Assessment failed: Unable to connect to the server

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:qa.kerloresearch.com

I have Route on this link: https://www.ssllabs.com/ssltest/analyze.html?d=qa.kerloresearch.com

It produced this output: Assessment failed: Unable to connect to the server

My web server is (include version): Ubuntu 16.04 x64

The operating system my web server runs on is (include version): Ubuntu 16.04

My hosting provider, if applicable, is: https://my.vultr.com/

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

2

It seems your webserver isn’t running. I’m getting “connection refused” errors on port 80 and port 443 while your SSH port is working perfectly.

I’d suggest you start your webserver and try again.

3

Can i Unnistall Apache2 Server from my Ubuntu server than install apche2 server again becouse my apache server is not working now

4

It probably wouldn’t do you any good. Most of the time, the configuration files are kept in place when a package is uninstalled. And if a configuration issue is the problem, well, those configuration files which were kept in place would still give you a problem when you install the webserver again.

You should try to debug your problem. Reinstalling a package is almost never the answer.

5

I have run this below command
sudo service apache2 start

Got Result
Job for apache2.service failed because the control process exited with error code. See “systemctl status apache2.service” and “journalctl -xe” for details.

I have again run another command and get below out

● apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: failed (Result: exit-code) since Tue 2020-04-14 16:45:09 UTC; 4min 0s ago
Docs: man:systemd-sysv-generator(8)
Process: 9766 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
Process: 18107 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS)
Process: 17169 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE)

Apr 14 16:45:09 kerlo_research_qa apache2[17169]: * The apache2 configtest failed.
Apr 14 16:45:09 kerlo_research_qa apache2[17169]: Output of config test was:
Apr 14 16:45:09 kerlo_research_qa apache2[17169]: AH00526: Syntax error on line 32 of /etc/apache2/sites-enabled/default-ssl.conf:
Apr 14 16:45:09 kerlo_research_qa apache2[17169]: SSLCertificateFile: file ‘/etc/ssl/certs/ssl-cert-snakeoil.pem’ does not exist or is empty
Apr 14 16:45:09 kerlo_research_qa apache2[17169]: Action ‘configtest’ failed.
Apr 14 16:45:09 kerlo_research_qa apache2[17169]: The Apache error log may have more information.
Apr 14 16:45:09 kerlo_research_qa systemd[1]: apache2.service: Control process exited, code=exited status=1
Apr 14 16:45:09 kerlo_research_qa systemd[1]: Failed to start LSB: Apache2 web server.
Apr 14 16:45:09 kerlo_research_qa systemd[1]: apache2.service: Unit entered failed state.
Apr 14 16:45:09 kerlo_research_qa systemd[1]: apache2.service: Failed with result ‘exit-code’.

6

This is the current problem: Apache is still looking for a fake certificate which is installed by default when the Apache package is installed.

:exclamation: What command did you run to get your certificate in the first place?

:exclamation: Also, what's the output of certbot certificates?

7

I have run this below command
sudo certbot --apache -d qa.kerloresearch.com -d www.qa.kerloresearch.com

And Then get output result
/usr/lib/python3/dist-packages/ndg/httpsclient/subj_alt_name.py:22: UserWarning: Error importing pyasn1, subjectAltName check for SSL peer verification will be disabled. Import error is: No module named 'pyasn1'
warnings.warn(import_error_msg)
/usr/lib/python3/dist-packages/ndg/httpsclient/ssl_peer_verification.py:25: UserWarning: SubjectAltName support is disabled - check pyasn1 package installation to enable
warnings.warn(SUBJ_ALT_NAME_SUPPORT_MSG)
/usr/lib/python3/dist-packages/ndg/httpsclient/subj_alt_name.py:22: UserWarning: Error importing pyasn1, subjectAltName check for SSL peer verification will be disabled. Import error is: No module named 'pyasn1'
warnings.warn(import_error_msg)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.qa.kerloresearch.com
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf

We were unable to find a vhost with a ServerName or Address of www.qa.kerloresearch.com.
Which virtual host would you like to choose?

1: 000-default.conf | | | Enabled
2: 000-default-le-ssl.conf | qa.kerloresearch.com | HTTPS | Enabled

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf

Congratulations! You have successfully enabled https://qa.kerloresearch.com and
https://www.qa.kerloresearch.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=qa.kerloresearch.com

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/qa.kerloresearch.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/qa.kerloresearch.com/privkey.pem
    Your cert will expire on 2020-07-12. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the "certonly" option. To non-interactively renew all of
    your certificates, run "certbot renew"

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
    Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation

8

Doesn’t really look anything wrong with that output to me. So the certificate was installed to 000-default-le-ssl.conf, but /etc/apache2/sites-enabled/default-ssl.conf is having difficulty loading the fake snakeoil certificate.

I’m no Ubunty expert, but can’t you just comment out the virtualhost block where that error about the snakeoil certificate is being made, around line 32?

9

Yes My apache problem is solve after commit line 32 from /etc/apache2/sites-enabled/default-ssl.conf

i have test my ssl on this link SSL Server Test: qa.kerloresearch.com (Powered by Qualys SSL Labs)

and get this output: Assessment failed: Unable to connect to the server

10

Did you start your Apache server this time? Did you check for any new error messages preventing it from starting? Because as far as I (and SSLLabs) can tell, it's still down.

11

Yes i have restart my apache2 server after changes on line 32

i have used this command to restart apache: sudo service apache2 restart and after excute this command i have not recieve any errors

12

But is it actually running?

You could for example check with netstat -nap | grep apache

13

i have run this command netstat -nap | grep apache as root login but nothing happend just command excuted

14

That means your Apache is actually not running, or at least not listening on the required ports. But I’m betting it’s just not running.

15

i have run this command sudo netstat -ntlp | grep LISTEN and get below output result

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 20113/sshd
tcp6 0 0 :::3306 :::* LISTEN 18563/mysqld
tcp6 0 0 :::21 :::* LISTEN 1112/vsftpd
tcp6 0 0 :::22 :::* LISTEN 20113/sshd

You are correct apache still not working on my server becouse port 80 is using apache default on this table port 80 is missing

16

can i reinstall apache server again ?

17

You probably shouldn't have mysqld available over the internet. Install a firewall to block port 3306 or even better if you're only using MySQL locally: disable access to it through TCP altogether.

You can. But like I said before, it probably won't fix your problem. Debugging your Apache issue is key here.

18

I think i have install wrong apache server for my web applications my front hand is create on angular and backhand is developed on Node ExpressJs

19

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.