403 Forbidden error on all sites after adding SSL certificate


#1

I added an SSL LetsEncrypt certificate on one of my virtual servers using the guide here but now all of the sites on my virtual servers return a 403 Forbidden Error.

My server is using Ubuntu 14.04.2 with Webmin 1.900 & Virtualmin 6.04.

The vhost conf file of the site I added SSL too:

kremlyn.com.conf:

<VirtualHost *:80>
SuexecUserGroup "#1018" "#1011"
ServerName kremlyn.com
ServerAlias www.kremlyn.com
ServerAlias webmail.kremlyn.com
ServerAlias admin.kremlyn.com
ServerAlias kremlyn.shillongserver.com
ServerAlias www.kremlyn.shillongserver.com
DocumentRoot /home/kremlyn/public_html
ErrorLog /var/log/virtualmin/kremlyn.com_error_log
CustomLog /var/log/virtualmin/kremlyn.com_access_log combined
ScriptAlias /cgi-bin/ /home/kremlyn/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/kremlyn/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/kremlyn/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.kremlyn.com
RewriteRule ^(.*) https://kremlyn.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.kremlyn.com
RewriteRule ^(.*) https://kremlyn.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
php_value memory_limit 32M
IPCCommTimeout 41
RewriteCond %{SERVER_NAME} =kremlyn.shillongserver.com [OR]
RewriteCond %{SERVER_NAME} =www.kremlyn.com [OR]
RewriteCond %{SERVER_NAME} =admin.kremlyn.com [OR]
RewriteCond %{SERVER_NAME} =www.kremlyn.shillongserver.com [OR]
RewriteCond %{SERVER_NAME} =kremlyn.com [OR]
RewriteCond %{SERVER_NAME} =webmail.kremlyn.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

The SSL configuration file generated by LetsEncrypt:

kremlyn.com-le-ssl.conf:

<IfModule mod_ssl.c>
<VirtualHost *:443>
SuexecUserGroup "#1018" "#1011"
ServerName kremlyn.com
ServerAlias www.kremlyn.com
ServerAlias webmail.kremlyn.com
ServerAlias admin.kremlyn.com
ServerAlias kremlyn.shillongserver.com
ServerAlias www.kremlyn.shillongserver.com
DocumentRoot /home/kremlyn/public_html
ErrorLog /var/log/virtualmin/kremlyn.com_error_log
CustomLog /var/log/virtualmin/kremlyn.com_access_log combined
ScriptAlias /cgi-bin/ /home/kremlyn/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/kremlyn/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/kremlyn/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{HTTP_HOST} =webmail.kremlyn.com
# RewriteRule ^(.*) https://kremlyn.com:20000/ [R]
# RewriteCond %{HTTP_HOST} =admin.kremlyn.com
# RewriteRule ^(.*) https://kremlyn.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
php_value memory_limit 32M
IPCCommTimeout 41
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/kremlyn.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/kremlyn.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/kremlyn.com/chain.pem
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:80>
SuexecUserGroup "#1018" "#1011"
ServerName kremlyn.com
ServerAlias www.kremlyn.com
ServerAlias webmail.kremlyn.com
ServerAlias admin.kremlyn.com
ServerAlias kremlyn.shillongserver.com
ServerAlias www.kremlyn.shillongserver.com
DocumentRoot /home/kremlyn/public_html
ErrorLog /var/log/virtualmin/kremlyn.com_error_log
CustomLog /var/log/virtualmin/kremlyn.com_access_log combined
ScriptAlias /cgi-bin/ /home/kremlyn/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/kremlyn/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/kremlyn/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{HTTP_HOST} =webmail.kremlyn.com
# RewriteRule ^(.*) https://kremlyn.com:20000/ [R]
# RewriteCond %{HTTP_HOST} =admin.kremlyn.com
# RewriteRule ^(.*) https://kremlyn.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
php_value memory_limit 32M
IPCCommTimeout 41
# RewriteCond %{SERVER_NAME} =kremlyn.shillongserver.com [OR]
# RewriteCond %{SERVER_NAME} =www.kremlyn.com [OR]
# RewriteCond %{SERVER_NAME} =admin.kremlyn.com [OR]
# RewriteCond %{SERVER_NAME} =www.kremlyn.shillongserver.com [OR]
# RewriteCond %{SERVER_NAME} =kremlyn.com [OR]
# RewriteCond %{SERVER_NAME} =webmail.kremlyn.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:80>
SuexecUserGroup "#1018" "#1011"
ServerName kremlyn.com
ServerAlias www.kremlyn.com
ServerAlias webmail.kremlyn.com
ServerAlias admin.kremlyn.com
ServerAlias kremlyn.shillongserver.com
ServerAlias www.kremlyn.shillongserver.com
DocumentRoot /home/kremlyn/public_html
ErrorLog /var/log/virtualmin/kremlyn.com_error_log
CustomLog /var/log/virtualmin/kremlyn.com_access_log combined
ScriptAlias /cgi-bin/ /home/kremlyn/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/kremlyn/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/kremlyn/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{HTTP_HOST} =webmail.kremlyn.com
# RewriteRule ^(.*) https://kremlyn.com:20000/ [R]
# RewriteCond %{HTTP_HOST} =admin.kremlyn.com
# RewriteRule ^(.*) https://kremlyn.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
php_value memory_limit 32M
IPCCommTimeout 41
# RewriteCond %{SERVER_NAME} =kremlyn.shillongserver.com [OR]
# RewriteCond %{SERVER_NAME} =www.kremlyn.com [OR]
# RewriteCond %{SERVER_NAME} =admin.kremlyn.com [OR]
# RewriteCond %{SERVER_NAME} =www.kremlyn.shillongserver.com [OR]
# RewriteCond %{SERVER_NAME} =kremlyn.com [OR]
# RewriteCond %{SERVER_NAME} =webmail.kremlyn.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>

The vhost conf file of one of the sites that I did not add SSL too:

shillong.work.conf:

<VirtualHost 104.223.117.136:80>
SuexecUserGroup "#1027" "#1020"
ServerName shillong.work
ServerAlias www.shillong.work
ServerAlias webmail.shillong.work
ServerAlias admin.shillong.work
ServerAlias shillong.shillongserver.com
ServerAlias www.shillong.shillongserver.com
DocumentRoot /home/shillong/public_html
ErrorLog /var/log/virtualmin/shillong.work_error_log
CustomLog /var/log/virtualmin/shillong.work_access_log combined
ScriptAlias /cgi-bin/ /home/shillong/cgi-bin/
ScriptAlias /awstats/ /home/shillong/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/shillong/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/shillong/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/shillong/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/shillong/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.shillong.work
RewriteRule ^(.*) https://shillong.work:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.shillong.work
RewriteRule ^(.*) https://shillong.work:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
<Files awstats.pl>
AuthName "shillong.work statistics"
AuthType Basic
AuthUserFile /home/shillong/.awstats-htpasswd
require valid-user
</Files>
</VirtualHost>

What am I doing wrong here?


403 Forbidden Error
#2

Try re-enabling these four rewrite lines: