After successful installation, https isn't working

jdream_catcher · May 20, 2018, 2:20am

I followed instructions here, https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04. It was successful. I can now see all http redirects permanently to https, however in the https Chome says it isn’t reachable.

Here’s my port 80 virtualhost

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerAlias www.pse-screener.com
    ServerName pse-screener.com
    RedirectMatch permanent ^/(.*) https://www.pse-screener.com/$1

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    # RewriteEngine on
    # RewriteCond %{SERVER_NAME} =pse-screener.com
    # RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Here’s my port 443

<VirtualHost *:443>
    ServerAdmin admin@pse-screener.com
    ServerName pse-screener.com
    ServerAlias www.pse-screener.com
    DocumentRoot /var/www/production/api/public

    # this is where our front-end is
    Alias "/public" "/var/www/production/public"
    # this is where the admin pages are
    Alias "/admin" "/var/www/production/admin/app"

    <Directory "/var/www/production/api/public">
           Options Indexes FollowSymLinks MultiViews
           AllowOverride All
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    SSLCertificateFile /etc/letsencrypt/live/pse-screener.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/pse-screener.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

<VirtualHost *:443>
    ServerAdmin admin@pse-screener.com
    ServerName pse-screener.com
    ServerAlias www.pse-screener.com
    RedirectMatch permanent ^/(.*) https://www.pse-screener.com/$1

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    SSLCertificateFile /etc/letsencrypt/live/pse-screener.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/pse-screener.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

My domain is: pse-screener.com

I ran this command:

It produced this output:

My web server is (include version): Apache/2.4.18

The operating system my web server runs on is (include version): Ubuntu 16.04 LTS xenial

My hosting provider, if applicable, is: godaddy.com

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

stevenzhu · May 20, 2018, 2:33am

Hi,

you've got some wierd apache confs and i can't even connect to your https version of website (Connection timeout) (Something / Firewall filtered your port 443 connections)

jdream_catcher:

<VirtualHost :80>
ServerAdmin webmaster@localhost
ServerAlias www.pse-screener.com
ServerName pse-screener.com
RedirectMatch permanent ^/(.) https://www.pse-screener.com/$1
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# RewriteEngine on
# RewriteCond %{SERVER_NAME} =pse-screener.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

This is fine

But why do you have two port 443 configs with exact servername(alias) set?

P.S. I personally suggest you do redirects in .htaccess file. (Since it can be flexible)

Thank you

rg305 · May 20, 2018, 2:41am

The second 443 block is redirecting 443 to 443
That is an endless loop.

jdream_catcher · May 20, 2018, 3:04am

Nope. It’s not endless loop. It’s working in port 80. However, while I was in the kitchen, I remembered port 443 is being blocked by firewall. So here it’s working already. Thanks everyone.

jdream_catcher · May 20, 2018, 3:13am

While I was in the kitchen, I remembered port 443 is being blocked by firewall.
To answer your suggestion to use .htaccess, I don’t intend to do it that way because it’s configured by Laravel app. So it’s not advisable.

I also use exact same ServerName and ServerAlias because I’m only catching the “/(.*)” part. You may check on the Alias directive.

rg305 · May 20, 2018, 5:41am

I’m sure I don’t understand your logic, nor why both blocks can’t be merged into one block.
Nor why, if you are already redirecting from port (ALL):80 to (www):443, then this second 443 block is only for the root domain(:443) to www.domain(:443) redirection.
Based on the code shown, anyone hitting www.domain(:443)/some/other/file should be stuck in a loop.
Unless you did not show all of the code in the blocks.
But even so, why not combine them into one block?
-still confused

jdream_catcher · May 20, 2018, 10:33am

I haven’t tried disabling the port 80 (a2dissite), will it automatically redirects to port (www):443? I tried disabling it, the default page in the /var/www/html/index.php is the one that is showing.

Can you check if hitting www.domain(:443)/some/other/file be stuck in a loop? I checked it, it’s not.

Why not combine them? Actually when I was first studying the Apache VirtualHost some 2 years ago that’s the first config that runs okay. So I didn’t change anymore until now. There maybe other way, but I didn’t bother anymore.

But yes you are correct, I can actually combine by removing the second VirtualHost block. I tried changing it, it’s working. Thanks for bringing it up.

rg305 · May 20, 2018, 10:37am

Not sure I learned anything…
But I’m glad to have helped (even if only just a little)

jdream_catcher · May 20, 2018, 10:53am

hahaha…

I just answered your questions above.

system · June 19, 2018, 10:53am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.