Cloud.reshaped.ch uses an invalid security certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

https://cloud.gut-haidehof.de/nextcloud

I ran this command:

sudo /usr/local/bin/certbot-auto --apache

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated)  (Enter 'c' to cancel): cloud.gut-haidehof.de
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cloud.gut-haidehof.de
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Enhancement redirect was already set.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://cloud.gut-haidehof.de

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=cloud.gut-haidehof.de

My web server is (include version):

Apache/2.4.25

The operating system my web server runs on is (include version):

debian 9

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

certbot 0.35.1

Every time i try to connect to cloud.gut-haidehof.de I am being redirected to cloud.reshaped.ch.

I had setup lets encrypt certificates for cloud.reshaped.ch before but without any success.

now It says that my cloud.gut-haidehof.de certificate is not valid for cloud.reshaped.ch (of course).

how can I remove the redirection from gut-haidehof to reshaped?

I already specified the correct domain in my sites-available/* directory.

many thanks in advance!

Hi @benjmanable

there is a redirect defined ( https://check-your-website.server-daten.de/?q=cloud.gut-haidehof.de ):

Domainname Http-Status redirect Sec. G
http://cloud.gut-haidehof.de/
91.35.199.24 302 https://cloud.reshaped.ch/ 0.063 E
https://cloud.gut-haidehof.de/
91.35.199.24 302 https://cloud.reshaped.ch/ 0.967 A
https://cloud.reshaped.ch/ -1 2.530 R
NameResolutionFailure - The remote name could not be resolved: ‘cloud.reshaped.ch’

http and https.

So first check your config

apachectl -S

to find your vHosts.

Then check these, where the redirect is defined. Perhaps you have a .htaccess.

1 Like

Hi @benjmanable,

Welcome to the community forum!

I believe there are several issues going on here.

  1. DNS
$ dig cloud.gut-haidehof.de +short
91.35.199.24
$ dig cloud.reshaped.ch +short
<no output>
  1. Apache vhost configuration: can you show me the output of apache2ctl -S please?

@JuergenAuer beat me to it :stuck_out_tongue: :racing_car:

2 Likes

Apache vhost configuration: can you show me the output of apache2ctl -S please?

output is:

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443                  cloud.gut-haidehof.de (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80                   127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl 
Mutex mpm-accept: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

What’s the content of both files?

There may be redirects defined.

default.conf:

<VirtualHost *:80>
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www
	
	#Redirect "/" "https://192.168.2.126/"
	Redirect "/" "https://cloud.gut-haidehof.de/"

	ErrorLog ${APACHE_LOG_DIR}/error.log
	#CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =cloud.gut-haidehof.de
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

default-le-ssl.conf:

<IfModule mod_ssl.c>
<VirtualHost *:443>
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www
	
	#Redirect "/" "https://192.168.2.126/"
	Redirect "/" "https://cloud.gut-haidehof.de"

	ErrorLog ${APACHE_LOG_DIR}/error.log
	#CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =cloud.reshaped.ch
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

ServerName cloud.gut-haidehof.de
SSLCertificateFile /etc/letsencrypt/live/cloud.gut-haidehof.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.gut-haidehof.de/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

In your port 443 vHost:

That’s wrong, normally, that’s a loop.

But it looks that this isn’t your complete configuration.

Because ( https://check-your-website.server-daten.de/?q=cloud.gut-haidehof.de )

Domainname Http-Status redirect Sec. G
http://cloud.gut-haidehof.de/
91.35.199.24 302 https://cloud.reshaped.ch/ 0.110 E
https://cloud.gut-haidehof.de/
91.35.199.24 302 https://cloud.reshaped.ch/ 1.000 A
https://cloud.reshaped.ch/ -1 2.453 R
NameResolutionFailure - The remote name could not be resolved: ‘cloud.reshaped.ch’

there is the wrong redirect again.

And your configuration is buggy, HSTS over http looks bad.

What says

apachectl configtest
apachectl fullstatus

apachectl configtest

says

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK

and

apachectl fullstatus

says

w3m: Can't load http://localhost:80/server-status.

there are still more files in the sites-available directory of apache:

nextcloud-ssl.conf

says

<VirtualHost *:443>
        ServerAdmin benjaminpreiss@protonmail.com
        DocumentRoot /var/www/nextcloud
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/nextcloud.crt
        SSLCertificateKeyFile /etc/apache2/ssl/nextcloud.key
</VirtualHost>

and

dietpi-nextcloud.conf

says

# Based on: https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#apache-web-server-configuration

# Redirect OCM/OCS provider requests to Nextcloud endpoint:
Redirect permanent /ocm-provider /nextcloud/ocm-provider
Redirect permanent /ocs-provider /nextcloud/ocs-provider

<Directory /var/www/nextcloud/>
        Options +FollowSymlinks
        AllowOverride All

        <IfModule mod_dav.c>
                Dav off
        </IfModule>

        SetEnv HOME /var/www/nextcloud
        SetEnv HTTP_HOME /var/www/nextcloud

</Directory>

So,

removing the
Redirect "/" "https://cloud.gut-haidehof.de"
entries in all
available-sites
made it work.

also (because i am using nextcloud) I had to add a trusted domain entry
2 => 'cloud.gut-haidehof.de',
in nextclouds
config/config.php

thanks for the perfect help!