Can't reach site with https, took too long to respond

Salsum · August 16, 2018, 6:21am

I am completely new to all things web, and am trying to create an ssl certificate for use in experimenting with various applications that require https. I have set up dynamic dns to point to an apache2 server running on my home computer (referenced in the following).
After setting up an ssl key I still cannot reach the site via https (http works completely fine still), it says it times out. Info below:

My domain is:
shaunserver.ddns.net

I ran this command:
./certbot-auto -d shaunserver.ddns.net

It produced this output:

Congratulations! You have successfully enabled https://shaunserver.ddns.net

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=shaunserver.ddns.net

IMPORTANT NOTES:

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/shaunserver.ddns.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/shaunserver.ddns.net/privkey.pem
Your cert will expire on 2018-11-14. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again with the “certonly” option. To non-interactively renew all
of your certificates, run “certbot-auto renew”

however, when I attempt to do as suggested and test my configuration via the provided site, or simply typing into the url “https://shaunserver.ddns.net” it times out, typing the same without the ‘s’ in ‘https’, however, works fine.

My web server is (include version):
Server version: Apache/2.4.18 (Ubuntu)

The operating system my web server runs on is (include version):
Ubuntu 16.04.4 LTS

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

Here are dumps (minus the comments) of my 000-default.conf and default-ssl.conf files

000-default.conf

<VirtualHost *:80>

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

        ServerName shaunserver.ddns.net
        ServerAlias shaunserver.ddns.net

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

defualt-ssl.conf

<IfModule mod_ssl.c>
	<VirtualHost _default_:443>
		ServerAdmin webmaster@localhost

		DocumentRoot /var/www/html

		ErrorLog ${APACHE_LOG_DIR}/error.log
		CustomLog ${APACHE_LOG_DIR}/access.log combined

		SSLEngine on

		SSLCertificateFile /etc/letsencrypt/live/shaunserver.ddns.net/fullchain.pem
		SSLCertificateKeyFile /etc/letsencrypt/live/shaunserver.ddns.net/privkey.pem
                Include /etc/letsencrypt/options-ssl-apache.conf

		<FilesMatch "\.(cgi|shtml|phtml|php)$">
				SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
				SSLOptions +StdEnvVars
		</Directory>

	</VirtualHost>
</IfModule>

Thank you so much for your help!

JuergenAuer · August 16, 2018, 7:21am

Hi @Salsum

is there a firewall that blocks port 443?

Salsum · August 16, 2018, 7:56am

There was indeed, I forwarded the port and it now works, thank you so much!

I guess I didn’t realize that http and https used different ports, though I suppose that is obvious now that I look at my “ports.conf” file in apache2.

How does the “Listen” command in my “ports.conf” file work? When it says

Listen 80

<IfModule ssl_module>
        Listen 443
</IfModule>

does it listen on both 80 and 443?
Could I, for instance, also listen on another port and stop forwarding these so that I don’t mess with other traffic on my router (there is currently none, but thinking towards the future if there ends up being a separate server, for instance)?
For instance, adding

Listen 4443

then having shaunserver.ddns.net:4443 access the server instead.

Anyway, thanks again!

JuergenAuer · August 16, 2018, 8:09am

Yes, then port 80 and port 443 are used.

Salsum:

Could I, for instance, also listen on another port and stop forwarding these so that I don’t mess with other traffic on my router (there is currently none, but thinking towards the future if there ends up being a separate server, for instance)?
For instance, adding
Listen 4443
then having shaunserver.ddns.net:4443 access the server instead.

Yes, that should work. But then https://shaunserver.ddns.net:4443 - using non-standard-ports, you have to use both - protocol and port.

But it should also work that extern is 443 used ( https://shaunserver.ddns.net/ ) and your router sends the traffic to port 4443 of your internal server.

There are a lot of users with such different configurations.

system · September 15, 2018, 8:09am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.