Now we can return to the redirection issue?
[presently there is none]
EDIT: It seems you got that fixed for the base name only.
I still see:
curl -Iki http://www.soerendip.com/
HTTP/1.1 302 Found
Date: Tue, 12 Mar 2019 22:18:45 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Location: https://136.159.234.66
Content-Type: text/html; charset=iso-8859-1
I am not sure. Did I?
only partly…
Please show:
grep -Eri 'virt|servern|servera|return|rewrite|redirect|listen' /etc/apache2/sites-enabled/*.conf
Your certificate is now correct:
CN=soerendip.com
12.03.2019
10.06.2019
expires in 90 days soerendip.com, www.soerendip.com - 2 entries
But now you have some more wrong redirects:
| Domainname | Http-Status | redirect | Sec. | G |
|---|---|---|---|---|
| • http://soerendip.com/ | ||||
| 136.159.234.66 | 301 | https://soerendip.com/ | 0.313 | A |
| • http://www.soerendip.com/ | ||||
| 136.159.234.66 | 302 | https://136.159.234.66 | 0.320 | E |
| • https://136.159.234.66 | 200 | 2.677 | N | |
| Certificate error: RemoteCertificateNameMismatch | ||||
| • https://soerendip.com/ | ||||
| 136.159.234.66 | 200 | 2.950 | A | |
| • https://www.soerendip.com/ | ||||
| 136.159.234.66 | 200 | 2.674 | A | |
| • http://soerendip.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de | ||||
| 136.159.234.66 | 301 | https://soerendip.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de | 0.317 | A |
| Visible Content: Moved Permanently The document has moved here . | ||||
| • http://www.soerendip.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de | ||||
| 136.159.234.66 | 302 | https://136.159.234.66.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de | 0.313 | E |
| Visible Content: Found The document has moved here . Apache/2.4.29 (Ubuntu) Server at www.soerendip.com Port 80 | ||||
| • https://soerendip.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de | 404 | 2.446 | A | |
| Not Found | ||||
| Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.4.29 (Ubuntu) Server at soerendip.com Port 443 | ||||
| • https://136.159.234.66.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de | -1 | 4.820 | R | |
| NameResolutionFailure - The remote name could not be resolved: '136.159.234.66.well-known' |
At the end, a redirect to ip address + .well-known without a slash.
Your standard vHost (port 80) has that redirect.
Maybe it's time we looked at it...
Sneaky little bastards these redirects. I wonder why are they generated in the first place, when the should not be there. But that is a different conversation.
cat /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin swacker@ucalgary.ca
DocumentRoot /var/www/html
Redirect "/" "https://136.159.234.66"
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =soerendip.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noetThere is your wrong redirect.
Ok, I removed that one too. But it still says that the certificate is not valid.
Oh, it only happens, when I use the IP address.
Remove:
Replace:
With:
RewriteCond %{HTTPS} !=on
Then restart/reload Apache.
Now, it does not work anymore. That is confusing.
It seems the changes always take a while to be effective.
I added a wordpress page, now, when I go to soerendip.com/wordpress the certificate is invalid again…
Please be clear: What doesn’t work anymore?
...and I'm still waiting for this output:
grep -Eri 'virt|servern|servera|return|rewrite|redirect|listen' /etc/apache2/sites-enabled/*
/etc/apache2/sites-enabled/000-default.conf:<VirtualHost *:80>
/etc/apache2/sites-enabled/000-default.conf: # The ServerName directive sets the request scheme, hostname and port that
/etc/apache2/sites-enabled/000-default.conf: # redirection URLs. In the context of virtual hosts, the ServerName
/etc/apache2/sites-enabled/000-default.conf: # match this virtual host. For the default virtual host (this file) this
/etc/apache2/sites-enabled/000-default.conf: # However, you must set it for any further virtual host explicitly.
