<div dir="ltr">
<pre><i>> </i>Check your Apache configuration and make sure the SuexecUserGroup
> directive is set properly and that you have the proper configuration
> for suexec in /etc/apache2/suexec.
> Also make sure that suexec is enabled and did not get disabled by some
> script and that the files in the document root are owned by the
> freeside user.
>
> I have never used Certbot as setting up SSL in Apache is not that
> difficult and there are tons of guides out on the Internet that explain
> how to do it.
>
> If you still can't determine what is going on then posting your apache
> site configuration file would be helpful.
<br>
I'm not seeing SuexecUserGroup anywhere in the config. Looks pretty generic.<br><br>-----------------<br># This is the main Apache server configuration file. It contains the<br># configuration directives that give the server its instructions.<br># See <a href="http://httpd.apache.org/docs/2.2/">http://httpd.apache.org/docs/2.2/</a> for detailed information about<br># the directives and /usr/share/doc/apache2-common/README.Debian.gz about<br># Debian specific hints.<br>#<br>#<br># Summary of how the Apache 2 configuration works in Debian:<br># The Apache 2 web server configuration in Debian is quite different to<br># upstream's suggested way to configure the web server. This is because Debian's<br># default Apache2 installation attempts to make adding and removing modules,<br># virtual hosts, and extra configuration directives as flexible as possible, in<br># order to make automating the changes and administering the server as easy as<br># possible.<br><br># It is split into several files forming the configuration hierarchy outlined<br># below, all located in the /etc/apache2/ directory:<br>#<br># /etc/apache2/<br># |-- apache2.conf<br># | `-- ports.conf<br># |-- mods-enabled<br># | |-- *.load<br># | `-- *.conf<br># |-- conf.d<br># | `-- *<br># `-- sites-enabled<br># `-- *<br>#<br>#<br># * apache2.conf is the main configuration file (this file). It puts the pieces<br># together by including all remaining configuration files when starting up the<br># web server.<br>#<br># In order to avoid conflicts with backup files, the Include directive is<br># adapted to ignore files that:<br># - do not begin with a letter or number<br># - contain a character that is neither letter nor number nor _-:.<br># - contain .dpkg<br>#<br># Yet we strongly suggest that all configuration files either end with a<br># .conf or .load suffix in the file name. The next Debian release will<br># ignore files not ending with .conf (or .load for mods-enabled).<br>#<br># * ports.conf is always included from the main configuration file. It is<br># supposed to determine listening ports for incoming connections, and which<br># of these ports are used for name based virtual hosts.<br>#<br># * Configuration files in the mods-enabled/ and sites-enabled/ directories<br># contain particular configuration snippets which manage modules or virtual<br># host configurations, respectively.<br>#<br># They are activated by symlinking available configuration files from their<br># respective *-available/ counterparts. These should be managed by using our<br># helpers a2enmod/a2dismod, a2ensite/a2dissite. See<br># their respective man pages for detailed information.<br>#<br># * Configuration files in the conf.d directory are either provided by other<br># packages or may be added by the local administrator. Local additions<br># should start with local- or end with .local.conf to avoid name clashes. All<br># files in conf.d are considered (excluding the exceptions noted above) by<br># the Apache 2 web server.<br>#<br># * The binary is called apache2. Due to the use of environment variables, in<br># the default configuration, apache2 needs to be started/stopped with<br># /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not<br># work with the default configuration.<br><br><br># Global configuration<br>#<br><br>#<br># ServerRoot: The top of the directory tree under which the server's<br># configuration, error, and log files are kept.<br>#<br># NOTE! If you intend to place this on an NFS (or otherwise network)<br># mounted filesystem then please read the LockFile documentation (available<br># at <URL:<a href="http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile">http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile</a>>);<br># you will save yourself a lot of trouble.<br>#<br># Do NOT add a slash at the end of the directory path.<br>#<br>#ServerRoot "/etc/apache2"<br><br>#<br># The accept serialization lock file MUST BE STORED ON A LOCAL DISK.<br>#<br>LockFile ${APACHE_LOCK_DIR}/accept.lock<br><br>#<br># PidFile: The file in which the server should record its process<br># identification number when it starts.<br># This needs to be set in /etc/apache2/envvars<br>#<br>PidFile ${APACHE_PID_FILE}<br><br>#<br># Timeout: The number of seconds before receives and sends time out.<br>#<br>Timeout 300<br><br>#<br># KeepAlive: Whether or not to allow persistent connections (more than<br># one request per connection). Set to "Off" to deactivate.<br>#<br>KeepAlive On<br><br>#<br># MaxKeepAliveRequests: The maximum number of requests to allow<br># during a persistent connection. Set to 0 to allow an unlimited amount.<br># We recommend you leave this number high, for maximum performance.<br>#<br>MaxKeepAliveRequests 100<br><br>#<br># KeepAliveTimeout: Number of seconds to wait for the next request from the<br># same client on the same connection.<br>#<br>KeepAliveTimeout 5<br><br>##<br>## Server-Pool Size Regulation (MPM specific)<br>## <br><br># prefork MPM<br># StartServers: number of server processes to start<br># MinSpareServers: minimum number of server processes which are kept spare<br># MaxSpareServers: maximum number of server processes which are kept spare<br># MaxClients: maximum number of server processes allowed to start<br># MaxRequestsPerChild: maximum number of requests a server process serves<br><IfModule mpm_prefork_module><br> StartServers 5<br> MinSpareServers 5<br> MaxSpareServers 10<br> MaxClients 150<br> MaxRequestsPerChild 0<br></IfModule><br><br># worker MPM<br># StartServers: initial number of server processes to start<br># MinSpareThreads: minimum number of worker threads which are kept spare<br># MaxSpareThreads: maximum number of worker threads which are kept spare<br># ThreadLimit: ThreadsPerChild can be changed to this maximum value during a<br># graceful restart. ThreadLimit can only be changed by stopping<br># and starting Apache.<br># ThreadsPerChild: constant number of worker threads in each server process<br># MaxClients: maximum number of simultaneous client connections<br># MaxRequestsPerChild: maximum number of requests a server process serves<br><IfModule mpm_worker_module><br> StartServers 2<br> MinSpareThreads 25<br> MaxSpareThreads 75 <br> ThreadLimit 64<br> ThreadsPerChild 25<br> MaxClients 150<br> MaxRequestsPerChild 0<br></IfModule><br><br># event MPM<br># StartServers: initial number of server processes to start<br># MinSpareThreads: minimum number of worker threads which are kept spare<br># MaxSpareThreads: maximum number of worker threads which are kept spare<br># ThreadsPerChild: constant number of worker threads in each server process<br># MaxClients: maximum number of simultaneous client connections<br># MaxRequestsPerChild: maximum number of requests a server process serves<br><IfModule mpm_event_module><br> StartServers 2<br> MinSpareThreads 25<br> MaxSpareThreads 75 <br> ThreadLimit 64<br> ThreadsPerChild 25<br> MaxClients 150<br> MaxRequestsPerChild 0<br></IfModule><br><br># These need to be set in /etc/apache2/envvars<br>User ${APACHE_RUN_USER}<br>Group ${APACHE_RUN_GROUP}<br><br>#<br># AccessFileName: The name of the file to look for in each directory<br># for additional configuration directives. See also the AllowOverride<br># directive.<br>#<br><br>AccessFileName .htaccess<br><br>#<br># The following lines prevent .htaccess and .htpasswd files from being <br># viewed by Web clients. <br>#<br><Files ~ "^\.ht"><br> Order allow,deny<br> Deny from all<br> Satisfy all<br></Files><br><br>#<br># DefaultType is the default MIME type the server will use for a document<br># if it cannot otherwise determine one, such as from filename extensions.<br># If your server contains mostly text or HTML documents, "text/plain" is<br># a good value. If most of your content is binary, such as applications<br># or images, you may want to use "application/octet-stream" instead to<br># keep browsers from trying to display binary files as though they are<br># text.<br>#<br># It is also possible to omit any default MIME type and let the<br># client's browser guess an appropriate action instead. Typically the<br># browser will decide based on the file's extension then. In cases<br># where no good assumption can be made, letting the default MIME type<br># unset is suggested instead of forcing the browser to accept<br># incorrect metadata.<br>#<br>DefaultType None<br><br><br>#<br># HostnameLookups: Log the names of clients or just their IP addresses<br># e.g., <a href="http://www.apache.org">www.apache.org</a> (on) or 204.62.129.132 (off).<br># The default is off because it'd be overall better for the net if people<br># had to knowingly turn this feature on, since enabling it means that<br># each client request will result in AT LEAST one lookup request to the<br># nameserver.<br>#<br>HostnameLookups Off<br><br># ErrorLog: The location of the error log file.<br># If you do not specify an ErrorLog directive within a <VirtualHost><br># container, error messages relating to that virtual host will be<br># logged here. If you *do* define an error logfile for a <VirtualHost><br># container, that host's errors will be logged there and not here.<br>#<br>ErrorLog ${APACHE_LOG_DIR}/error.log<br><br>#<br># LogLevel: Control the number of messages logged to the error_log.<br># Possible values include: debug, info, notice, warn, error, crit,<br># alert, emerg.<br>#<br>LogLevel warn<br><br># Include module configuration:<br>Include mods-enabled/*.load<br>Include mods-enabled/*.conf<br><br># Include list of ports to listen on and which to use for name based vhosts<br>Include ports.conf<br><br>#<br># The following directives define some format nicknames for use with<br># a CustomLog directive (see below).<br># If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i<br>#<br>LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined<br>LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined<br>LogFormat "%h %l %u %t \"%r\" %>s %O" common<br>LogFormat "%{Referer}i -> %U" referer<br>LogFormat "%{User-agent}i" agent<br><br># Include of directories ignores editors' and dpkg's backup files,<br># see the comments above for details.<br><br># Include generic snippets of statements<br>Include conf.d/<br><br># Include the virtual host configurations:<br>Include sites-enabled/<br><br><br>----------------------<br><br></pre><pre>Looks like the file www-data in /etc/apache2/suexec/ might not be pointing to the correct folder.<br><br>/var/www<br>public_html/cgi-bin<br># The first two lines contain the suexec document root and the suexec userdir<br># suffix. If one of them is disabled by prepending a # character, suexec will<br># refuse the corresponding type of request.<br># This config file is only used by the apache2-suexec-custom package. See the<br># suexec man page included in the package for more details.<br><br></pre></div>