Could not reverse map the HTTPS VirtualHost to the original


#1

My domain is: suaempresanasnuvens.com

I ran this command: sudo certbot --apache

It produced this output:

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.suaempresanasnuvens.com
Waiting for verification...
Cleaning up challenges
Could not reverse map the HTTPS VirtualHost to the original

IMPORTANT NOTES:
 - Unable to install the certificate
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/www.suaempresanasnuvens.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/www.suaempresanasnuvens.com/privkey.pem
   Your cert will expire on 2018-10-25. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"

My web server is (include version): apache

The operating system my web server runs on is (include version): ubuntu 14.04.5

My hosting provider, if applicable, is: Apache2

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

I was able to install the certificates for my other websites but this one is giving me trouble. he was not showing on the list of sites available at fist so I edited the apache .conf file removing all the mentions of variables that it contained and replacing them for the real thing. This made the domain show up on the list but then this error shows up.

I searched through similar posts but they all had really unique things about them that I was not sure they applied to mine. I’m stuck on this for about a week.

Here is the virtualhost configuration

<VirtualHost *:80>
    # Configurar domĂ­nio
    ServerName suaempresanasnuvens.com
    ServerAlias www.suaempresanasnuvens.com
    ServerAlias m.suaempresanasnuvens.com

    DocumentRoot /var/www/html/sites/adds

    <Directory /var/www/html/sites/adds>
            Options Indexes FollowSymLinks
            AllowOverride All
            Order Allow,Deny
            Allow from all
    </Directory>
    ServerAdmin noreply@waid.com.br
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

adding the certificate has the added effect that when I change the default of the webstite to https it redirects me instead to another of my websites, one that has a certificate.


#2

Hi,

Do you have a https virtual host for this domain? (suaempresanasnuvens.com)

Thank you


#3

I’m not sure, I think I’ll need to look into this to find out how to answer you.


#4

That is the only virtual host configuration for this website, how do I check if it has a https virtual host? Having a hard time finding the answer.


#5

Hi @direclaw

do you have a VirtualHost *:443 with your ServerName suaempresanasnuvens.com and SSLEngine on?

If not, the Standard-443-configuration is used -> perhaps the certificate is wrong.

https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html


#6

following the tutorial I added this to my conf file, is this correct?


#7

It just redirects me to another of my websites with ssl. I’ll go deeper into the tutorial you gave me.


#8

Now it’s better:

https://www.suaempresanasnuvens.com/

Your certificate is correct:

DNS-Name: suaempresanasnuvens.com
DNS-Name: www.suaempresanasnuvens.com

But it looks like a DocumentRoot is missing.

The documentation of SSL doesn’t show all parameters of the normal VirtualHost


#9

Did this trying to replicate the :80 but it made my server crash, I disabled this website and it went back up
configtest says syntax is ok


#10

without the extra this is what show up. the certificate seems to be working but the website is down

image


#11

There is a message showing up after I disable the site after the server craches

httpd not running, trying to start


#12

Is your DocumentRoot really correct?

Not something like

/var/www/html/sites/www.suaempresanasnuvens.com

Or do you have a content management system?


#13

I need to check, I kinda inherited this server. The virtual host for the *:80 worked fine with this configuration below, I don’t know if this is the way to check.

image


#14

But the port 80 has a redirect. So I don’t see any content.

So the DocumentRoot is irrelevant.

Remove the redirect, then you can check, if it is the correct content.


#15

is this the redirect you are talking about?

 <Directory /var/www/html/sites/adds>
            Options Indexes FollowSymLinks
            AllowOverride All
            Order Allow,Deny
            Allow from all
    </Directory>

if I understood correctly I need to remove this and check if the website is still working. is this correct? Or is the redirect somewhere else?

