Centos 6 - delete force https


#1

Hello all

Sorry for my bad english

I want delete force-httpS for the moment after install et configure certbot-auto for virtualhost on CentOS6.5.

How i can do it ?

Thank.


#2

Hi @avoriaz

Your question is hard to answer as it doesn’t actually explain what you are trying to do. Please fill out the items below so people can assist

Please fill out the fields below so we can help you better.

I ran this command:

It produced this output:

My operating system is (include version):

My web server is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Andrei


#3

Thank you for response

OS:
CentOS release 6.5 (Final)

I use Apache :
slight_smile:Server version: Apache/2.2.15 (Unix)
Server built: Mar 22 2017 06:52:55

Dedicaced server with OVH provider

I can login to a root shell

I dont use a control panel

I have make this configuration

without install ispconfig and without pureftpd (i use winssh for sent files)

I have my websites in /srv/www directory
Configuration is in /etc/httpd/conf.d directory

A sample configuration
<VirtualHost *:80>
ServerAdmin webmaster@website.fr
ServerName www.website.fr
ServerAlias website.fr
DocumentRoot /srv/www/website.fr/public_html/
ErrorLog /srv/www/website.fr/logs/error.log
CustomLog /srv/www/website.fr/logs/access.log combined

 RewriteLogLevel 15
 RewriteLog "/srv/www/website.fr/logs/rewrite.log"

I ran this command:
root@webserver:~$ wget https://dl.eff.org/certbot-auto
root@webserver:~$ chmod a+x ./certbot-auto
./certbot-auto

It’s all

Thank you


#4

@avoriaz, do you mean the redirection that sends people who go to the http:// version of your site to the https:// version of the site?

If you accepted Certbot’s offer to perform this redirection, then in a configuration file related to your site in /etc/apache2/sites-available, there should be three lines like

RewriteEngine on RewriteCond %{SERVER_NAME} =example.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

If you delete or comment out these lines (prefixing them with #), the redirect behavior should stop happening.


#5

I have a similar issue - I’ve got a http URL that keeps redirecting to https and it’s just not working right. I want to restore the original functionality of simply making an http request without redirecting to https.

I’ve deleted the section in the configuration file re: the RewriteEngine on and the associated lines below it. Still wants to redirect:

I’ve restarted apache. Not sure what to try next…?


#6

@josesierra, I don’t see a redirect happening there now (just an empty page).


#7

I have comment this on my file, in /etc/httpd/conf.d/mywebsite.fr.vhost.conf but same problem after restart httpd.

#RewriteCond %{SERVER_NAME} =www.mywebsite.fr [OR]
#RewriteCond %{SERVER_NAME} =mywebsite.fr
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,NE,R=permanent]
#


#8

Hi @avoriaz,

Maybe you are using HSTS (HTTP Strict Transport Security) header in your Apache conf. Do you have a directive in your conf that starts like this or similar?.

Header always set Strict-Transport-Securit [here should be more options like max-age]

If you provide your real domain it should be easy to debug your issue.

Cheers,
sahsanu


#9

Hy @sahsanu

My domain name is https://www.immobilier-lamy.com

egain thx


#10

Hi @avoriaz,

Thanks for sharing the domain. I’ve checked it and I’m not being redirected to https version.

Checking http://www.immobilier-lamy.com we are not redirected to https:

$ curl -ILk http://www.immobilier-lamy.com
HTTP/1.1 302 Found
Date: Tue, 18 Apr 2017 07:11:21 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Location: http://www.immobilier-lamy.com/fr/home-2/
Connection: close
Content-Type: text/html; charset=UTF-8

HTTP/1.1 200 OK
Date: Tue, 18 Apr 2017 07:11:21 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Set-Cookie: wfvt_803572314=58f5bc1a28b49; expires=Tue, 18-Apr-2017 07:41:22 GMT; path=/; httponly
Set-Cookie: pll_language=fr; expires=Wed, 18-Apr-2018 07:11:22 GMT; path=/
Link: <http://www.immobilier-lamy.com/wp-json/>; rel="https://api.w.org/"
Link: <http://www.immobilier-lamy.com/>; rel=shortlink
Connection: close
Content-Type: text/html; charset=UTF-8

