Good morning!
I'm trying to get a new installation up and running. I added the virtual host for port 80, and have otherwise made no changes to my server configuration. Two things appear to be going wrong; I have no idea whether or not they are possibly related.
- I get a connection reset by peer error when certbot attempts to https to supporters.eff.org.
- I get an infinite redirection loop when I try to connect to my site securely; no redirection appears to be happening when I connect insecurely.
I observe from other posts that (1) is probably a firewall issue; I'm looking into it, but any other insight would be appreciated.
For (2), I've tried a variety of things that I've found in the forums here, but nothing has worked yet. The contents of my conf files follow.
<VirtualHost *:80>
ServerName rssl.ece.mcgill.ca
Redirect / https://rssl.ece.mcgill.ca
RewriteEngine on
RewriteCond %{SERVER_NAME} =rssl.ece.mcgill.ca
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName rssl.ece.mcgill.ca
Redirect / https://rssl.ece.mcgill.ca
SSLCertificateFile /etc/letsencrypt/live/rssl.ece.mcgill.ca/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/rssl.ece.mcgill.ca/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/rssl.ece.mcgill.ca/chain.pem
</VirtualHost>
</IfModule>
Thank you for your time!!
Brett
=-=-=
My domain is: rssl.ece.mcgill.ca
I ran this command: sudo /var/lib/snapd/snap/bin/certbot -v --apache
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: rssl.ece.mcgill.ca
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Certificate not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/rssl.ece.mcgill.ca.conf)
What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Deploying certificate
Created an SSL vhost at /etc/httpd/conf.d/rssl.ece.mcgill.ca-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpd/conf.d/rssl.ece.mcgill.ca-le-ssl.conf
Successfully deployed certificate for rssl.ece.mcgill.ca to /etc/httpd/conf.d/rssl.ece.mcgill.ca-le-ssl.conf
Redirecting vhost in /etc/httpd/conf.d/rssl.ece.mcgill.ca.conf to ssl vhost in /etc/httpd/conf.d/rssl.ece.mcgill.ca-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://rssl.ece.mcgill.ca
Subscribe to the EFF mailing list (email: brett.meyer@mcgill.ca).
An unexpected error occurred:
requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
There's more detail in the log:
2022-08-31 09:38:24,390:INFO:certbot._internal.eff:Subscribe to the EFF mailing list (email: brett.meyer@mcgill.ca).
2022-08-31 09:38:24,390:DEBUG:certbot._internal.eff:Sending POST request to https://supporters.eff.org/subscribe/certbot:
{'data_type': 'json', 'email': 'brett.meyer@mcgill.ca', 'form_id': 'eff_supporters_library_subscribe_form'}
2022-08-31 09:38:24,392:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): supporters.eff.org:443
2022-08-31 09:38:24,616:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/urllib3/connectionpool.py", line 703, in urlopen
httplib_response = self._make_request(
File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/urllib3/connectionpool.py", line 386, in _make_request
self._validate_conn(conn)
File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/urllib3/connectionpool.py", line 1040, in _validate_conn
conn.connect()
File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/urllib3/connection.py", line 416, in connect
self.sock = ssl_wrap_socket(
File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
ssl_sock = _ssl_wrap_socket_impl(
File "/var/lib/snapd/snap/certbot/2192/lib/python3.8/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/var/lib/snapd/snap/certbot/2192/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/var/lib/snapd/snap/certbot/2192/usr/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/var/lib/snapd/snap/certbot/2192/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ConnectionResetError: [Errno 104] Connection reset by peer
My web server is (include version): Apache/2.4.6 (CentOS)
The operating system my web server runs on is (include version): CentOS 7.9.2009 (Core)
I can login to a root shell on my machine (yes or no, or I don't know): no, but I can sudo
I'm using a control panel to manage my site: no -- ssh and command line
The version of my client is: 1.29.0