After SSL sertificate installation I cannot reach my site from local network

My domain is: gulewski.com

My web server is (include version): Apache/2.4.38 (Raspbian)

The operating system my web server runs on is (include version): Linux raspberrypi 5.4.51-v7l+

My hosting provider, if applicable, is: Vodafon

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

After installing letsencrypt with certbot I am getting “This site can’t be reached” error when accessing the webpage from local network and server itself. But from another network I can reach my site with no problem.

I searched through topics on this forum, but didn’t find any solution.

Hi @gulewski

that url - https://gulewski.com/ - works, there is a new Letsencrypt certificate, created today.

Please explain? Which url? Share a screenshot.

Let me explain the situation deeply.
I have raspberry pi, which I want to use to host my site, web-apps, telegram-bots and so on. So, the RPI connected to my local network via WiFi.
Today, as you mentioned, I installed SSL Sertificate via certbot. Not without some issues, but I did.
After that I figured out, that redirecting from http://gulewski.com to https://gulewski.com works perfectly, but I cannot reach this site from my laptop using the same network as my server (RPI). Screenshots are attached. Sorry for russian in laptop screenshot

laptop852×514 31.8 KB

smartphone598×1280 36.1 KB

Looks like a local firewall or a local network problem.

Port 443 - Timeout
Port 80 - Connection reset

What can I do then?

I turned off my ufw as well as router firewall, but nothing changed.

May be I did something wrong with my VirtualHost files?

1. At /ets/apache2/sites-available I have 3 files (at /etc/apache2/sites/enable there are the same though):
   000-default.conf
   default-ssl.conf
   gulewski.com.conf

2. The content of 000-default.conf (I’ve deletet all comments):
   <VirtualHost *:80>
   ServerAdmin webmaster@localhost
   DocumentRoot /var/www/html
   ErrorLog {APACHE_LOG_DIR}/error.log CustomLog {APACHE_LOG_DIR}/access.log combined
   

3. The content of default-ssl.conf (I’ve deletet all comments):
   
   
   ServerAdmin webmaster@localhost
   DocumentRoot /var/www/html
   ErrorLog {APACHE_LOG_DIR}/error.log CustomLog {APACHE_LOG_DIR}/access.log combined
   SSLEngine on
   SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
   SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
   <FilesMatch “.(cgi|shtml|phtml|php)$”>
   SSLOptions +StdEnvVars
   
   <Directory /usr/lib/cgi-bin>
   SSLOptions +StdEnvVars
   
   
   

4. The content of gulewski.com.conf (I’ve deletet all comments):
   <VirtualHost *:80>
   ServerName gulewski.com
   ServerAlias www.gulewski.com
   Redirect / https://gulewski.com
   

<VirtualHost *:443>
ServerName gulewski.com
ServerAlias www.gulewski.com
DocumentRoot /var/www/gulewski.com/public_html
ErrorLog {APACHE_LOG_DIR}/error.log CustomLog {APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/gulewski.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/gulewski.com/privkey.pem

Also if I try to reach direct IP via browser, I see Apache Default Page (from both local and external network). I guess, it is because of 000-default.conf.
But if I try to reach gulewski.com from local network, it gives me an error.

Can you, please, check my conf-files and say, if I made a mistake somewhere?

If it works external, it's not a problem of your vHost configuration.

It's a local network problem, not a webserver problem.

And you use <VirtualHost *:443>, so all ip addresses are catched, not only one or two.

I fixed it.
It was actually a vHost problem.
All I had to do was pointing the DocumentRoot folder in 000-default.conf at /var/www/gulewski.com/public_html.
So now I can reach my site from an external network via domain name and from an internal network via local server address.

Thank you for your help though.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.