Here is the complete file before and after changes and the a file from a website that ssl is working on my server

conf file from a website with ssl working on the same server

        #
        # Expires module
        #
        #ExpiresActive On
        #ExpiresByType image/gif "access plus 1 months"
        #ExpiresByType image/jpg "access plus 1 months"
        #ExpiresByType image/jpeg "access plus 1 months"
        #ExpiresByType image/png "access plus 1 months"
        #ExpiresByType image/vnd.microsoft.icon "access plus 1 months"
        #ExpiresByType image/x-icon "access plus 1 months"
        #ExpiresByType image/ico "access plus 1 months"
        #ExpiresByType application/javascript "now plus 1 months"
        #ExpiresByType application/x-javascript "now plus 1 months"
        #ExpiresByType text/javascript "now plus 1 months"
        #ExpiresByType text/css "now plus 1 months"
        #ExpiresDefault "access plus 1 days"
    #
    # Deflate
    #
    #AddOutputFilterByType DEFLATE text/plain
    #AddOutputFilterByType DEFLATE text/html
    #AddOutputFilterByType DEFLATE text/xml
    #AddOutputFilterByType DEFLATE text/css
    #AddOutputFilterByType DEFLATE application/xml
    #AddOutputFilterByType DEFLATE application/xhtml+xml
#AddOutputFilterByType DEFLATE application/rss+xml
#AddOutputFilterByType DEFLATE application/javascript
#AddOutputFilterByType DEFLATE application/x-javascript
#AddOutputFilterByType DEFLATE application/ecmascript

<IfModule mod_deflate.c>
        SetOutputFilter DEFLATE

        # Don't gzip
        SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
        SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary

        #Dealing with proxy servers
        <IfModule mod_headers.c>
                Header append Vary User-Agent
        </IfModule>
</IfModule>

#
# ETAG
#
<Directory /var/www/html/weye/public/images/>
        FileETag MTime Size

        # Set PHP to not use cokkies
        SetEnv session.use_cookies='0';

        #CacheIgnoreHeaders None
        <ifmodule mod_expires.c>
                <filesmatch "\.(jpg|gif|png|ico|css|js)$">
                        ExpiresActive on
                        ExpiresDefault "access plus 1 months"
                        Header unset Cookie
                        Header unset Set-Cookie
                        RequestHeader unset Cookie
                </filesmatch>
        </ifmodule>
</Directory>

<Directory /var/www/html/weye/public/scripts/>
        FileETag MTime Size

        # Set PHP to not use cokkies
        SetEnv session.use_cookies='0';

        # CacheIgnoreHeaders None
        <ifmodule mod_expires.c>
                <filesmatch "\.(jpg|gif|png|ico|css|js)$">
                        ExpiresActive on
                        ExpiresDefault "access plus 1 months"
                        Header unset Cookie
                        Header unset Set-Cookie
                        RequestHeader unset Cookie
                </filesmatch>
        </ifmodule>
</Directory>

<Directory /var/www/html/weye/public/cache/>
        FileETag MTime Size

        # Set PHP to not use cokkies
        SetEnv session.use_cookies='0';

        # CacheIgnoreHeaders None
        <ifmodule mod_expires.c>
                <filesmatch "\.(jpg|gif|png|ico|css|js)$">
                        ExpiresActive on
                        ExpiresDefault "access plus 1 months"
                        Header unset Cookie
                        Header unset Set-Cookie
                        RequestHeader unset Cookie
                </filesmatch>
        </ifmodule>
</Directory>


<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName weye.com.br
        ServerAlias www.weye.com.br

        ServerAdmin noreply@waid.com.br
        DocumentRoot /var/www/html/weye/public

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

        <Directory /var/www/html/weye/public>
                Options Indexes FollowSymLinks
                AllowOverride All
                Order Allow,Deny
                Allow from all
        </Directory>


RewriteEngine on
RewriteCond %{SERVER_NAME} =weye.com.br [OR]
RewriteCond %{SERVER_NAME} =www.weye.com.br
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Unaltered conf file from a similar website on the same server without ssl

#
# Altere as configurações abaixo onde for solicitado, em seguida
#
# Para ativar o site utilize o comando
# sudo a2ensite 00x-weye-nome-do-site.conf
#
# Em seguida altere no projeto o arquivo core.php
# Para indicar a nova URL Base
#
# No htacess da raiz do site, altere o parâmetro a seguir
# RewriteBase /nomedosite
# para
# RewriteBase /
#
# ApĂłs tudo configurado reinicie o apache
# sudo apachectl restart
#

