Browser says serviceWorker.js behind redirect

smac · April 24, 2024, 7:25pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
macminns.com

I ran this command:
See below

It produced this output:
See below

My web server is (include version):
Apache 2.4.6

The operating system my web server runs on is (include version):
CentOS 7

My hosting provider, if applicable, is:
A2

I can login to a root shell on my machine (yes or no, or I don't know):
yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.11.0

My Issue:

I’m trying to deploy a progressive web app from my website. I’m using Apache on CentOS 7 with named virtual hosting. I just set up LetsEncrypt using Certbot for two domains simultaneously, e.g., domain.com and anotherDomain.org. I had certbot generate certificates for both the bare domain name and www. host.

The setup went very smoothly. The site serves under https as it should.
When I navigate to my “PWA” site (which is in a subdirectory,) I get the following message in the Chrome developer tools:

Uncaught (in promise) DOMException: Failed to register a ServiceWorker for scope ('https://www.macminns.com/webapp/') with script ('https://www.macminns.com/webapp/serviceWorker.js'): The script resource is behind a redirect, which is disallowed.

My serviceWorker.js file is in the same folder with everything else.
It's activated from the html page with:

<script>
	if('serviceWorker' in navigator) {
	  navigator.serviceWorker.register('/sa2radar_kiosk/serviceWorker.js', { scope: '/sa2radar_kiosk/' });
	}
</script>

(sa2radar_kiosk is the subdirectory containing the webapp)

My VirtualHost directive is:

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName   domain.com
ServerAlias  *.domain.com
#ServerAlias  www.domain.com
DocumentRoot "/var/www/sites/domain/wwwroot"
ErrorLog     "/var/www/sites/domain/logs/domain.com-error_log"
CustomLog    "/var/www/sites/domain/logs/domain.com-access_log" combined
#CustomLog "|/usr/sbin/rotatelogs.exe /var/www/sites/domain/logs/logfile-%Y.%m.%d.log  86400" combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem
</VirtualHost>
</IfModule>

I don't know if this is related, but when I run apachectl -S I get, oddly:

AH00526: Syntax error on line 11 of /etc/httpd/sites-enabled/secondDomain.org-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/domain.com/cert.pem' does not exist or is empty

. . . but the cert.pem file is there and is not empty.

I'd appreciate any help in tracking down this issue.
Thanks.

rg305 · April 24, 2024, 8:45pm

Hi @smac, and welcome to the LE community forum

Tried with sudo:
sudo apachectl -S

If so, what shows?:
ls -l /etc/letsencrypt/live/domain.com/cert.pem

Bruce5051 · April 24, 2024, 8:57pm

Hello @smac, welcome to the Let's Encrypt community.

I believe you have successfully been able to get an issued certificate and serve the certificate;
that is the primary goal of this forum. What more needs to be done for issuance and use of a certificate from Let's Encrypt?

Kindly wait to see if there are more knowledgeable Let's Encrypt community volunteers willing to assist.

Here is a list of issued certificates crt.sh | macminns.com, the latest being 2024-04-24.
Here is the certificate being served https://decoder.link/sslchecker/macminns.com/443;
not in the above list presently but this one
crt.sh | 0f5b3c74aa28c318ee392ecc36cd71408a0deae2f3a8c97698fa135896028480
https://search.censys.io/certificates/0f5b3c74aa28c318ee392ecc36cd71408a0deae2f3a8c97698fa135896028480

Common Name:	macminns.com
				DNS:lst794.org
				DNS:macminns.com
SANs:			DNS:www.lst794.org
				DNS:www.macminns.com
				Total number of SANs: 4

Serial Number:	439907850b3b0449bb0b97f51deed63afc7
Not Before:		Apr 24, 2024 16:22:05 GMT

Here details on Apache can be found in documentation and forums:

smac · April 24, 2024, 9:56pm

Hii rg305,
Thanks for responding:

ls -l /etc/letsencrypt/live/macminns.com/cert.pem
Output:
lrwxrwxrwx 1 root root 36 Apr 24 13:22 /etc/letsencrypt/live/macminns.com/cert.pem -> ../../archive/macminns.com/cert2.pem

apachectl -S

VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server LST794.org (/etc/httpd/sites-enabled/lst794.org-le-ssl.conf:2)
         port 443 namevhost LST794.org (/etc/httpd/sites-enabled/lst794.org-le-ssl.conf:2)
                 alias lst794.org
                 wild alias *.LST794.org
         port 443 namevhost macminns.com (/etc/httpd/sites-enabled/macminns.com-le-ssl.conf:2)
                 alias www.macminns.com
                 alias macminns.com
                 wild alias *.macminns.com
*:80                   is a NameVirtualHost
         default server champions.test (/etc/httpd/sites-enabled/champions.conf:25)
         port 80 namevhost champions.test (/etc/httpd/sites-enabled/champions.conf:25)
                 alias champions.localhost
                 alias www.champions.localhost
         port 80 namevhost loonlakevacation.com (/etc/httpd/sites-enabled/loonlakevacation.com.conf:2)
                 alias loonlakevacation.com
                 wild alias *.loonlakevacation.com
         port 80 namevhost LST794.org (/etc/httpd/sites-enabled/lst794.org.conf:3)
                 wild alias *.LST794.org
         port 80 namevhost macminns.com (/etc/httpd/sites-enabled/macminns.com.conf:3)
                 alias www.macminns.com
         port 80 namevhost reportgenerator.macminns.com (/etc/httpd/sites-enabled/reportgenerator.macminns.com.conf:3)
         port 80 namevhost stocks.macminns.com (/etc/httpd/sites-enabled/stocks.com.conf:3)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default 
Mutex mpm-accept: using_defaults
Mutex fcgid-pipe: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex fcgid-proctbl: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

smac · April 24, 2024, 9:58pm

Thanks Bruce,
I'll wait to see if I hear anything. I thought this would be the right place because something with the certificate or https configuration is causing the problem.
Thanks for pointing out the Apache forums, I'll check there also.

