Apache not loading directory index unless i add the directory file name after .com like https://walkershire.net/walkershire

CaptainBill · July 14, 2022, 1:35am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: walkershire.net

I ran this command: https://walkershire.net/

It produced this output: It Works!!! BUT if I run Walkershire it works

My web server is (include version):Apache 2.4

The operating system my web server runs on is (include version): MacOS Monterey 12.4

My hosting provider, if applicable, is:my company

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):1.28.0

rg305 · July 14, 2022, 1:38am

Hi @CaptainBill, and welcome to the LE community forum

Let's have a look at:
apachectl -t -D DUMP_VHOSTS

CaptainBill · July 14, 2022, 1:43am

sudo apachectl -t -D DUMP_VHOSTS

VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server envirotemps.com (/usr/local/etc/httpd/extra/httpd-vhosts.conf:30)
         port 80 namevhost envirotemps.com (/usr/local/etc/httpd/extra/httpd-vhosts.conf:30)
                 alias www.envirotemps.com
         port 80 namevhost Hi-Tech.Rent (/usr/local/etc/httpd/extra/httpd-vhosts.conf:58)
                 alias www.Hi-Tech.Rent
         port 80 namevhost D7036.com (/usr/local/etc/httpd/extra/httpd-vhosts.conf:85)
                 alias www.D7036.com
         port 80 namevhost walkershire.net (/usr/local/etc/httpd/extra/httpd-vhosts.conf:110)
                 alias www.walkershire.net
         port 80 namevhost Hi-TechRent.com (/usr/local/etc/httpd/extra/httpd-vhosts.conf:136)
                 alias www.Hi-TechRent.com
         port 80 namevhost beyond.cleanair.com (/usr/local/etc/httpd/extra/httpd-vhosts.conf:163)
                 alias www.beyond.cleanair.com
         port 80 namevhost www.remiwalker.com (/usr/local/etc/httpd/extra/httpd-vhosts.conf:221)
                 alias remiwalker.com
         port 80 namevhost 70.89.220.117 (/usr/local/etc/httpd/extra/httpd-vhosts.conf:276)
         port 80 namevhost localhost (/usr/local/etc/httpd/extra/httpd-vhosts.conf:322)
*:443                  localhost (/usr/local/etc/httpd/extra/httpd-ssl.conf:121)

rg305 · July 14, 2022, 1:51am

I see "the problem".

The names are only individualized within the HTTP server blocks.
There is only one HTTPS server block [and it serves all the sites from a root to all of them].
That means:
http://envirotemps.com works
https://envirotemps.com fails
http://Hi-Tech.Rent works
https://Hi-Tech.Rent fails
...

You will need to make individualized HTTPS server blocks [one for each of the names].
So that each name can be pointed to the corresponding DocumentRoot.

But the first step is to ensure you have a cert for each of the names.
Let's have a look at:
certbot certificates

CaptainBill · July 14, 2022, 2:03am

I now know that I should have put 2 addresses for my 7 domain using www and naked.

Certificate Name: beyond.cleanair.com
    Serial Number: 3d3e9db206fe62bf70899b19b851f3bc057
    Key Type: RSA
    Domains: beyond.cleanair.com  envirotemps.com 	hi-tech.rent
    Expiry Date: 2022-10-08 22:00:07+00:00 (VALID: 86 days)
    Certificate Path: /usr/local/etc/certbot/certs/live/beyond.cleanair.com/fullchain.pem
    Private Key Path: /usr/local/etc/certbot/certs/live/beyond.cleanair.com/privkey.pem
  
Certificate Name: d7036.com
    Serial Number: 46bb125150b9cf2503f9268890e5596442c
    Key Type: RSA
    Domains: d7036.com
    Expiry Date: 2022-10-08 22:02:40+00:00 (VALID: 86 days)
    Certificate Path: /usr/local/etc/certbot/certs/live/d7036.com/fullchain.pem
    Private Key Path: /usr/local/etc/certbot/certs/live/d7036.com/privkey.pem
 
 Certificate Name: envirotemps.com
    Serial Number: 4283fd2a6afb1912baff6432044664b495a
    Key Type: RSA
    Domains: envirotemps.com
    Expiry Date: 2022-10-08 22:01:23+00:00 (VALID: 86 days)
    Certificate Path: /usr/local/etc/certbot/certs/live/envirotemps.com/fullchain.pem
    Private Key Path: /usr/local/etc/certbot/certs/live/envirotemps.com/privkey.pem
 
