Choose redirect http to https but its not working

nastypasty · October 15, 2018, 4:49pm

Yop it said Congratulations!

   - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/cnews.at/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/cnews.at/privkey.pem
   Your cert will expire on 2019-01-13. To obtain a new or tweaked
   version of this certificate in the future, simply run
   letsencrypt-auto again with the "certonly" option. To
   non-interactively renew *all* of your certificates, run
   "letsencrypt-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Edit: https://cnews.at works like it should but why can I reach http://news.at as well?

rg305 · October 15, 2018, 4:50pm

Please show:
/etc/letsencrypt/live/cnews.at/fullchain.pem

nastypasty · October 15, 2018, 4:52pm

rg305 · October 15, 2018, 4:52pm

Success! That cert is what you requested.

You only included those two names in that one cert.
How did you create the cert for news.at?

nastypasty · October 15, 2018, 4:53pm

I dont know? I only made it for these two.

rg305 · October 15, 2018, 4:54pm

I'm confused...
Is there a TYPO in there?
Please explain the trouble.

nastypasty · October 15, 2018, 4:55pm

Why is http://cnews.at reachable I want every http request to be redirect to https. http://www.cnews.at is now also reachable why is that? It wasn’t before!? I choose the option 2 to redirect every http request to https I dont understand this.

rg305 · October 15, 2018, 4:57pm

OK!
That’s HTTP > HTTPS redirection.
I can help with that.

Please show the HTTP vhost config file.

nastypasty · October 15, 2018, 4:58pm

Where is it located?

rg305 · October 15, 2018, 4:59pm

grep -Eri 'cnews.at|servername|serveralias' /etc/apache2

or maybe something like…
grep -Eri 'cnews.at|servername|serveralias' /httpd/
grep -Eri 'cnews.at|servername|serveralias' /etc/httpd

if no luck, try:
find / -name apache*

nastypasty · October 15, 2018, 5:00pm

No such file or directory

Normally letsencrypt should set this up automatically?

Edit:

     /etc/httpd/conf/httpd.conf:#ServerName www.example.com:80
    /etc/httpd/conf.d/cryptonews.conf:  ServerName www.cnews.at
    /etc/httpd/conf.d/cryptonews.conf:  ServerAlias cnews.at
    /etc/httpd/conf.d/cryptonews.conf:  RewriteCond %{SERVER_NAME} =www.cnews.at [OR]
    /etc/httpd/conf.d/cryptonews.conf:  RewriteCond %{SERVER_NAME} =cnews.at
    /etc/httpd/conf.d/cryptonews-le-ssl.conf:  ServerName www.cnews.at
    /etc/httpd/conf.d/cryptonews-le-ssl.conf:  ServerAlias cnews.at
    /etc/httpd/conf.d/cryptonews-le-ssl.conf:SSLCertificateFile /etc/letsencrypt/live/cnews.at/cert.pem
    /etc/httpd/conf.d/cryptonews-le-ssl.conf:SSLCertificateKeyFile /etc/letsencrypt/live/cnews.at/privkey.pem
    /etc/httpd/conf.d/cryptonews-le-ssl.conf:SSLCertificateChainFile /etc/letsencrypt/live/cnews.at/chain.pem
    /etc/httpd/conf.d/ssl.conf:#ServerName www.example.com:443

rg305 · October 15, 2018, 5:02pm

It “should”; but can be easily confused, if you have a complicated vhost setup.

OK.
Show:
/etc/httpd/conf.d/cryptonews.conf

nastypasty · October 15, 2018, 5:05pm

<VirtualHost *:80>

  DocumentRoot "/var/www/cryptonews/public"
  ServerName www.cnews.at
  ServerAlias cnews.at

  <Directory "/var/www/cryptonews/public">

    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Require all granted

    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.html$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.html [L]

  </Directory>
  RewriteCond %{SERVER_NAME} =www.cnews.at [OR]
  RewriteCond %{SERVER_NAME} =cnews.at
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

rg305 · October 15, 2018, 5:09pm

That seems to be correct…
Let’s see if there are any other vhost configs that may be in conflict:
grep -Eri 'VirtualHost|servername|serveralias' /etc/httpd/

nastypasty · October 15, 2018, 5:10pm

/etc/httpd/conf.d/cryptonews.conf:<VirtualHost *:80>
/etc/httpd/conf.d/cryptonews.conf:  ServerName www.cnews.at
/etc/httpd/conf.d/cryptonews.conf:  ServerAlias cnews.at
/etc/httpd/conf.d/cryptonews.conf:</VirtualHost>
/etc/httpd/conf.d/cryptonews-le-ssl.conf:<VirtualHost *:443>
/etc/httpd/conf.d/cryptonews-le-ssl.conf:  ServerName www.cnews.at
/etc/httpd/conf.d/cryptonews-le-ssl.conf:  ServerAlias cnews.at
/etc/httpd/conf.d/cryptonews-le-ssl.conf:</VirtualHost>
/etc/httpd/conf.d/ssl.conf:<VirtualHost _default_:443>
/etc/httpd/conf.d/ssl.conf:#ServerName www.example.com:443
/etc/httpd/conf.d/ssl.conf:</VirtualHost>

rg305 · October 15, 2018, 5:10pm

Have you restarted apache?
Since you choose #2?

nastypasty · October 15, 2018, 5:13pm

Yep! Did service httpd restart

rg305 · October 15, 2018, 5:15pm

Then I can only guess at the problem…

Guess #1:
The “order” matters.
move the redirect lines up higher (right after serveralias).

Guess #2:
Apache 2.4.6 can’t do what we are asking it to do.
maybe the syntax is not proper.

nastypasty · October 15, 2018, 5:15pm

It worked already …for www.cnews.at

Edit: You mean this

RewriteCond %{SERVER_NAME} =www.cnews.at [OR]
  RewriteCond %{SERVER_NAME} =cnews.at
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

rg305 · October 15, 2018, 5:17pm

Yes.
Maybe moving those 3 lines up - right after serveralias.