I have an SLL certificate installed in my Apache server in Ubunutu 16.04 LTS, in VPS. During the install process I selected the option where I can switch between http and https, that is, no https forcing. But now I would like to know what is the correct procedure to change this configuration, how to set it to force https. Do I need to delete the certificate using sudo certbot delete? Or would I use the same method of installation again: sudo certbot --apache and then selecting the option to force https? And what if I wanna go back to avoid this https forcing, considering that I tried this once, and it didn’t work, I don’t know if it was because of the cache in my browser or of the cache in my web server…
1 Like
To set it, you use this command:
sudo certbot enhance --redirect
To revert it, you go looking in your apache config and delete the appropriate lines. Just know that you can’t easily revert it if you enable HSTS.
1 Like
Yes, exactly. That's my fear! It's because I did what you're recommending to do: "go looking in your apache config and delete the appropriate lines", but which lines? Is it something located in /etc/apache2/ ? Or those lines in the config or ,htaccess that force the https? I've tried to find those lines but with no success. Once, I did this: I uninstalled the certificate using sudo delete certbot or something like that and this spoilt my Apache, I had to reinstalled the OS again and restore the server and set all the configuration again.
1 Like
There are comments around and at the end identifying them as being put there by certbot. They should be in some file in /etc/apache2/sites-available -- the same comments identify the lines which set your certificate, so don't delete them all, just the redirect.
This was an error, because apache expected the certificates in some location, and it refused to start without them. You should have disabled the https virtualhosts before doing that. (and then, it was pointless removing certbot).
Just don't enable hsts if you're worried about not being able to stay on https.
1 Like
Ok, it makes sense, because Apache couldn’t be restarted again.after the deletion procedure. You said ‘Just don’t enable hsts’. What is this HSTS and where is this located? And, yes, I went exactly to this path /etc/apache2/sites-available, but I couldn’t find any .htaccess there, but only a config file, and I’d tried to look up those said lines, with no sucess. Speaking of which, how can I look up for a word or piece of text inside my SSH terminal, which shortcut keys should I press?
1 Like
Besides that, all I could find inside /etc/apache2/sites-available was these three stuff:
Which of these files do I have to deal with just to change such redirect part.
1 Like
It's enabled by putting a line of text in your webserver config. It's off by default.
From your terminal I don't know. -- if you're looking for something in a file on your server, you should run this command: man grep and read how it works. (exit with q).
You should read all of them, together with the documentation for apache: Apache HTTP Server Version 2.4 Documentation - Apache HTTP Server Version 2.4
1 Like
Ok. Currently, my website is set to accept both http and https connections. I’ve opened this file here (default-ssl.conf), and it’s totally blank.
I’m wondering if this file wouldn’t be blank in case I had chosen to force https during SSL certificate installation. Is that so?
And yes, I’ll read the whole documentation of Apache. As for the HSTS part, let me see if I understood: in case I want to enable it, I just add that line you mentioned in webserver config, right? What is exactly this ‘webserver config’, the php.ini or the Apache config itself? Where is it located generally?
1 Like
It's not: read the black on white line near the end of the screen.
Apache config. Usually.
Don't touch that please, only bad things come from touching that directory.
1 Like
Ok, sir, I will open it no more 
As for the certificate, which of these is the certificate? I downloaded those files:
@9peppe It’s not: read the black on white line near the end of the screen.
Lol, you're right, it's not blank, I just forgot to read the white line and press Y. Thank you, sir
1 Like
it tells apache to serve the website as https.
1 Like
What if I change that to OFF? What will happen?
1 Like
It will happen that if you try to connect to your website over https your browser wiill throw an error and say:
Hey, you say https, but this webserver is speaking plain http on a port (443) that's supposed to be https.
1 Like
Ok, so I’ll leave it at that.
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.