403 after sll on apache

its running, starting, etc, so no error, idk if log would show something if its starting

So what the program curl -k -v 'https://127.0.0.1/' gives as output?

  • Could not resolve host: 'https
  • Closing connection 0
    curl: (6) Could not resolve host: 'https

Yes, you must be in DOS box. Please try without single quotes.

*   Trying 127.0.0.1:80...
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.69.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Date: Fri, 10 Apr 2020 16:46:23 GMT
< Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1c PHP/7.3.7
< Vary: accept-language,accept-charset
< Accept-Ranges: bytes
< Transfer-Encoding: chunked
< Content-Type: text/html; charset=utf-8
< Content-Language: en
<
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title>Access forbidden!</title>
<link rev="made" href="mailto:postmaster@localhost" />
<style type="text/css"><!--/*--><![CDATA[/*><!--*/
    body { color: #000000; background-color: #FFFFFF; }
    a:link { color: #0000CC; }
    p, address {margin-left: 3em;}
    span {font-size: smaller;}
/*]]>*/--></style>
</head>

<body>
<h1>Access forbidden!</h1>
<p>




    You don't have permission to access the requested directory.
    There is either no index document or the directory is read-protected.



</p>
<p>
If you think this is a server error, please contact
the <a href="mailto:postmaster@localhost">webmaster</a>.

</p>

<h2>Error 403</h2>
<address>
  <a href="/">127.0.0.1</a><br />
  <span>Apache/2.4.39 (Win64) OpenSSL/1.1.1c PHP/7.3.7</span>
</address>
</body>
</html>

* Connection #0 to host 127.0.0.1 left intact

something like this

Are you sure that you put https and not http ? I am asking this this because I see the following:

*   Trying 127.0.0.1:80...
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)

In case of https the 80 supposed to be 443.

sorry you are right
heres correct version
* Trying 127.0.0.1:443…
* Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Server key exchange (12):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / ECDHE-RSA-AES256-SHA
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=PL; ST=Dol; L=Jelenia Gora; O=KPSW; OU=ETI; CN=localhost
* start date: Apr 10 12:37:02 2020 GMT
* expire date: Apr 10 12:37:02 2021 GMT
* issuer: C=PL; ST=Dol; L=Jelenia Gora; O=KPSW; OU=ETI; CN=localhost
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET / HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.69.1
> Accept: /
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< Date: Fri, 10 Apr 2020 18:40:07 GMT
< Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1c PHP/7.3.7
< X-Powered-By: PHP/7.3.7
< Location: https://127.0.0.1/dashboard/
< Content-Length: 0
< Content-Type: text/html; charset=UTF-8
<
* Connection #0 to host 127.0.0.1 left intact

It means that your self-signed localhost certificate is working:

* SSL certificate verify result: self signed certificate (18), continuing anyway.

So, curl -k -v https://localhost/dashboard/ should work too.

yea it works, but my virtual host doesnt allow me access
C:\Users\Ja\Downloads\curl-7.69.1-win64-mingw\curl-7.69.1-win64-mingw\bin>curl -k -v httpS://grzegorzandrys.com/
* Trying 127.0.0.1:443…
* Connected to grzegorzandrys.com (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Server key exchange (12):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / ECDHE-RSA-AES256-SHA
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=PL; ST=Dol; L=Jelenia Gora; O=KPSW; OU=ETI; CN=localhost
* start date: Apr 10 12:37:02 2020 GMT
* expire date: Apr 10 12:37:02 2021 GMT
* issuer: C=PL; ST=Dol; L=Jelenia Gora; O=KPSW; OU=ETI; CN=localhost
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET / HTTP/1.1
> Host: grzegorzandrys.com
> User-Agent: curl/7.69.1
> Accept: /
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< Date: Fri, 10 Apr 2020 19:15:51 GMT
< Server: Apache/2.4.39 (Win64) OpenSSL/1.1.1c PHP/7.3.7
< X-Powered-By: PHP/7.3.7
< Location: https://grzegorzandrys.com/dashboard/
< Content-Length: 0
< Content-Type: text/html; charset=UTF-8
<
* Connection #0 to host grzegorzandrys.com left intact

Yes, you replaced the public certificate with the makecert.bat command with a self-signed localhost certificate. Your original public certificate should still be around, if it is not directly overwritten.

By the way, the domain grzegorzandrys.com seems non-existent. Is this domain supposed to be yours?

no its only local, i dont have public ip so i dont even know if i can share it publicly. in folder ssl.crt i see only one crt, so there was crt i should use before making one?

You do not need any domain if you use your web server locally, from the same host.
In the web server configuration you may want to replace:
ServerName www.grzegorzandrys.com:443
with
ServerName localhost:443
In the browser just use the URL https://localhost/dashboard/. When the certificate warning comes, step through the warnings accept the certificate.

oh ok, i menaged to do that, it works nice, but it only shows my dashboard, i cant access my virtual host when i put https, it just redirect me to dashboard, but when i put just http it show i dont have access, hmmm

i mean, i dont really need ssl but i tried to make it work, and just dont know why it doesnt

I does not look like web server configuration issue, it is rather application configuration, or application credential. Does the application ask for authentication information, or is it strait refusing access?

just refusing access, like i would have wrong certyficate, if i try to go to my page through https it redirects me to dashboard all the time, and i cant even see it, 127.0.0.1, grzegorzandrys.com and localhost, all redirects me if i type with https to dashboard, if i type http it just gives me code 403

There may be some other configuration file than httpdssl.conf, which does the unwanted redirect. Or, some meta file in the document root.

ok i think i did an update, so in vhost i changed port like this

<VirtualHost *:443>
    ##ServerAdmin webmaster@dummy-host2.example.com
    DocumentRoot "c:/xampp1/htdocs/greg/"
    ServerName grzegorzandrys.com
   <Directory "C:/xampp1/htdocs">

</Directory>
</VirtualHost>

and now when i open https grzegorzandrys.com i get ERR_SSL_PROTOCOL_ERROR

It is not the question of modifying the configuration, rather finding what went wrong before.

(By the way, you did not switch on SSL protocol on that virtual host http://grzegorzandrys.com:443/ might work, I suggest rather revert to your previous config)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.