Checking http://immobilier-lamy.com we are redirected to www but not redirected to https

$ curl -ILk http://immobilier-lamy.com
HTTP/1.1 302 Found
Date: Tue, 18 Apr 2017 07:11:36 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Location: http://www.immobilier-lamy.com/fr/home-2/
Connection: close
Content-Type: text/html; charset=UTF-8

HTTP/1.1 200 OK
Date: Tue, 18 Apr 2017 07:11:36 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Set-Cookie: wfvt_803572314=58f5bc2909c17; expires=Tue, 18-Apr-2017 07:41:37 GMT; path=/; httponly
Set-Cookie: pll_language=fr; expires=Wed, 18-Apr-2018 07:11:37 GMT; path=/
Link: <http://www.immobilier-lamy.com/wp-json/>; rel="https://api.w.org/"
Link: <http://www.immobilier-lamy.com/>; rel=shortlink
Connection: close
Content-Type: text/html; charset=UTF-8

Checking https://www.immobilier-lamy.com your server is not sending any Strict Tansport Security Header so it is ok.

$ curl -ILk https://www.immobilier-lamy.com
HTTP/1.1 200 OK
Date: Tue, 18 Apr 2017 07:11:58 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 17 Apr 2017 23:14:28 GMT
ETag: "fe1f96-5-54d64f3f27e89"
Accept-Ranges: bytes
Content-Length: 5
Connection: close
Content-Type: text/html; charset=UTF-8

Checking https://immobilier-lamy.com your server is not sending any Strict Tansport Security Header so it is ok.

$ curl -ILk https://immobilier-lamy.com
HTTP/1.1 200 OK
Date: Tue, 18 Apr 2017 07:12:09 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Mon, 17 Apr 2017 23:14:28 GMT
ETag: "fe1f96-5-54d64f3f27e89"
Accept-Ranges: bytes
Content-Length: 5
Connection: close
Content-Type: text/html; charset=UTF-8

You https site has no Let’s Encrypt certificate, it is using one not valid for your domain but that is the only issue I can see, really, your site is not redirecting to https.

Cheers,
sahsanu


#11

In effect i have change it now:

#DocumentRoot "/var/www/html"
DocumentRoot “/srv/www/immobilier-lamy.com/public_html/”

But i see not secure now, but the problem is this message, i prefere not see this bad message, thank


#12

@avoriaz, changing DocumentRoot should have no effect to how your web server is serving your https site. If you want your web server sends the right certificate for your domain you should configure it to point to the right Let’s Encrypt certificate.


#13

Yes I understand, but before it redirected to the default causing not even displaying the website.


#14

Sorry but I don’t understand what you need.

Right now:
1.- Your http site works fine without redirects.
2.- Your https site gives a certificate error because it is trying to use a default configured certificate (it is only valid for common name sd-37664) but if you accept the browser warning it enters to your site.

So, what you want to do?.

1.- That https for your domain use the right certificate for Let’s Encrypt… the you need to configure your web server to point to the right certificates issued for your domain.

2.- You don’t want https at all for your site and you want that visiting your https shows an error (not the certificate error). It could be more complicated depending on your apache conf, how many sites you are in your web server. Depending on what you are serving you could disable the default-ssl conf or not listen on port 443, or… anything you want to change to your apache web server should be tested or you could broke your site… or other sites your web server is serving.

My recommendation, configure correctly a VirltualHost for your domain that points to the right Let’s Encrypt issued certificates.

Sorry, but you are not giving too much info ;).

I’m at work so I will try to answer when I’ve spare time.

Good luck,
sahsanu


#15

@schoen Interesting… when I type in http://www.goblueline.com it immediately flips it to https://www.goblueline.com and I get a ERR_SSL_PROTOCOL_ERROR on the page, stating that “This site can’t provide a secure connection”. You’re not getting that?

Thanks!

J


#16

@schoen I’ve reinstalled the letsencrypt certificate and now I’m getting some broken pages - seems to be an issue with my Magento installation. I’ll investigate further through those channels. Of course, any thoughts you might have to help me resolve are always appreciated.

Thanks again!

J


#17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.