@jmorahan
And that is also a high probability.
I do see your point.
There have been no http requests posted.
the grep command parses the entirety of the jail⌠What am I looking for exactly?
Also, my virtualhost file (as copy pasta from the guide I am using).
<VirtualHost *:80>
DocumentRoot â/usr/local/www/apache24/data/nextcloudâ
ServerName cloud.rangelmedianetwork.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =cloud.rangelmedianetwork.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
#ErrorLog ${APACHE_LOG_DIR}/error.log
#CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /usr/local/www/apache24/data/nextcloud/>
Options +FollowSymlinks
AllowOverride All
Dav off
SetEnv HOME /usr/local/www/apache24/data/nextcloud
SetEnv HTTP_HOME /usr/local/www/apache24/data/nextcloud
Satisfy Any
<VirtualHost *:443>
ServerAdmin YOUREMAIL
ServerName cloud.rangelmedianetwork.com
DirectoryIndex index.php
DocumentRoot /usr/local/www/apache24/data/nextcloud
SSLCertificateFile /usr/local/etc/letsencrypt/live/YOURSITE.COM/fullchain.pem
SSLCertificateKeyFile /usr/local/etc/letsencrypt/live/YOURSITE.COM/privkey.pem
SSLEngine on
Intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
<Directory /usr/local/www/apache24/data/nextcloud>
AllowOverride all
Header always set Strict-Transport-Security âmax-age=15552000; includeSubDomainsâ
rem those lines and try getting a cert.
We're looking for any files that contain any of the following strings:
alias
nextcloud
documentroot
challenge
hopefully finding some overlooked redirection/mis-configuration.
But I would pause the https redirection first.
That may just do the trick.
Removed those lines and (after restarting apache)
-
The following errors were reported by the server:
Domain: cloud.rangelmedianetwork.com
Type: connection
Detail: Fetching
https://cloud.rangelmedianetwork.com/.well-known/acme-challenge/EmRIwp2YF4JaPuGz2lbEtKWnkJsifI-lu5y-993Wvls:
Error getting validation dataTo fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client. If youâre using the webroot plugin, you should also verify
that you are serving files from the webroot path you provided.
And yet it is still redirecting?
Please show a file that looks something like:
/etc/letssencrypt/renewal/cloud.rangelmedianetwork.com.conf
Oh wait - you've never gotten a cert...
Is there an .htaccess file you've overlooked?
I take that back - you have gotten a cert: crt.sh | 322631821
Please show the renewal file config file.
The exact file name can be found using:
certbot certificates
Are you sure thatâs the correct file? If itâs literally trying to use a cert from /usr/local/etc/letsencrypt/live/YOURSITE.COM/fullchain.pem
(as opposed to, say, /usr/local/etc/letsencrypt/live/cloud.rangelmedianetwork.com/fullchain.pem
) Iâd expect Apache would be unable to start at all⌠while on the other hand, if there really is a cert there then the SSLEngine on
should be causing it to serve HTTPS rather than HTTP on port 443, which as we can see is not currently happening.
Also itâs using /usr/local/www/apache24/data/nextcloud
as its DocumentRoot, while as we can see from http://cloud.rangelmedianetwork.com:443/ and http://cloud.rangelmedianetwork.com:443/nextcloud/ your actual webserver configuration is still apparently using /usr/local/www/apache24/data
I suspect some file may have been deleted in the making of this âfixââŚ
There arenât any certs on this box. That cert is from an old Linux box.
Maybe try apachectl -S
(or it might be apache2ctl -S
, I donât know freebsd) - one of those should tell you which configuration files are actually being used for your virtual hosts.
That explains the âmissingâ filesâŚ
You need to disable the https redirection - you have no cert to speak https with.
I think at this point, I am going to start over with a fresh jail.
Note: barring any mistakes I made (donât rule those out) I followed this guide here from a vanilla jail.
In the step titled âAdd virtual Host infoâ, what did you use as the file name?
I think the guide is making one mistake (possibly they used a copy of the final file in the documentation).
This is verbatim in order:
Add virtual Host info :
cd /usr/local/etc/apache24/Includes
touch YOURDOMAIN.com or org or gov.conf
nano YOURDOMAIN*
RewriteEngine on
RewriteCond %{SERVER_NAME} =YOURSITE.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
restart apache
service apache24 restart
Now lets secure this server SSL using Certbot:
Download/Install Certbot
pkg install py27-certbot
certbot certonly --webroot -w /usr/local/www/apache24/data/nextcloud -d YOURSITE.COM
Force to https redirect:
nano /usr/local/www/apache24/data/nextcloud/.htaccess
Add:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
They âforce to https redirectâ but already included a similar forced redirection in the âAdd virtual Host info:â section.
restart apache and THEN run certbot.
(that is out-of-order)
Just rem out the three redirection lines in the âAdd virtual Host info :â section and certbot should get the cert.
Then undo the rems and your good to goâŚ
Yes, I think you're right. But also, I noticed this line:
touch YOURDOMAIN.com or org or gov.conf
I suppose that could easily be misread and you might create a file named YOURDOMAIN.com
whereas I believe it actually needs to be YOURDOMAIN.com.conf
ie the name must end with .conf
or the default Include directive won't pick it up.
cloud.rangelmedianetwork.com.conf
Well I have started over with a fresh jail. Apache is installed. #ItWorks!
Order matters: Socks go on before you put on your shoes!
In this case, get the cert then redirect to https.
I am not 100% sure I follow. Which part of the guide is giving me the steps in the wrong order?
Nextcloud is installed.
I used the virtualhost:80 from the guide, but commented out
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
So far, I can access the site from outside my LAN.