUCCESS)

Dec 20 09:25:36 nivsrvubu systemd[1]: Starting The Apache HTTP Server...
Dec 20 09:25:36 nivsrvubu apachectl[33638]: AH00526: Syntax error on line 38 of /etc/apache2/sites-enabled/nextcloud.conf:
Dec 20 09:25:36 nivsrvubu apachectl[33638]: SSLCertificateFile: file '/etc/letsencrypt/live/********/cert.pem' does not exist or is empty
Dec 20 09:25:36 nivsrvubu apachectl[33638]: Action 'start' failed.
Dec 20 09:25:36 nivsrvubu apachectl[33638]: The Apache error log may have more information.
Dec 20 09:25:37 nivsrvubu systemd[1]: apache2.service: Control process exited, code=exited status=1
Dec 20 09:25:37 nivsrvubu systemd[1]: apache2.service: Failed with result 'exit-code'.
Dec 20 09:25:37 nivsrvubu systemd[1]: Failed to start The Apache HTTP Server.

That strange why it works before… If you are using Let’s Encrypt Certificate via e.g. Certbot or Acme.sh, it should be there.
Where did you get Certificate?
Is this self signed Certificate, or from Let’s Encrypt?
Where it is stored?

Basically you need at least 2 files Certificate and Private key.

Could you please check what is in this folder?

ls -la /etc/letsencrypt/live/DOMAIN
#OR to see all
ls -laR /etc/letsencrypt/live/

# ls -laR /etc/letsencrypt/live/
/etc/letsencrypt/live/:
total 20
drwx------ 5 root root 4096 Nov 25 10:41 .
drwxr-xr-x 9 root root 4096 Dec 20 06:24 ..
drwxr-xr-x 2 root root 4096 Nov 25 10:41 Domain1
drwxr-xr-x 2 root root 4096 Jul  8 07:20 Domain2
drwxr-xr-x 2 root root 4096 Dec  5 15:29 Domain2-0001

/etc/letsencrypt/live/Domain1:
total 12
drwxr-xr-x 2 root root 4096 Nov 25 10:41 .
drwx------ 5 root root 4096 Nov 25 10:41 ..
-rw-r--r-- 1 root root  682 Nov 25 10:41 README
lrwxrwxrwx 1 root root   52 Nov 25 10:41 cert.pem -> ../../archive/Domain1/cert1.pem
lrwxrwxrwx 1 root root   53 Nov 25 10:41 chain.pem -> ../../archive/Domain1/chain1.pem
lrwxrwxrwx 1 root root   57 Nov 25 10:41 fullchain.pem -> ../../archive/Domain1/fullchain1.pem
lrwxrwxrwx 1 root root   55 Nov 25 10:41 privkey.pem -> ../../archive/Domain1/privkey1.pem

/etc/letsencrypt/live/Domain2:
total 12
drwxr-xr-x 2 root root 4096 Jul  8 07:20 .
drwx------ 5 root root 4096 Nov 25 10:41 ..
-rw-r--r-- 1 root root  543 Jul 13  2017 README
lrwxrwxrwx 1 root root   39 Jul  8 07:20 cert.pem -> ../../archive/Domain2/cert13.pem
lrwxrwxrwx 1 root root   40 Jul  8 07:20 chain.pem -> ../../archive/Domain2/chain13.pem
lrwxrwxrwx 1 root root   44 Jul  8 07:20 fullchain.pem -> ../../archive/Domain2/fullchain13.pem
lrwxrwxrwx 1 root root   42 Jul  8 07:20 privkey.pem -> ../../archive/Domain2/privkey13.pem

/etc/letsencrypt/live/Domain2-0001:
total 12
drwxr-xr-x 2 root root 4096 Dec  5 15:29 .
drwx------ 5 root root 4096 Nov 25 10:41 ..
-rw-r--r-- 1 root root  543 Oct  6 14:22 README
lrwxrwxrwx 1 root root   43 Dec  5 15:29 cert.pem -> ../../archive/Domain2-0001/cert2.pem
lrwxrwxrwx 1 root root   44 Dec  5 15:29 chain.pem -> ../../archive/Domain2-0001/chain2.pem
lrwxrwxrwx 1 root root   48 Dec  5 15:29 fullchain.pem -> ../../archive/Domain2-0001/fullchain2.pem
lrwxrwxrwx 1 root root   46 Dec  5 15:29 privkey.pem -> ../../archive/Domain2-0001/privkey2.p

P.S. You can check if config is valid without restarting the server via command:

apachectl configtest

Hellom,

Where did you get Certificate?:

I use the guide from this video: “https://www.youtube.com/watch?v=7Bo78eDEy7g&feature=emb_logo”

This is the original command:

sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-apache
sudo certbot --apache -d example.com

Is this self signed Certificate, or from Let’s Encrypt?:
This is not self signed Certificate as far as I got it.

Where it is stored?:
/etc/letsencrypt/live/DOMAIN

Could you please check what is in this folder?:

/etc/letsencrypt/live/:
total 12
drwx------ 3 root root 4096 Dec 16 19:32 .
drwxr-xr-x 9 root root 4096 Dec 20 09:43 ..
drwxr-xr-x 2 root root 4096 Dec 20 09:43 "Host"

/etc/letsencrypt/live/"Host":
total 16
drwxr-xr-x 2 root root 4096 Dec 20 09:43 .
drwx------ 3 root root 4096 Dec 16 19:32 ..
lrwxrwxrwx 1 root root   41 Dec 20 09:43 cert.pem -> ../../archive/"Host"/cert4.pem
lrwxrwxrwx 1 root root   42 Dec 20 09:43 chain.pem -> ../../archive/"Host"chain4.pem
lrwxrwxrwx 1 root root   46 Dec 20 09:43 fullchain.pem -> ../../archive/"Host"fullchain4.pem
lrwxrwxrwx 1 root root   44 Dec 20 09:43 privkey.pem -> ../../archive/"Host"/privkey4.pem
-rw-r--r-- 1 root root  682 Dec 16 19:32 README
-rw-r--r-- 1 root root 1024 Dec 19 08:54 .readme.swp

Could you please copy path to the certificate from the apache2 config and use it in following command:

openssl x509 -in PathFromApacheTo/cert.pem  -text -noout

This will show you information about Certificate, could be that you did typo in a path or Certificate pointing to the wrong file.

openssl x509 -in /etc/letsencrypt/live/YOUR.DOMAIN/cert.pem  -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:a7:f7:83:b7:ef:57:ef:be:66:9e:27:1f:2a:0f:75:a3:8d
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Dec  5 13:29:30 2019 GMT
            Not After : Mar  4 13:29:30 2020 GMT
        Subject: CN = YOUR.DOMAIN
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)

I just found that config is a bit outdated in this forum since time, please use this part instead with fullchain and private key:

	SSLCertificateFile /etc/letsencrypt/live/YOUR.DOMAIN/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/YOUR.DOMAIN/privkey.pem

my mistake