Certbot can't contact my server through https (443), but the port is open


#1

I do have the port 443 open (checked with many tools, like this one: http://ping.eu/port-chk/)
Tshark shows 443 traffic while the command is being run, but no 80 traffic
I have added this port to the ports.conf in the apache2 folder

My domain is: rebane2001.com

I ran this command: certbot --apache

It produced this output: Failed authorization procedure. www.rebane2001.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 84.50.76.14:443 for TLS-SNI-01 challenge, rebane2001.com (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Failed to connect to 84.50.76.14:443 for TLS-SNI-01 challenge

My operating system is (include version): Raspbian 8 (Debian Jessie)

My web server is (include version): Apache 2.4.10

My hosting provider, if applicable, is: Myself

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


#2

Well, your Apache is serving normal HTTP through port 443… This should be HTTPS. I’m not sure Boulder generates the “could not connect” error when the TLS connection fails, but it sure looks like it:

osiris@desktop tmp $ openssl s_client -connect 84.50.76.14:443
CONNECTED(00000003)
139845976815248:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 320 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1471546935
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
osiris@desktop tmp $ telnet 84.50.76.14 443
Trying 84.50.76.14...
Connected to 84.50.76.14.
Escape character is '^]'.
GET / HTTP/1.1
Host: blaat

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2016 19:02:29 GMT
Server: Apache/2.4.10 (Raspbian)
Last-Modified: Mon, 15 Aug 2016 05:21:38 GMT
ETag: "3e7-53a156813aa7d"
Accept-Ranges: bytes
Content-Length: 999
Vary: Accept-Encoding
Content-Type: text/html

<!DOCTYPE html> 
<html>
<head>
<link rel="icon" type="image/x-icon" href="/favicon.ico">
<link rel="stylesheet" type="text/css" href="/index.css">
<script src="/leScript.js"></script>
<title>REBANE2001</title>
<meta charset="UTF-8"> 
</head>
<body>
<h1 class="orangetitle">REBANE2001</h1>
<p>Kuna ma just alustasin oma (uue) veebilehega,<br>
ei ole siin erilist disaini, kuid ma j&auml;tan siia<br>
alla m&otilde;ned kasulikud lingid ja muud stuffi!</p><br>
<ul>
<li><a class="link1" href="http://youtube.com/rebane2001">Minu YouTubei kanal</a></li>
<li><a class="link1" href="HarryPotter2/">Are you confused by this site and just want <b>Harry Potter 2</b> stuff?</a></li>
<li><a class="link1" href="https://www.youtube.com/playlist?list=PLRZKW4AR6v9LxbyQoOY_yR7KDc6apBxGq">Putkakaupade playlist</a></li>
<li><a class="link1" href="pood.html">Rebase pood</a></li>
<li><a class="link1" href="#emailx" onclick="emailx()" id="emailx">Vajuta siia, et n&auml;ha mu e-maili</a></li>
</ul>
</body>
</html>Connection closed by foreign host.
osiris@desktop tmp $

#3

Thanks, I suck at networking, so could you tell me a bit more about how I could solve it? :slight_smile:


#4

Is mod_ssl enabled?


#5

As far as I know, it should be


#6

You might want to triple-check that.


#7

As I said, I suck at such stuff, so I am not 100% sure, but my guess is that something is wrong with some configuration files, rather than mod_ssl, but I’ll check once more


#8

I was able to solve it.
To anybody who has the same problem, add “ServerName localhost” to your apache2.conf and remember that your Vhost is in /etc/apache2/sites-available/ :wink:
Thanks to Osiris aswell


#9

Hm, glad you solved the problem! I’m not sure I understand how and why, but I’m happy for you :stuck_out_tongue:


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.