Certs not working anymore

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: Jonesboroweather.com

I ran this command: sudo certbot certificates

It produced this output: It Does return 5 valid Certs

I get Assessment failed: No secure protocols supported, when I run a test from SSL Labs

My web server is (include version):Apache/2.4.62 (Ubuntu)The operating system my web server runs on is (include version): Ubunto 24.04.3

My hosting provider, if applicable, is: NA Server is local on site

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no Control Panel unless I am in WEBMIN

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.9.0

This did work for a couple years Just dont know where it broke

In Case this helps

$ apache2ctl -S
VirtualHost configuration:
*:443 is a NameVirtualHost
default server hurricanepub.com (/etc/apache2/sites-enabled/hurricanepub.com.conf:1)
port 443 namevhost hurricanepub.com (/etc/apache2/sites-enabled/hurricanepub.com.conf:1)
port 443 namevhost jonesboroweather.com (/etc/apache2/sites-enabled/jonesboroweather.com-le-ssl.conf:2)
alias www.jonesboroweather.com
port 443 namevhost scpweather.com (/etc/apache2/sites-enabled/scpweather.com-le-ssl.conf:2)
alias www.scpweather.com
port 443 namevhost speed-stream.com (/etc/apache2/sites-enabled/speed-stream.com.conf:20)
:80 is a NameVirtualHost
default server 192.168.2.13 (/etc/apache2/sites-enabled/000-local.conf:1)
port 80 namevhost 192.168.2.13 (/etc/apache2/sites-enabled/000-local.conf:1)
alias 192.168.2.13
wild alias 192.168.2.
port 80 namevhost jonesboroweather.com (/etc/apache2/sites-enabled/jonesboroweather.com-le-ssl.conf:17)
alias www.jonesboroweather.com
port 80 namevhost scpweather.com (/etc/apache2/sites-enabled/scpweather.com.conf:1)
alias www.scpweather.com
port 80 namevhost speed-stream.com (/etc/apache2/sites-enabled/speed-stream.com.conf:1)
alias www.speed-stream.com
port 80 namevhost hurricanepub.com (/etc/apache2/sites-enabled/webmin.1753459784.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33 not_used
Group: name="www-data" id=33 not_used

2

Do you have a router involved in this setup? Have you recently changed it?

Because it looks like port 443 (for HTTPS) is getting sent to your Apache on port 80.

Other networking config and gear can do this too. Check anything you changed recently

# HTTP is fine (port 80)
curl -i http://jonesboroweather.com
HTTP/1.1 200 OK

# HTTPS fails (port 443)
curl -i https://jonesboroweather.com
curl: (35) error:0A00010B:SSL routines::wrong version number

# But HTTP request to port 443 works.  It should not
curl -i http://jonesboroweather.com:443
HTTP/1.1 200 OK
2 Likes
3

Yes there is a router and 443 and 80 are forwarded to the web server adddress

Also this is all changed I just moved to this state with all my equipment months ago took a while to get my fibre line in

Could it me in a config file ??

Also here is what my output was

jonesboroweather web@7webl:~$ curl -i https://jonesboroweather.com curl: (35) OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number
4

But do they forward from 443 to 443 on your server and from 80 to 80.

Or do both ports 443 and 80 forward to 80. Because if you did this it would explain what you see. We see this common mistake fairly often

2 Likes
5

Same as I always have done

screen
screen977×173 30.4 KB

6

Would you post contents of this file. This is where both your port 80 and port 443 VirtualHost are defined

Worth seeing this one too

And output of this

sudo ss -pant | grep -i listen | grep -Ei ':80|:443|apache|http'
2 Likes
7

~$ sudo ss -pant | grep -i listen | grep -Ei ':80|:443|apache|http'
[sudo] password for web:
LISTEN 0 511 *:443 : users:(("apache2",pid=46997,fd=6),("apache2",pid=46996,fd=6),("apache2",pid=46991,fd=6),("apache2",pid=46990,fd=6),("apache2",pid=46989,fd=6),("apache2",pid=46985,fd=6),("apache2",pid=46984,fd=6),("apache2",pid=46980,fd=6),("apache2",pid=39234,fd=6),("apache2",pid=26735,fd=6),("apache2",pid=26257,fd=6),("apache2",pid=26119,fd=6),("apache2",pid=2146,fd=6))
LISTEN 0 511 *:80 : users:(("apache2",pid=46997,fd=4),("apache2",pid=46996,fd=4),("apache2",pid=46991,fd=4),("apache2",pid=46990,fd=4),("apache2",pid=46989,fd=4),("apache2",pid=46985,fd=4),("apache2",pid=46984,fd=4),("apache2",pid=46980,fd=4),("apache2",pid=39234,fd=4),("apache2",pid=26735,fd=4),("apache2",pid=26257,fd=4),("apache2",pid=26119,fd=4),("apache2",pid=2146,fd=4))