 Certificate Name: hi-tech.rent
    Serial Number: 3d96c05fdd61a309685a3b047655380b78b
    Key Type: RSA
    Domains: hi-tech.rent
    Expiry Date: 2022-10-08 22:02:11+00:00 (VALID: 86 days)
    Certificate Path: /usr/local/etc/certbot/certs/live/hi-tech.rent/fullchain.pem
    Private Key Path: /usr/local/etc/certbot/certs/live/hi-tech.rent/privkey.pem
  
Certificate Name: walkershire.net
    Serial Number: 42a7ccaf0fe3d7f003411a4926318742d6c
    Key Type: RSA
    Domains: walkershire.net beyond.cleanair.com d7036.com envirotemps.com hi-tech.rent
    Expiry Date: 2022-10-08 19:22:19+00:00 (VALID: 86 days)
    Certificate Path: /usr/local/etc/certbot/certs/live/walkershire.net/fullchain.pem
    Private Key Path: /usr/local/etc/certbot/certs/live/walkershire.net/privkey.pem
- - - - - - - - - - - -

rg305 · July 14, 2022, 2:12am

For brevity, I will refer to the certs by their order of appearance.

All cert #1 names are covered by cert #5
The cert #2 name is covered by cert #5
The cert #3 name is covered by cert #5
The cert #4 name is covered by cert #5

So, you really only need cert #5.
You can delete the first four certs, with:
certbot delete --cert-name beyond.cleanair.com
certbot delete --cert-name d7036.com
certbot delete --cert-name envirotemps.com
certbot delete --cert-name hi-tech.rent
OR you could go in the completely opposite direction and obtain individualized certs [one per name].
For that, delete the first and last certs and then obtain new ones with only the individual names on them.

That said, none of the certs cover any of the "www" names.
[which is what I think you were referring to]

OK, so required cert(s):

Next step: Create HTTPS server blocks for each site/name.

CaptainBill · July 14, 2022, 2:20am

Ok I will delete cert 1 - 4 and keep #5
Then add the all the www in one cert
then 7 days later add the 3 naked I deleted

Do you have a suggestion link on how best to Create the server blocks to list to both ports?

rg305 · July 14, 2022, 2:25am

That is a very basic Apache "how to" type question that isn't really part of what we try to cover here.

That said, certbot can take an HTTP server block and make an HTTPS server block from it.
So, you could use certbot to get them all going [at least with a basic config] for you.

CaptainBill · July 14, 2022, 2:27am

Great I will be doing that now and the BEER4 . Thank YOU!!

rg305 · July 14, 2022, 2:30am

For your reference:
User Guide — Certbot 1.27.0 documentation (eff-certbot.readthedocs.io)
--installer apache
--reinstall

CaptainBill · July 14, 2022, 8:04pm

I temporarily solve my problem by using this in my http-VHosts.config
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^(.*)$ https://walkershire.net/walkershire$1 [R=301,L]

Not elegant but it works for now.

rg305 · July 14, 2022, 8:09pm

That only works if they type: http://site
If they type: https://site it will still be broken.

CaptainBill · July 15, 2022, 9:53pm

Using @rg305 suggestion to check Apache Forums I found the best solution for my problem at ApacheLounge.com posted by Mox on June 26, 2022.

With some enhancements it is:

<VirtualHost *:80> 
    ServerName Site.com 
    ServerAlias www.Site.com 
    DocumentRoot /var/www/Site.com 
    Redirect / https://www.Site.com/ 
</VirtualHost> 

<VirtualHost *:443> 
    ServerAdmin admin@Site.com 
    ServerName Site.com 
    ServerAlias www.Site.com 
    DocumentRoot /var/www/Site.com 
    SSLEngine on 
    SSLCertificateKeyFile /usr/local/etc/certbot/certs/live/site_com/privkey.pem
    SSLCertificateFile    /usr/local/etc/certbot/certs/live/site_com/cert.pem
    SSLCertificateChainFile     /usr/local/etc/certbot/certs/live/site_com/fullchain.pem

#  etc for errors index options ...etc

</VirtualHost>

All works now!

MikeMcQ · July 15, 2022, 10:05pm

Not quite

This is causing your server to send duplicate leaf certs

Replace cert.pem with with fullchain.pem and remove the line for SSLCertificateChainFile. This latter option was deprecated long ago and is only used in very peculiar cases. So, should be:

SSLCertificateKeyFile /usr/local/etc/certbot/certs/live/site_com/privkey.pem
SSLCertificateFile    /usr/local/etc/certbot/certs/live/site_com/fullchain.pem

rg305 · July 16, 2022, 1:59am

Thanks for the
Cheers!

system · August 15, 2022, 2:00am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.