# Colocar nome da pasta do site na variável abaixo
Define site_path /var/www/html/sites/pousadadonarosa

# Colocar domĂ­nio do site
Define site_domain pousadadonarosa.com.br



###############
# NĂŁo alterar #
###############

<VirtualHost *:80>
        # Configurar domĂ­nio
        ServerName ${site_domain}
        ServerAlias www.${site_domain}
        ServerAlias m.${site_domain}

        DocumentRoot ${site_path}

        <Directory ${site_path}>
                Options Indexes FollowSymLinks
                AllowOverride All
                Order Allow,Deny
                Allow from all
        </Directory>
        ServerAdmin noreply@waid.com.br
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<IfModule mod_deflate.c>
        SetOutputFilter DEFLATE

        # Don't gzip
        SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
        SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary

        #Dealing with proxy servers
        <IfModule mod_headers.c>
                Header append Vary User-Agent
        </IfModule>
</IfModule>

#
# ETAG
#
<Directory ${site_path}/public/images/>
        FileETag MTime Size

        # Set PHP to not use cokkies
        SetEnv session.use_cookies='0';

        #CacheIgnoreHeaders None
        <ifmodule mod_expires.c>
                <filesmatch "\.(jpg|gif|png|ico|css|js)$">
                        ExpiresActive on
                        ExpiresDefault "access plus 1 months"
                        Header unset Cookie
                        Header unset Set-Cookie
                        RequestHeader unset Cookie
                </filesmatch>
        </ifmodule>
</Directory>

<Directory ${site_path}/public/scripts/>
        FileETag MTime Size

        # Set PHP to not use cokkies
        SetEnv session.use_cookies='0';

        # CacheIgnoreHeaders None
        <ifmodule mod_expires.c>
                <filesmatch "\.(jpg|gif|png|ico|css|js)$">
                        ExpiresActive on
                        ExpiresDefault "access plus 1 months"
                        Header unset Cookie
                        Header unset Set-Cookie
                        RequestHeader unset Cookie
                </filesmatch>
        </ifmodule>
</Directory>

<Directory  ${site_path}/public/cache/>
        FileETag MTime Size

        # Set PHP to not use cokkies
        SetEnv session.use_cookies='0';

        # CacheIgnoreHeaders None
        <ifmodule mod_expires.c>
                <filesmatch "\.(jpg|gif|png|ico|css|js)$">
                        ExpiresActive on
                        ExpiresDefault "access plus 1 months"
                        Header unset Cookie
                        Header unset Set-Cookie
                        RequestHeader unset Cookie
                </filesmatch>
        </ifmodule>
</Directory>

<Directory  ${site_path}/public/upload/>
        FileETag MTime Size

        # Set PHP to not use cokkies
        SetEnv session.use_cookies='0';

        # CacheIgnoreHeaders None
        <ifmodule mod_expires.c>
                <filesmatch "\.(jpg|gif|png|ico|css|js)$">
                        ExpiresActive on
                        ExpiresDefault "access plus 1 months"
                        Header unset Cookie
                        Header unset Set-Cookie
                        RequestHeader unset Cookie
                        RequestHeader unset Cookie
                </filesmatch>
        </ifmodule>
</Directory>

altered conf file that is still not working

#
# Altere as configurações abaixo onde for solicitado, em seguida
#
# Para ativar o site utilize o comando
# sudo a2ensite 00x-weye-nome-do-site.conf
#
# Em seguida altere no projeto o arquivo core.php
# Para indicar a nova URL Base
#
# No htacess da raiz do site, altere o parâmetro a seguir
# RewriteBase /nomedosite
# para
# RewriteBase /
#
# ApĂłs tudo configurado reinicie o apache
# sudo apachectl restart
#

# Colocar nome da pasta do site na variável abaixo
Define site_path /var/www/html/sites/adds

# Colocar domĂ­nio do site
Define site_domain suaempresanasnuvens.com



###############
# NĂŁo alterar #
###############

<VirtualHost *:80>
        # Configurar domĂ­nio
        ServerName suaempresanasnuvens.com
        ServerAlias www.suaempresanasnuvens.com
        ServerAlias m.suaempresanasnuvens.com

