503 Service Unavailable

hiduser0 · May 2, 2023, 3:04pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: edishardware.com

I ran this commands:
certbot --apache
1: edishardware.com
What would you like to do?

1: Attempt to reinstall this existing certificate

2: Renew & replace the certificate (may be subject to CA rate limits)

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Renewing an existing certificate for edishardware.com

Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/edishardware.com.conf

Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-enabled/edishardware.com.conf

Your existing certificate has been successfully renewed, and the new certificate

has been installed.

The new certificate covers the following domains: https://edishardware.com

It produced this output: The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

My web server is (include version): apache 2.4.56

The operating system my web server runs on is (include version): Debian 11

My hosting provider, if applicable, is: Wordpress.org

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.12.0

/etc/apache2/sites-enabled/edishardware.com.conf:

 <VirtualHost *:80>
   DocumentRoot /var/www/html/
   ServerName edishardware.com
   ServerAlias www.edishardware.com
   ServerAlias autodiscover.*
   ServerAlias autoconfig.*
   RewriteEngine on
   RewriteCond %{HTTP_HOST} ^autoconfig. [NC]
   RewriteRule ^ - [S=1]
   RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}# [L,NE,R=permanent]
   RewriteRule ^ /autoconfig.php [PT]
   ProxyPass / http://127.0.0.1:8080/
   ProxyPassReverse / http://127.0.0.1:8080/
   ProxyPreserveHost On
   ProxyAddHeaders On
   RequestHeader set X-Forwarded-Proto "http"
   RewriteCond %{SERVER_NAME} =edishardware.com [OR]
   RewriteCond %{SERVER_NAME} =autodiscover.* [OR]
   RewriteCond %{SERVER_NAME} =autoconfig.*
   RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
 </VirtualHost>
 <VirtualHost *:443>
   ServerName edishardware.com
   ProxyPass / http://127.0.0.1:8080/
   ProxyPassReverse / http://127.0.0.1:8080/
   ProxyPreserveHost On
   ProxyAddHeaders On
   RequestHeader set X-Forwarded-Proto "https"
   SSLCertificateFile /etc/letsencrypt/live/edishardware.com/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/edishardware.com/privkey.pem
   Include /etc/letsencrypt/options-ssl-apache.conf
 </VirtualHost>

MikeMcQ · May 2, 2023, 3:36pm

It looks like your ProxyPass in your VirtualHost for port 443 is failing with the 503. Was that working before you setup certs?

I think you should remove the ProxyPass stuff from the port 80 VirtualHost since you redirect requests to HTTPS there. But, that isn't causing the 503.

curl -I http://edishardware.com
HTTP/1.1 301 Moved Permanently
Server: Apache/2.4.56 (Debian)
Location: https://edishardware.com/#

curl -I https://edishardware.com
HTTP/1.1 503 Service Unavailable
Server: Apache/2.4.56 (Debian)

hiduser0 · May 2, 2023, 6:19pm

It's the Solution. To remove the ProxyPass Stuff all of the file was solving it. That isn't logical for me. What I have to add for using the reverse proxy to forward the docker nginx mailserver UI?

MikeMcQ · May 2, 2023, 6:38pm

The proxypass in your VirtualHost for port 80 was not causing the 503. But, if you also removed it from the VirtualHost for port 443 that seemed to fix it.

I'm not sure what you are asking but setting up Apache to proxy to another service is best asked about on an Apache forum or a docker forum.

As for your cert, you have a problem. The cert that edishardware.com is using only has the hostname www.edishardware.com in it. This causes a cert validation failure for people using your root domain because the names don't match. You don't even have the www subdomain in the Apache VirtualHosts but you should. And, once you have both names in them you should get a cert which includes both names.

hiduser0 · May 10, 2023, 4:01pm

Okay it works very good NOW. Can anyone Tell me how if I go to mail.example.com I can be automaticlly redirected to mail.example.com:8989
So users dont have to type in the port number by them self?

linkp · May 10, 2023, 4:36pm

That question is off-topic for this forum. You should be able to consult either the documentation or a user conmunity for your webserver to figure out redirection, though it doesn't make any sense to run public services on non-standard ports. You unnecessarily complicate usage, maintenance, and troubleshooting.

hiduser0 · May 10, 2023, 4:42pm

Yes its Off Topic sure, but can you maybe or Someone alse give me the soloution or the right way I should looking for? It have to be configured in the Apache2 Virtual Host, right?

rg305 · May 10, 2023, 5:44pm

How to redirect in Apache2?

hiduser0 · May 11, 2023, 7:06am

Thank You!
The Thread can be closed.

schoen · May 12, 2023, 5:57am