Context: I inherited access to the server, first thing I created a certificate. I'm a bit confused about the apache webserver config - so that's where the error might be
Quick shout out to the community: It was super easy to create the certificate, so really thanks for that!
It produced this output: Congratulations! Your certificate and chain have been saved at .... The certificate was successfully installed. Going to https://www.systers.org/mailman/listinfo/systers also shows that the certificate was successful. However www.systers.org returns a 403 and systers.org a privacy error. Can anyone help? I've posted the configs below
My web server is (include version): Apache version is 2.4.6
I can login to a root shell on my machine (yes or no, or I don't know): yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.11.0
No, that would leave your Apache disabled, as it still points to the second cert, but can't find it.
You can manually change the paths in the directives as @rg305 suggests, but you could also run certbot --apache again, but now enter both hostnames again, just like you did the first time. It should ask you if you want to install or re-issue the certificate (as it recognises you already have a cert with both hostnames). The latter (re-issuing) is NOT necessary, choose the former option to install it again.
Try clearing your cache. Nevermind, I have it now too. Both the apex domain as the www subdomain on HTTPS. Unfortunately, I have no experience what so ever with cgi-bin nor mailman. Try looking into your Apache error logs to debug this issue.
Also: http://systers.org/ isn't redirecting to HTTPS. That's probably because your certbot added the redirect previously only for the www subdomain. I guess you manually edited the configuration files to point to the correct certificate files? If that's the case, you should also edit the redirect in the HTTP VirtualHost section to include the apex domain.
Yes thanks for the tip, it does give a hint, but I'm still debugging through it:
Cannot serve directory /usr/lib/mailman/cgi-bin/: No matching DirectoryIndex (index.html) found, and server-generated directory index forbidden by Options directive
It was definitely not an issue before i added the Virtualhost for certbot --apache to work.
I guess you manually edited the configuration files to point to the correct certificate files? If that's the case, you should also edit the redirect in the HTTP VirtualHost section to include the apex domain.
Omg i didn't even notice ! THANK YOU ! I think it works now !
Now your www subdomain isn't redirecting any longer.. I'm guessing you didn't actually correct the redirect, but changed it from the one domain to the other
You mean you didn't have any virtualhost before?
Perhaps you need to move the ScriptAlias directive and <Directory></Directory> section into the HTTPS VirtualHost? (Just guessing here though..)
Thanks! We greatly appreciate the wonderful feedback!
The last two will default to the first two in most browsers. I use https://redirect-checker.org to test these things. You appear to be using 302 (temporary) redirects instead of 301 (permanent) redirects.
This:
http://systers.org
200 OK
should be this:
http://systers.org
301 Moved Permanently
https://systers.org
301 Moved Permanently
https://systers.org/mailman/listinfo/systers
200 OK
or this:
http://systers.org
301 Moved Permanently
https://systers.org/mailman/listinfo/systers
200 OK
This:
https://systers.org
302 Found
https://systers.org/mailman/listinfo/systers
200 OK
should be this:
https://systers.org
301 Moved Permanently
https://systers.org/mailman/listinfo/systers
200 OK
This:
http://www.systers.org
301 Moved Permanently
https://www.systers.org/
302 Found
https://systers.org/mailman/listinfo/systers
200 OK
should be this:
http://www.systers.org
301 Moved Permanently
https://www.systers.org/
301 Moved Permanently
https://systers.org
301 Moved Permanently
https://systers.org/mailman/listinfo/systers
200 OK
or this:
http://www.systers.org
301 Moved Permanently
https://www.systers.org/
301 Found
https://systers.org/mailman/listinfo/systers
200 OK
or this:
http://www.systers.org
301 Moved Permanently
https://systers.org/mailman/listinfo/systers
200 OK
This:
https://www.systers.org/
302 Found
https://systers.org/mailman/listinfo/systers
200 OK
should be this:
https://www.systers.org/
301 Moved Permanently
https://systers.org
301 Moved Permanently
https://systers.org/mailman/listinfo/systers
200 OK
or this:
https://www.systers.org/
301 Moved Permanently
https://systers.org/mailman/listinfo/systers
200 OK
Also, don't use rewrite rules if you can use Redirect.