AH02032: have no compatible SSL setup

Problem Description

The /var/log/apache2/zz-mass-hosting.error.log is recording continuous error messages which this https://serverfault.com/questions/816407/what-does-the-apache-ssl-error-ah02032-mean
response suggests is a misconfiguration of the SSL certificate.
This happens on both my home server and Gcloud server.

I have not delved too deeply yet into trying to solve this or test other configurations. This is an exploratory question to see if others have the issue.

Any Error Messages

 AH02032: Hostname example.com (default host as no SNI was provided) and hostname localhost provided via HTTP have no compatible SSL setup

Environment

• Sympl Version: 12
• Sympl Testing Version:
• Debian Version:12
• Hardware Type:Intel
• Hosted With: Home mini PC and Gcloud instance

Further investigation revealed this which may be relevant from Legacy Symbiosis Documentation - Sympl Wiki

2 SSL hooks have been implemented in /etc/symbiosis/ssl-hooks.d. These are triggered when SSL certificates are updated, meaning other running services can be notified to act accordingly. As an example, Apache configurations will now be regenerated and the Apache service will be reloaded automatically when new SSL certificates are added using symbiosis-ssl.

Run sympl-ssl --verbose, and that should give you some hint as to what it going on.

This gave valid certificates for all the domains being served except the GCLOUD internal host

• Examining certificates for jowettnet.us-central1-c.c.silent-oxide-330113.internal
  Current SSL set 0: self-signed for /CN=jowettnet.us-central1-c.c.silent-oxide-330113.internal, expires 2025-08-01 21:14:01 UTC
  The current set is no longer valid for this domain.
  No valid certificate sets found.
  Fetching a new certificate from LetsEncrypt.
  Created new account with email address: root@jowettnet.us-central1-c.c.silent-oxide-330113.internal
  !! Failed: Invalid identifiers requested :: Cannot issue for “jowettnet.us-central1-c.c.silent-oxide-330113.internal”: Domain name does not end with a valid public suffix (TLD)

I do not know if I need such a certificate or how I stop the sympl system trying to include it.

On the test server which also has the continuous AH02032: there is only one domain and that has a good certificate.

Even more concerning, I descended into a rabbit hole in this post Hostname provided via sni and http no compatible ssl setup at all vhosts - #6 by LeiCraft - Virtualmin - Virtualmin Community
where it declared not to use Apache module php but to use php-fpm. Even though it seemed to cure the AH02032 issue.

That in itself deserves a full discussion on here I think.

So I did a quick check on the sympl configuration.

apachectl -M
Loaded Modules:
core_module (static)
so_module (static)
watchdog_module (static)
http_module (static)
log_config_module (static)
logio_module (static)
version_module (static)
unixd_module (static)
access_compat_module (shared)
alias_module (shared)
auth_basic_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cgi_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
filter_module (shared)
headers_module (shared)
mime_module (shared)
mpm_prefork_module (shared)
negotiation_module (shared)
php_module (shared)
proxy_module (shared)
proxy_fcgi_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
socache_shmcb_module (shared)
ssl_module (shared)
status_module (shared)
vhost_alias_module (shared)

Changet/create the config/ssl-provider file for that domain to selfsigned then run sympl-ssl again and it should fix things.

You have a self-signed certificate that’s as the server doesn’t have a public FQDN, so you can’t get an LE certificate.

A server running Virtualmin is very different to Sympl. You just need to look at what is wrong with the certificate which Apache has picked up.