8

Thank You so much for your help Im lost here

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerAdmin john@ssitmail.com
        ServerName jonesboroweather.com
        ServerAlias www.jonesboroweather.com
        DocumentRoot /var/www/scpweather.com
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLCertificateFile /etc/letsencrypt/live/jonesboroweather.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/jonesboroweather.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerAdmin john@ssitmail.com
ServerName jonesboroweather.com
ServerAlias www.jonesboroweather.com
DocumentRoot /var/www/scpweather.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>
</IfModule>
9

le ss conf
le ss conf757×585 98.7 KB

10

Thanks for the image of that config. Our forum has recently changed the default editor used for posts and it is causing more problems than it solves. We'll take that up with forum admins.

I was able to fix your original one with text. That's easier for us to work with.

Give me a minute to ponder the next step

2 Likes
11

Oh, you are missing this line from your port 443 VirtualHost. Put this just before the two lines for the certificates

SSLEngine on

Restart Apache after and it should be ok. Let us know

2 Likes
12

Not sure where you want that I have had a lot of files open

13

Right before those two lines.

2 Likes
14

It Looks like this now, still no go I am going to reboot the whole server and retest

ServerAdmin john@ssitmail.com ServerName jonesboroweather.com ServerAlias www.jonesboroweather.com DocumentRoot /var/www/scpweather.com ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/jonesboroweather.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/jonesboroweather.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

<VirtualHost *:80>
ServerAdmin john@ssitmail.com
ServerName jonesboroweather.com
ServerAlias www.jonesboroweather.com
DocumentRoot /var/www/scpweather.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

15

Did you restart apache after making that change as I'd instructed?

Now that you are rebooting that will take care of that. But, in case that doesn't work it will help to know for next step

1 Like
16

Still no go still getting

curl: (35) OpenSSL/3.0.13: error:0A00010B:SSL routines::wrong version number

17

Okay. What does this show

sudo apache2ctl -t -D DUMP_VHOSTS
1 Like
18

new conf
new conf945×443 143 KB

19

Yes I rebooted and

~$ sudo apache2ctl -t -D DUMP_VHOSTS
VirtualHost configuration:

*:443                  is a NameVirtualHost
         default server hurricanepub.com (/etc/apache2/sites-enabled/hurricanepub.com.conf:1)
         port 443 namevhost hurricanepub.com (/etc/apache2/sites-enabled/hurricanepub.com.conf:1)
         port 443 namevhost jonesboroweather.com (/etc/apache2/sites-enabled/jonesboroweather.com-le-ssl.conf:2)
                 alias www.jonesboroweather.com
         port 443 namevhost scpweather.com (/etc/apache2/sites-enabled/scpweather.com-le-ssl.conf:2)
                 alias www.scpweather.com
         port 443 namevhost speed-stream.com (/etc/apache2/sites-enabled/speed-stream.com.conf:20)
*:80                   is a NameVirtualHost
         default server 192.168.2.13 (/etc/apache2/sites-enabled/000-local.conf:1)
         port 80 namevhost 192.168.2.13 (/etc/apache2/sites-enabled/000-local.conf:1)
                 alias 192.168.2.13
                 wild alias 192.168.2.*
         port 80 namevhost jonesboroweather.com (/etc/apache2/sites-enabled/jonesboroweather.com-le-ssl.conf:17)
                 alias www.jonesboroweather.com
         port 80 namevhost scpweather.com (/etc/apache2/sites-enabled/scpweather.com.conf:1)
                 alias www.scpweather.com
         port 80 namevhost speed-stream.com (/etc/apache2/sites-enabled/speed-stream.com.conf:1)
                 alias www.speed-stream.com
         port 80 namevhost hurricanepub.com (/etc/apache2/sites-enabled/webmin.1753459784.conf:1)
20

Hmm. I still think that port 443 requests are wrongly being redirected to port 80.

The SSLEngine on is required but none of your domains reply properly to HTTPS

Do you have any kind of firewall that might affect port 80/443 routing?

Or are you using iptables?

And is this the file you updated? (or its sites-available companion?)

/etc/apache2/sites-enabled/jonesboroweather.com-le-ssl.conf
1 Like