My domain is: igw.news
There are 9 others with certificates on the same server. IP: 5.101.140.50
I ran this command:
Browsed on Chrome to igw.news
It produced this output:
This site can’t provide a secure connection
igw.news sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
My web server is (include version):
Server version: Apache/2.4.41 (Ubuntu)
Server built: 2021-10-14T16:24:43
The operating system my web server runs on is (include version):
Ubuntu 20.04.3 LTS (GNU/Linux 5.4.0-90-generic x86_64)
My hosting provider, if applicable, is:
Dedicated Server on UKServers
I can login to a root shell on my machine (yes or no, or I don't know):
Yes, through SSH
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No.
The version of my client is (e.g. output of c
or certbot-auto --version
if you're using Certbot):
certbot 1.21.0
Hi,
Firstly, thanks for providing this great resource!
I believe that I have set up the Letsencrypt certificates using certbot for the following domains:
1: bot10x.com
2: www.bot10x.com
3: cybxpert.com
4: www.cybxpert.com
5: expressresponse.net
6: www.expressresponse.net
7: gldn.page
8: www.gldn.page
9: igw.news
10: www.igw.news
11: pdg.reviews
12: www.pdg.reviews
13: reviewed.page
14: www.reviewed.page
15: smartbiz.pro
16: www.smartbiz.pro
17: ukncsa.com
18: www.ukncsa.com
19: yel.page
20: www.yel.page
But maybe I've made some errors !
It may best to focus on one domain first and I'll apply any corrections to the others.
Looking at igw.news
Browsing the topics on this forum, I found and used some utilities like:
transparencyreport.google.com and
check-your-website.server-daten.de
(which raised more questions)
First, may I just check that I have set up the apache server correctly.
In my /etc/apache2/sites-available I have these files:
-rw-r--r-- 1 root root 435 Nov 16 11:18 bot10x.com.conf
-rw-r--r-- 1 root root 475 Nov 15 18:56 bot10x.com-le-ssl.conf
-rw-r--r-- 1 root root 472 Nov 16 08:45 chitchatmedia.net.conf
-rw-r--r-- 1 root root 517 Nov 15 19:12 chitchatmedia.net-le-ssl.conf
-rw-r--r-- 1 root root 447 Nov 16 11:19 cybxpert.com.conf
-rw-r--r-- 1 root root 487 Nov 15 18:58 cybxpert.com-le-ssl.conf
-rw-r--r-- 1 root root 6338 Apr 13 2020 default-ssl.conf
-rw-r--r-- 1 root root 489 Nov 16 11:19 expressresponse.net.conf
-rw-r--r-- 1 root root 529 Nov 15 18:59 expressresponse.net-le-ssl.conf
-rw-r--r-- 1 root root 430 Nov 16 11:19 gldn.page.conf
-rw-r--r-- 1 root root 470 Nov 15 08:26 gldn.page-le-ssl.conf
-rw-r--r-- 1 root root 423 Nov 16 11:20 igw.news.conf
-rw-r--r-- 1 root root 463 Nov 15 13:25 igw.news-le-ssl.conf
-rw-r--r-- 1 root root 442 Nov 16 11:20 pdg.reviews.conf
-rw-r--r-- 1 root root 482 Nov 15 19:00 pdg.reviews-le-ssl.conf
-rw-r--r-- 1 root root 454 Nov 16 11:20 reviewed.page.conf
-rw-r--r-- 1 root root 494 Nov 15 18:55 reviewed.page-le-ssl.conf
-rw-r--r-- 1 root root 267 Nov 16 11:21 smartbiz.pro.conf
-rw-r--r-- 1 root root 435 Nov 16 11:22 ukncsa.com.conf
-rw-r--r-- 1 root root 475 Nov 15 19:12 ukncsa.com-le-ssl.conf
-rw-r--r-- 1 root root 423 Nov 16 11:22 yel.page.conf
-rw-r--r-- 1 root root 463 Nov 15 19:02 yel.page-le-ssl.conf
and the igw.news.conf looks like:
<VirtualHost *:80>
ServerAdmin admin@igw.news
ServerName igw.news
ServerAlias www.igw.news
DocumentRoot /var/www/igw.news/html
ErrorLog ${APACHE_LOG_DIR}/eror.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.igw.news [OR]
RewriteCond %{SERVER_NAME} =igw.news
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
My first question is: I only have created a *:80 entry - should I not have *:443 for the https ?
