403 forbidden after using letsencrypt

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:www.topfabric.co.uk

I ran this command:

It produced this output:

My web server is (include version): apache 2.4.23

The operating system my web server runs on is (include version):Amazon Linux AMI 2018.03

My hosting provider, if applicable, is:AWS jetware lamp

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): ./certbot-auto --version = certbot 0.35.1

https://www.ssllabs.com/ssltest/analyze.html?d=topfabric.co.uk - gives “A”
https://www.ssllabs.com/ssltest/analyze.html?d=www.topfabric.co.uk - gives “A”

I made the certificate using:
./certbot-auto certonly --webroot -w /jet/app/www/default/ -d topfabric.co.uk -d www.topfabric.co.uk

Copied these lines into my topfabric.conf

Let’s Encrypt

SSLCertificateFile “/etc/letsencrypt/live/topfabric.co.uk/fullchain.pem”
SSLCertificateKeyFile “/etc/letsencrypt/live/topfabric.co.uk/privkey.pem”
SSLCACertificateFile “/etc/letsencrypt/live/topfabric.co.uk/fullchain.pem”

Tests all appear to run okay, but if I try and visit https://www.topfabric.co.uk I get a 403 forbidden.

Any help would be very welcome!

Hi @mmedia

checking your domain there is the following result ( https://check-your-website.server-daten.de/?q=topfabric.co.uk ):

Domainname Http-Status redirect Sec. G
http://topfabric.co.uk/ 302 http://www.topfabric.co.uk/ 0.273 D
http://www.topfabric.co.uk/ 200 1.203 H
https://topfabric.co.uk/ 403 0.667 M
https://www.topfabric.co.uk/ 403 0.427 M

http works, https has the correct certificate

expires in 89 days	
topfabric.co.uk, www.topfabric.co.uk - 2 entries

but the http status 403 - Forbidden.


Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-07-04 2019-10-02 topfabric.co.uk, www.topfabric.co.uk - 2 entries duplicate nr. 1

it's your first Letsencrypt certificate.

So your port 443 vHost is wrong.

Compare your port 80 vHost with your port 443 vHost.

And there are different headers:

A Info: Different Server-Headers found


Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2h mod_fcgid/2.3.9 PHP/5.6.24


Server: Apache/2.4.39 (Amazon) OpenSSL/1.0.2k-fips

But the ip is the same. Looks like your new vHost doesn't work.

Thanks a lot for your help, I’ll see if I can find anything wrong with the vHosts.

Okay, after checking through my vhost ssl config I found the problem and sorted it. Once that was rectified and apache restarted, everything sparked into life.

For other AWS Jetware Lamp users: Put the certificate paths in extra/httpd-ssl.conf with your 443 virtualhost details and make sure ec2-user can read the /live certificates. Worked for me!

Thanks so much for pointing me in the right direction.


1 Like

Ah, interesting, good to know. Rechecked your domain, now there is ony one server header:

Server: Apache/2.4.23 (Unix) OpenSSL/1.0.2h mod_fcgid/2.3.9 PHP/5.6.24

Looks like there runs a standard Amazon instance. If that instance has access to the files, it sends the header of the local instance.

If not, that's blocked and the standard Amazon header is sent.

Thanks! :+1:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.