        DocumentRoot /var/www/html/sites/adds

        <Directory /var/www/html/sites/adds>
                Options Indexes FollowSymLinks
                AllowOverride All
                Order Allow,Deny
                Allow from all
        </Directory>
        ServerAdmin noreply@waid.com.br
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Listen 443
<VirtualHost *:443>
    ServerName suaempresanasnuvens.com
    ServerAlias www.suaempresanasnuvens.com
    ServerAlias m.suaempresanasnuvens.com

    DocumentRoot /var/www/html/sites/adds
    <Directory /var/www/html/sites/adds>
                Options Indexes FollowSymLinks
                AllowOverride All
                Order Allow,Deny
                Allow from all
        </Directory>

    SSLEngine on
    SSLCertificateFile "/etc/letsencrypt/live/suaempresanasnuvens.com/fullchain.pem"
    SSLCertificateKeyFile "/etc/letsencrypt/live/suaempresanasnuvens.com/privkey.pem"
</VirtualHost>

<IfModule mod_deflate.c>
        SetOutputFilter DEFLATE

        # Don't gzip
        SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
        SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary

        #Dealing with proxy servers
        <IfModule mod_headers.c>
                Header append Vary User-Agent
        </IfModule>
</IfModule>

#
# ETAG
#
<Directory /var/www/html/sites/adds/public/images/>
        FileETag MTime Size

        # Set PHP to not use cokkies
        SetEnv session.use_cookies='0';

        #CacheIgnoreHeaders None
        <ifmodule mod_expires.c>
                <filesmatch "\.(jpg|gif|png|ico|css|js)$">
                        ExpiresActive on
                        ExpiresDefault "access plus 1 months"
                        Header unset Cookie
                        Header unset Set-Cookie
                        RequestHeader unset Cookie
                </filesmatch>
        </ifmodule>
</Directory>

<Directory /var/www/html/sites/adds/public/scripts/>
        FileETag MTime Size

        # Set PHP to not use cokkies
        SetEnv session.use_cookies='0';

        # CacheIgnoreHeaders None
        <ifmodule mod_expires.c>
                <filesmatch "\.(jpg|gif|png|ico|css|js)$">
                        ExpiresActive on
                        ExpiresDefault "access plus 1 months"
                        Header unset Cookie
                        Header unset Set-Cookie
                        RequestHeader unset Cookie
                </filesmatch>
        </ifmodule>
</Directory>

<Directory  /var/www/html/sites/adds/public/cache/>
        FileETag MTime Size

        # Set PHP to not use cokkies
        SetEnv session.use_cookies='0';

        # CacheIgnoreHeaders None
        <ifmodule mod_expires.c>
                <filesmatch "\.(jpg|gif|png|ico|css|js)$">
                        ExpiresActive on
                        ExpiresDefault "access plus 1 months"
                        Header unset Cookie
                        Header unset Set-Cookie
                        RequestHeader unset Cookie
                </filesmatch>
        </ifmodule>
</Directory>

<Directory  /var/www/html/sites/adds/public/upload/>
        FileETag MTime Size

        # Set PHP to not use cokkies
        SetEnv session.use_cookies='0';

        # CacheIgnoreHeaders None
        <ifmodule mod_expires.c>
                <filesmatch "\.(jpg|gif|png|ico|css|js)$">
                        ExpiresActive on
                        ExpiresDefault "access plus 1 months"
                        Header unset Cookie
                        Header unset Set-Cookie
                        RequestHeader unset Cookie
                        RequestHeader unset Cookie
                </filesmatch>
        </ifmodule>
</Directory>

#16

This is not a redirect or rewrite-rule. This is a rewrite-rule

RewriteEngine on
RewriteCond %{SERVER_NAME} =weye.com.br [OR]
RewriteCond %{SERVER_NAME} =www.weye.com.br
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Now you have a redirect from / to http://www.suaempresanasnuvens.com/institutional/index/index/

So the content is visible. But https doesn’t work.


