Can't Get Domains to Resolve HTTPS after Certificate Install


#1

Hello, New here and still learning a lot. But i will try to be as thorough as possible. If you need other info or more, please ask and I will provide.

I have a few domains that I host on a home computer server which are listed below in the cerbot certificates.
Home Server runs Ubuntu 16.04, Apache 2.4.18

I installed HTTPS certificates using Certbot and selected to redirect from http to https in the setup.

In my DNS, I have an A records set and CNAME records for www versions of sites.

I’m going to use Irwin Resources as my example as it is a simple page. This site has been working for months before I tried to load in SSL certificates 4 days ago. Possibly unrelated, but maybe not, I did add the www CNAME to DNS about the same time I loaded the SSL certs.

In /etc/apache2/sites-available, there are two files.

  1. irwinresources.com.conf

<VirtualHost *:80>
ServerAdmin some-email@emailaddress.com
ServerName irwinresources.com
ServerAlias www.irwinresources.com
DocumentRoot /var/www/html/irwinresources.com/public_html

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =irwinresources.com [OR]
RewriteCond %{SERVER_NAME} =www.irwinresources.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

  1. irwinresources.com-le-ssl.conf

    <VirtualHost *:443>
    ServerAdmin greg.scott.irwin@gmail.com
    ServerName irwinresources.com
    ServerAlias www.irwinresources.com
    DocumentRoot /var/www/html/irwinresources.com/public_html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/irwinresources.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/irwinresources.com/privkey.pem

In the file /ect/apache2/sites-enabled, I have two files with much the same info. I will post in a follow up because I’m a “new user” and can’t post that many links in my initial post apparently.

At this point, if I go to the web address irwinresources.com in Firefox, the URL changes to https://irwinresources.com and I get the following:
“Unable to connect
Firefox can’t establish a connection to the server at irwinresources.com.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.”

If i go to the web address www.irwinresources.com, the page loads, but no https. It stays as www.irwinresources.com.

I’ve done quite a bit of research on this and haven’t been able to find the right piece(s) i’m missing. Again, i’m still a newb at this stuff and am trying to learn as I go. I appreciate the help in advance and look forward to hearing some good news!


#2

When I run certbot certificates, I get the following output:
“Found the following certs:
Certificate Name: irwinresources.com
Domains: bataviareferees.org gregscottirwin.com irwinresources.com montaninomedia.com rocrefs.org www.bataviareferees.org www.gregscottirwin.com www.irwinresources.com www.montaninomedia.com www.rocrefs.org
Expiry Date: 2018-12-29 11:44:25+00:00 (VALID: 85 days)
Certificate Path: /etc/letsencrypt/live/irwinresources.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/irwinresources.com/privkey.pem”

These are the files in /etc/apache2/sites-enabled

  1. irwinresources.com.conf
    <VirtualHost *:80>

    ServerAdmin greg.scott.irwin@gmail.com
    ServerName irwinresources.com
    ServerAlias www.irwinresources.com
    DocumentRoot /var/www/html/irwinresources.com/public_html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =irwinresources.com [OR]
RewriteCond %{SERVER_NAME} =www.irwinresources.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

  1. irwinresources.com-le-ssl.conf

    <VirtualHost *:443>

    ServerAdmin greg.scott.irwin@gmail.com
    ServerName irwinresources.com
    ServerAlias www.irwinresources.com
    DocumentRoot /var/www/html/irwinresources.com/public_html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/irwinresources.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/irwinresources.com/privkey.pem


#3

Hi @sweeper33

is there a firewall or something else that blocks port 443? Check

ss -n -l -t

to find all numeric (-n) listener (-l) tcp (-t) sockets.


#4

Thanks for helping me through this @JuergenAuer.
Absolutely. Here is the output:

LISTEN 0 50 :445 :
LISTEN 0 128 127.0.0.1:3306 :
LISTEN 0 50 :139 :
LISTEN 0 128 127.0.0.1:6379 :
LISTEN 0 5 127.0.1.1:53 :
LISTEN 0 128 :22 :
LISTEN 0 5 127.0.0.1:631 :
LISTEN 0 128 :::443 :::

LISTEN 0 50 :::445 :::

LISTEN 0 50 :::139 :::

LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 5 ::1:631 :::*

How does it look?


#5

Looks that a https is running. So it may be a firewall problem. So check your firewall configuration.


#6

Hi,

Just trying to extend on @JuergenAuer’s answer.

It seems that you are using TWC / Spectrum (or road runner in old ways, as resolved by rdns).

TWC seems does not block port 443 and port 80… And since your IP address resolved looks like Home Internet, I would encourage you to check if the port forwarding on your router is setup correctly.

As a simple test, try visit http://www.canyouseeme.org using the server’s IP address and enter port 443 to test if it’s open to internet (currently closed)

Thank you


#7

That worked! My router was not set up to forward the port 443. I missed that - thank you so much @JuergenAuer and @Stevenzhu! You guys rock and I cannot thank you enough!


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.