Steve

Bruce5051 · April 24, 2024, 10:01pm

Hi @smac

Certainly cannot hurt to try, often what you stated does come here and receives help from here.

--
Bruce

Bruce5051 · April 24, 2024, 10:50pm

@smac Then try ls -l /etc/letsencrypt/archive/macminns.com/cert2.pem

smac · April 24, 2024, 10:53pm

Response:
-rw-r--r-- 1 root root 1822 Apr 24 13:22 /etc/letsencrypt/archive/macminns.com/cert2.pem

Bruce5051 · April 24, 2024, 10:56pm

So that exists and is also non-empty.

Bruce5051 · April 24, 2024, 11:12pm

Here shows Mixed Content

Bruce5051 · April 24, 2024, 11:18pm

@smac I'm grabbing at straws here

Bruce5051 · April 24, 2024, 11:34pm

@smac have a look here macminns.com - Make your website better - DNS, redirects, mixed content, certificates
There are Old connection: Insecure Cipher Suite found and Error - Certificate isn't trusted issue shown.
If one part or server doesn't like what another part or server support they maybe errors in the system as a whole.

rg305 · April 25, 2024, 1:29am

Please show these files:

smac · April 25, 2024, 2:31am

Hi Rudy,
See below for the virtualhost declarations. Note: I changed the ServerAlias in macminns.com-le-ssl.conf earlier today to see if that would help. That's why they're different.
Could the rewrite rule be causing my PWA problem?

I also just discovered this today: on another application (webtrees) on the same website, which worked prior to the https changeover, I'm now getting

This page isn’t working

www.macminns.com redirected you too many times.

more /etc/httpd/sites-enabled/macminns.com-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName macminns.com
ServerAlias *.macminns.com www.macminns.com macminns.com
#ServerAlias www.macminns.com
DocumentRoot "/var/www/sites/macminns/wwwroot"
ErrorLog "/var/www/sites/macminns/logs/macminns.com-error_log"
CustomLog "/var/www/sites/macminns/logs/macminns.com-access_log" combined
#CustomLog "|/usr/sbin/rotatelogs.exe /var/www/sites/macminns/logs/logfile-%Y.%m.%d.log 86400" combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/macminns.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/macminns.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/macminns.com/chain.pem
</VirtualHost>
</IfModule>

more /etc/httpd/sites-enabled/macminns.com.conf

#macminns Production
<VirtualHost *:80>
ServerName macminns.com
#ServerAlias *.macminns.com
ServerAlias www.macminns.com
DocumentRoot "/var/www/sites/macminns/wwwroot"
ErrorLog "/var/www/sites/macminns/logs/macminns.com-error_log"
CustomLog "/var/www/sites/macminns/logs/macminns.com-access_log" combined
#CustomLog "|/usr/sbin/rotatelogs.exe /var/www/sites/macminns/logs/logfile-%Y.%m.%d.log 86400" combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.macminns.com [OR]
RewriteCond %{SERVER_NAME} =macminns.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

smac · April 25, 2024, 2:34am

Thanks Bruce,
This is a lot to digest! I'll dig into it more tomorrow. I doubt I can change any of the DNS server issues, but hopefully I can fix the old encryption algorithm issues. I'll look at the other stuff as well. The loonlakevacation.com website isn't yet on https, so I'll have to fix that. It's on the same server.

rg305 · April 25, 2024, 2:39am

That's redundant.
And I'm not sure the wildcard is actually being covered by that cert.

The rewrite doesn't look bad.

smac · April 25, 2024, 2:56am

You're right about the redundant part. I'll fix that tomorrow.

schoen · April 25, 2024, 3:03am

smac:

I don't know if this is related, but when I run apachectl -S I get, oddly:
AH00526: Syntax error on line 11 of /etc/httpd/sites-enabled/secondDomain.org-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/domain.com/cert.pem' does not exist or is empty
. . . but the cert.pem file is there and is not empty.

Maybe you're not running your apachectl -S as root?

smac · April 25, 2024, 12:08pm

Thanks. That was the cause of that problem.

rg305 · April 25, 2024, 1:05pm

That didn't work?

Topic		Replies	Views
Redirect on macOS from http to https makes certbot fail Help	7	665	May 15, 2019
Live site not redirecting Help	7	165	June 18, 2024
Attempt two, use certbot to install certificates Help	3	759	March 12, 2020
Having issue generating ssl for my domain and sub domain Help	2	620	October 7, 2021
HELP - has install LetsEncrypt , can not open the website Help	2	482	May 16, 2020

Browser says serviceWorker.js behind redirect

This page isn’t working

www.macminns.com redirected you too many times.

Related topics