#17

Is this it then? This is the .htaccess file

Options +FollowSymlinks
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /

    #RewriteCond %{QUERY_STRING} _escaped_fragment_=([^&]*)
    #RewriteRule ^$ /%1? [R,L,NE]

    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f

    RewriteRule ^sitemap-index\.xml$ public/sitemaps/sitemap-index.xml [R=301,L]
    RewriteRule ^sitemap\.xml$ public/sitemaps/sitemap-index.xml [R=301,L]

    RewriteRule ^favicon\.ico$ images/favicons/favicon.ico [R=301,L]
    RewriteRule ^favicon-16x16\.png$ images/favicons/favicon-16x16.png [R=301,L]
    RewriteRule ^favicon-32x32\.png$ images/favicons/favicon-32x32.png [R=301,L]
    RewriteRule ^favicon-96x96\.png$ images/favicons/favicon-96x96.png [R=301,L]

    RewriteRule ^android-icon-36x36\.png$ images/favicons/android-icon-36x36.png [R=301,L]
    RewriteRule ^android-icon-48x48\.png$ images/favicons/android-icon-48x48.png [R=301,L]
    RewriteRule ^android-icon-72x72\.png$ images/favicons/android-icon-72x72.png [R=301,L]
    RewriteRule ^android-icon-96x96\.png$ images/favicons/android-icon-96x96.png [R=301,L]
    RewriteRule ^android-icon-144x144\.png$ images/favicons/android-icon-144x144.png [R=301,L]
    RewriteRule ^android-icon-192x192\.png$ images/favicons/android-icon-192x192.png [R=301,L]

    RewriteRule ^apple-icon-57x57\.png$ images/favicons/apple-icon-57x57.png [R=301,L]
    RewriteRule ^apple-icon-60x60\.png$ images/favicons/apple-icon-60x60.png [R=301,L]
    RewriteRule ^apple-icon-72x72\.png$ images/favicons/apple-icon-72x72.png [R=301,L]
    RewriteRule ^apple-icon-76x76\.png$ images/favicons/apple-icon-76x76.png [R=301,L]
    RewriteRule ^apple-icon-114x114\.png$ images/favicons/apple-icon-114x114.png [R=301,L]
    RewriteRule ^apple-icon-120x120\.png$ images/favicons/apple-icon-120x120.png [R=301,L]
    RewriteRule ^apple-icon-144x144\.png$ images/favicons/apple-icon-144x144.png [R=301,L]
    RewriteRule ^apple-icon-152x152\.png$ images/favicons/apple-icon-152x152.png [R=301,L]
    RewriteRule ^apple-icon-180x180\.png$ images/favicons/apple-icon-180x180.png [R=301,L]
    RewriteRule ^apple-icon-precomposed\.png$ images/favicons/apple-icon-precomposed.png [R=301,L]
    RewriteRule ^apple-icon\.png$ images/favicons/apple-icon.png [R=301,L]

    RewriteRule ^ms-icon-70x70\.png$ images/favicons/ms-icon-70x70.png [R=301,L]
    RewriteRule ^ms-icon-144x144\.png$ images/favicons/ms-icon-144x144.png [R=301,L]
    RewriteRule ^ms-icon-150x150\.png$ images/favicons/ms-icon-150x150.png [R=301,L]
    RewriteRule ^ms-icon-310x310\.png$ images/favicons/ms-icon-310x310.png [R=301,L]

    RewriteRule ^manifest\.json$ images/favicons/manifest.json [R=301,L]
    RewriteRule ^browserconfig\.xml$ images/favicons/browserconfig.xml [R=301,L]

    RewriteRule ^$ public/ [L]
    RewriteRule (.*) public/$1 [L]
</IfModule>

#18

Now it works.

https://www.suaempresanasnuvens.com/institutional/index/index/

has a Letsencrypt - certificate, created today.


#19

I did it. Don’t know exactly how, here are my step by step:

I commented all the virtual box :443 configurations
I removed the listen 443
I changed the server name variables of the :80 to their content
I used the command sudo certbot
selected the domains
an error happens
I uncomment the :443 configurations
I use the command sudo apachectl restart
I change the default to https on the configuration file


#21

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.