/etc/apache2/sites-enabled/000-default.conf: #ServerName www.example.com
/etc/apache2/sites-enabled/000-default.conf: ServerAdmin swacker@ucalgary.ca
/etc/apache2/sites-enabled/000-default.conf: # Redirect "/" "https://136.159.234.66"
/etc/apache2/sites-enabled/000-default.conf: # include a line for only one particular virtual host. For example the
/etc/apache2/sites-enabled/000-default.conf:ServerName soerendip.com
/etc/apache2/sites-enabled/000-default.conf:ServerAlias www.soerendip.com
/etc/apache2/sites-enabled/000-default.conf:RewriteEngine on
/etc/apache2/sites-enabled/000-default.conf:RewriteCond %{SERVER_NAME} =soerendip.com
/etc/apache2/sites-enabled/000-default.conf:# RewriteCond %{HTTPS} !=on
/etc/apache2/sites-enabled/000-default.conf:RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
/etc/apache2/sites-enabled/000-default.conf:</VirtualHost>
/etc/apache2/sites-enabled/000-default-le-ssl.conf:<VirtualHost *:443>
/etc/apache2/sites-enabled/000-default-le-ssl.conf: # The ServerName directive sets the request scheme, hostname and port that
/etc/apache2/sites-enabled/000-default-le-ssl.conf: # redirection URLs. In the context of virtual hosts, the ServerName
/etc/apache2/sites-enabled/000-default-le-ssl.conf: # match this virtual host. For the default virtual host (this file) this
/etc/apache2/sites-enabled/000-default-le-ssl.conf: # However, you must set it for any further virtual host explicitly.
/etc/apache2/sites-enabled/000-default-le-ssl.conf: #ServerName www.example.com
/etc/apache2/sites-enabled/000-default-le-ssl.conf: ServerAdmin swacker@ucalgary.ca
/etc/apache2/sites-enabled/000-default-le-ssl.conf: #Redirect "/" "https://136.159.234.66"
/etc/apache2/sites-enabled/000-default-le-ssl.conf: # include a line for only one particular virtual host. For example the
/etc/apache2/sites-enabled/000-default-le-ssl.conf:ServerName soerendip.com
/etc/apache2/sites-enabled/000-default-le-ssl.conf:ServerAlias www.soerendip.com
/etc/apache2/sites-enabled/000-default-le-ssl.conf:</VirtualHost>
Ok (except the rewrite cond) all seems fine there.
Please show:
grep -Eri 'virt|servern|servera|return|rewrite|redirect|listen' /etc/apache2/apache.conf
These are reversed [/etc/apache2/sites-enabled/000-default.conf] :
RewriteCond %{SERVER_NAME} =soerendip.com
# RewriteCond %{HTTPS} !=on
All works, you have a Grade H:
| Domainname | Http-Status | redirect | Sec. | G |
|---|---|---|---|---|
| • http://soerendip.com/ | ||||
| 136.159.234.66 | 301 | https://soerendip.com/ | 0.316 | A |
| • http://www.soerendip.com/ | ||||
| 136.159.234.66 | 200 | 0.320 | H | |
| • https://soerendip.com/ | ||||
| 136.159.234.66 | 200 | 6.540 | A | |
| • https://www.soerendip.com/ | ||||
| 136.159.234.66 | 200 | 6.544 | A |
So your certificate is ok and your both connections are secure.
You can't check redirects with your browser.
Same with your wordpress.
| Domainname | Http-Status | redirect | Sec. | G |
|---|---|---|---|---|
| • http://soerendip.com/wordpress/ | ||||
| 136.159.234.66 | 301 | https://soerendip.com/wordpress/ | 0.320 | A |
| • http://www.soerendip.com/wordpress/ | ||||
| 136.159.234.66 | 301 | https://www.soerendip.com/wordpress/ | 0.324 | A |
| • https://soerendip.com/wordpress/ | ||||
| 136.159.234.66 | 200 | 6.660 | I | |
| • https://www.soerendip.com/wordpress/ | ||||
| 136.159.234.66 | 200 | 6.663 | I |
The certificate is ok.
But you have a lot of mixed content, that is blocked. So no stylesheets, no javascript.
Why? All links have the ip address.
form
https://136.159.234.66/wordpress/
-9
TrustFailure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.
1
no SSL
img
https://136.159.234.66/wordpress/wp-content/themes/twentyseventeen/assets/images/header.jpg
-9
TrustFailure - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.
1
no SSL
You can't use your certificate with an ip address.
Ok, 
now it works.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.