Apache 2.4 : ssl make the https requests time out

I used certbot to generate certificates for the domain. The operation went without issue, but since then, the requests to the domain time out. https://platform.learning2gether.org/index.html
Requests via http work: http://platform.learning2gether.org/index.html
The modified virtualhosts seem ok to me so I’m not sure where to look at.

My domain is: platform.learning2gether.org

I ran this command: certbot renew --dry-run

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/platform.learning2gether.org.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert not due for renewal, but simulating renewal for dry run
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/platform.learning2gether.org/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/platform.learning2gether.org/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

My web server is (include version): apache 2.4.19

The operating system my web server runs on is (include version): ubuntu 18.04

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

The modified virtualhost :

<IfModule mod_ssl.c>
<VirtualHost *:443>
	ServerName platform.learning2gether.org

	DocumentRoot /var/www/l2g-prod/public
        DirectoryIndex /index.php

        <Directory /var/www/l2g-prod/public>
        	AllowOverride All
        	Order Allow,Deny
       		Allow from All

		FallbackResource /index.php

        #	AuthType Basic
        #	AuthName "This is the production site - only access for l2g personal"
        #	AuthUserFile /etc/apache2/.htpasswd
        #	Require valid-user
	 </Directory>

	ErrorLog ${APACHE_LOG_DIR}/error-l2g-prod.log
	CustomLog ${APACHE_LOG_DIR}/access-l2g-prod.log combined

	# Include /etc/letsencrypt/options-ssl-apache.conf
	SSLCertificateFile /etc/letsencrypt/live/platform.learning2gether.org/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/platform.learning2gether.org/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>


<VirtualHost *:80>
	ServerName platform.learning2gether.org

	DocumentRoot /var/www/l2g-prod/public
        DirectoryIndex /index.php

        <Directory /var/www/l2g-prod/public>
        AllowOverride All
        Order Allow,Deny
        Allow from All

	FallbackResource /index.php
	 </Directory>

	ErrorLog ${APACHE_LOG_DIR}/error-l2g-prod.log
	CustomLog ${APACHE_LOG_DIR}/access-l2g-prod.log combined
	# RewriteEngine on
	# RewriteCond %{SERVER_NAME} =platform.learning2gether.org
	# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Check your AWS Security Group, port 443/tcp needs to be open for HTTPS.

If not there, then check your iptables rules:

sudo iptables-save
2 Likes

Thank you that lead me to discover there was no security group but there was a firewall preventing requests to 443. Thank you very much for your help!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.