Cert installed, but can't enable SSL

CasminMcMurphy · April 30, 2021, 6:24pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version): Apache 2.4

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.14.0

I ran certbot --apache on my server and successfully installed certificates. However, I cannot enable SSL for my site. Accessing http://www.mysite.com loads the page successfully as non-SSL, but trying https://www.mysite.com redirects to http://www.mysite.com and loads that instead.

I have two enabled config files, one for non-SSL requests and one (generated from it by certbot) for SSL requests. The two config files are

# Non-SSL configuration
<VirtualHost IP:80>
        ServerName mysite.com
        ServerAlias www.mysite.com

        DocumentRoot "/var/www/html"

        <Directory />
                Options FollowSymLinks
                AllowOverride None
                Require all denied
        </Directory>
        <Directory /var/www/html/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Require all granted
        </Directory>

	# If I enable this, I get "page isn't redirecting properly" error
	#RewriteEngine on
        #RewriteCond %{SERVER_NAME} =mysite.com [OR]
        #RewriteCond %{SERVER_NAME} =www.mysite.com
        #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>


# SSL configuration
<IfModule mod_ssl.c>

<VirtualHost IP:443>
        ServerName mysite.com
        ServerAlias www.mysite.com

        DocumentRoot "/var/www/html"

        <Directory />
                Options FollowSymLinks
                AllowOverride None
                Require all denied
        </Directory>
        <Directory /var/www/html/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Require all granted
        </Directory>

        SSLCertificateFile /etc/letsencrypt/live/mysite.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/mysite.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>
</IfModule>

I assume certbot added the Rewrite stuff at the bottom of the non-SSL config, but there's no clue. If I enable it, all access to the website causes a "page isn't redirecting properly" error, so I removed it.

What do I need to change to enable the certificates?

Rip · April 30, 2021, 8:00pm

Hi @CasminMcMurphy welcome back to the community!

In this case, it would be extremely helpful if you were willing to share your domain name. It's a guessing game for us without it.

CasminMcMurphy · April 30, 2021, 8:26pm

My domain name would identify me personally and I don't wish to provide it.

I don't see how this is a guessing game. Assume that a website mysite.com has valid SSL certificates in the given location. Under ordinary, non-pathological conditions (i.e., there are no other virtual hosts and no other active config files, all required mods are enabled, etc.), the given Apache configuration either would or wouldn't be sufficient to enable HTTPS access. So, the first question is: Does this configuration have any identifiable errors, or is it consistent with what one would expect for valid configuration? That's all I want to know.

griffin · April 30, 2021, 10:59pm

There are a LOT of assumptions being made here, but I'll try to assess with what you've provided and assumed.

My guess is that you're probably using WordPress and have "http" instead of "https" listed in the following settings:

Site Address (URL)
WordPress Address (URL)

Regarding this:

CasminMcMurphy:

	#RewriteEngine on
        #RewriteCond %{SERVER_NAME} =mysite.com [OR]
        #RewriteCond %{SERVER_NAME} =www.mysite.com
        #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Certbot does tend to add something like that.

Personally, I would instead use this:

Redirect permanent / https://www.mysite.com/

or this:

Redirect permanent / https://mysite.com/

system · May 30, 2021, 11:00pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.