I didn't see any instructions for creating *:443 anywhere.
In my /var/www/igw.news/html/ I created a basic index.html file:
<html>
<head>
<title>Welcome</title>
</head>
<body>
<h1>THIS IS IGW.NEWS!</h1>
</body>
</html>
I have run a2ensite igw.news.conf ( and all the others)
and apache2ctl configtest ( result Syntax OK )
and systemctl restart apache2
systemctl status apache2
- apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-11-16 11:26:54 GMT; 23h ago
Docs: Apache HTTP Server Version 2.4 Documentation - Apache HTTP Server Version 2.4
Process: 38023 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
Main PID: 32240 (apache2)
Tasks: 11 (limit: 19071)
Memory: 21.5M
CGroup: /system.slice/apache2.service
|-32240 /usr/sbin/apache2 -k start
|-38036 /usr/sbin/apache2 -k start
|-38116 /usr/sbin/apache2 -k start
|-41701 /usr/sbin/apache2 -k start
|-41721 /usr/sbin/apache2 -k start
|-41725 /usr/sbin/apache2 -k start
|-41732 /usr/sbin/apache2 -k start
|-41739 /usr/sbin/apache2 -k start
|-41740 /usr/sbin/apache2 -k start
|-41749 /usr/sbin/apache2 -k start
`-41750 /usr/sbin/apache2 -k start
Nov 16 11:26:54 Ubuntu20 systemd[1]: Starting The Apache HTTP Server...
Nov 16 11:26:54 Ubuntu20 systemd[1]: Started The Apache HTTP Server.
Nov 17 00:00:03 Ubuntu20 systemd[1]: Reloading The Apache HTTP Server.
Nov 17 00:00:04 Ubuntu20 systemd[1]: Reloaded The Apache HTTP Server.
Hopefully this is all correct ?
When I use: https://check-your-website.server-daten.de/?q=5.101.140.50
It reports that all these ports are open !!!!
21 FTP
22 SSH
25 SMTP
53 DNS
110 POP3
143 IMAP
465 SMTP (encrypted)
587 SMTP (encrypted, submission)
993 IMAP (encrypted)
995 POP3 (encrypted)
1433 MS SQL
2082 cPanel (http)
2083 cPanel (https)
2086 WHM (http)
2087 WHM (https)
2089 cPanel Licensing
2095 cPanel Webmail (http)
2096 cPanel Webmail (https)
2222 DirectAdmin (http)
2222 DirectAdmin (https)
3306 mySql
5224 Plesk Licensing
5432 PostgreSQL
8080 Ookla Speedtest (http)
8080 Ookla Speedtest (https)
8083 VestaCP http
8083 VestaCP https
8443 Plesk Administration (https)
8447 Plesk Installer + Updates
8880 Plesk Administration (http)
10000 Webmin (http)
10000 Webmin (https)
This is all very concerning as I am NOT running Plesk, Webmin, Vesta, cPanel, or WHM !!
As far as I know all I need open is 22 for SSH and 80 and 443 at the moment and I will open
up the SMPT when I start to use it.
Maybe these ports come open by default with Ubuntu 20.04.3 LTS ?
I am running UTW.
ufw status
Status: active
To Action From
3389/tcp ALLOW Anywhere
22/tcp ALLOW Anywhere
22 ALLOW Anywhere
2222 ALLOW Anywhere
Apache ALLOW Anywhere
Postfix ALLOW Anywhere
3306/tcp ALLOW Anywhere
Apache Full ALLOW Anywhere
3389/tcp (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
2222 (v6) ALLOW Anywhere (v6)
Apache (v6) ALLOW Anywhere (v6)
Postfix (v6) ALLOW Anywhere (v6)
3306/tcp (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)
Very strange as it doesn't show half the ports that "check-your-website" says are open.
Especially concerning is the unsecure ftp on 21.
That site also seems to be unable to locate any certificates.
Would much appreciate some guidance to get this properly set up.
I have some other questions concerning the certificates shown on transparencyreport.google.com
... seems to be showing several certificates .... not sure what that means,
any way, I better stop here.
I would like to fully understand this, as well as get it working !
Many thanks.
David.