Editing Vhost file creates errors and apache2 doesn't work after

TheErminK · September 11, 2019, 9:23am

Hello everyone, so the problem I have is when I try to reach my domain in https:// I get this error:

An error occurred during a connection to elami.mk. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

After some googling I found that it is probably a misconfiguration on the web server somewhere so I checked the .conf files and added these lines

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Put these lines here
/etc/sites/available/000-default.conf

This is my elami_mk.conf.conf file
<VirtualHost *:80>
servername elami.nl
serveralias
serveralias www.elami.nl *.elami.nl
ServerAdmin webmaster@elami.nl

ErrorLog ${APACHE_LOG_DIR}/web_website_url2.log
CustomLog ${APACHE_LOG_DIR}/web_website_url2.log combined
RedirectMatch permanent ^/(.*)$ http://elami.mk/$1

<VirtualHost *:80>
servername elami.mk
serveralias www.elami.mk *.elami.mk
ServerAdmin webmaster@elami.mk

    DocumentRoot /home/elami_mk/www/public_html
    <Directory />
            require all granted
            Options FollowSymLinks
            AllowOverride None
            Options +Indexes +FollowSymLinks +MultiViews +ExecCGI -MultiViews +SymLinksIfOwnerMatch
            AllowOverride All
            Order allow,deny
            Allow from all
    </Directory>

    <IfModule mod_fastcgi.c>
            AddHandler php7-fcgi .php
            Action php7-fcgi /php7-fcgi
            Alias /php7-fcgi /usr/lib/cgi-bin/php7-fcgi
            FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi -socket /var/run/php7.3-fpm-elami_mk.sock -pass-header Authorization
            <Directory /usr/lib/cgi-bin>
                    require all granted
            </Directory>
    </IfModule>

    <FilesMatch \.php$>
            SetHandler "proxy:unix:/var/run/php7.3-fpm-elami_mk.sock|fcgi://localhost/"
                    </FilesMatch>
    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

    ErrorLog ${APACHE_LOG_DIR}/web_website_url.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel error
    CustomLog ${APACHE_LOG_DIR}/web_website_url.log combined

My domain is:

www.elami.mk

My web server is (include version):
Apache2

The operating system my web server runs on is (include version):

Distributor ID: Debian
Description: Debian GNU/Linux 9.9 (stretch)
Release: 9.9
Codename: stretch

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
PuTTY

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Newest Version ( Installed 2 days ago)

Thank you!

rg305 · September 11, 2019, 9:56am

If you can, please also show the virtual host for *:443
and also the output of:
apachectl -t -D DUMP_VHOSTS

TheErminK · September 11, 2019, 10:03am

Where do i find vhost for 443?
Also here is the output

Thank you!

VirtualHost configuration:
*:80 is a NameVirtualHost
default server p-c-mt-web001.kentivo.xxx (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost p-c-mt-web001.kentivo.xxx (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost elami.nl (/etc/apache2/sites-enabled/elami_mk.conf.conf:3)
alias www.elami.nl
wild alias *.elami.nl
port 80 namevhost elami.mk (/etc/apache2/sites-enabled/elami_mk.conf.conf:14)
alias www.elami.mk
wild alias *.elami.mk
port 80 namevhost sayingkiddo.nl (/etc/apache2/sites-enabled/justsayingkiddo_nl.conf.conf:3)
alias www.sayingkiddo.nl
wild alias *.sayingkiddo.nl
port 80 namevhost justsayingkiddoparty.nl (/etc/apache2/sites-enabled/justsayingkiddo_nl.conf.conf:15)
alias www.justsayingkiddoparty.nl
wild alias *.justsayingkiddoparty.nl
port 80 namevhost justsayinkiddo.nl (/etc/apache2/sites-enabled/justsayingkiddo_nl.conf.conf:27)
alias www.justsayinkiddo.nl
wild alias *.justsayinkiddo.nl
port 80 namevhost justkiddo.nl (/etc/apache2/sites-enabled/justsayingkiddo_nl.conf.conf:39)
alias www.justkiddo.nl
wild alias *.justkiddo.nl
port 80 namevhost justsayingkiddo.nl (/etc/apache2/sites-enabled/justsayingkiddo_nl.conf.conf:50)
alias www.justsayingkiddo.nl
wild alias *.justsayingkiddo.nl

rg305 · September 11, 2019, 10:15am

ls -l /etc/apache2/sites-enabled/

What is the output of:
certbot certificates

[you may have missed a step or two between installing certbot and having a secure web site]

TheErminK · September 11, 2019, 10:30am

Hi, so the file is this

<VirtualHost *:80>
servername elami.mk
serveralias www.elami.mk *.elami.mk
ServerAdmin webmaster@elami.mk

    DocumentRoot /home/elami_mk/www/public_html
    <Directory />
            require all granted
            Options FollowSymLinks
            AllowOverride None
            Options +Indexes +FollowSymLinks +MultiViews +ExecCGI -MultiViews +SymLinksIfOwne$
            AllowOverride All
            Order allow,deny
            Allow from all
    </Directory>
  <IfModule mod_fastcgi.c>
            AddHandler php7-fcgi .php
            Action php7-fcgi /php7-fcgi
            Alias /php7-fcgi /usr/lib/cgi-bin/php7-fcgi
            FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi -socket /var/run/php7.3-fpm-elam$
            <Directory /usr/lib/cgi-bin>
                    require all granted
            </Directory>
    </IfModule>

    <FilesMatch \.php$>
            SetHandler "proxy:unix:/var/run/php7.3-fpm-elami_mk.sock|fcgi://localhost/"
                    </FilesMatch>
    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
 AddHandler php7-fcgi .php
            Action php7-fcgi /php7-fcgi
            Alias /php7-fcgi /usr/lib/cgi-bin/php7-fcgi
            FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi -socket /var/run/php7.3-fpm-elam$
            <Directory /usr/lib/cgi-bin>
                    require all granted
            </Directory>
    </IfModule>

    <FilesMatch \.php$>
            SetHandler "proxy:unix:/var/run/php7.3-fpm-elami_mk.sock|fcgi://localhost/"
                    </FilesMatch>
    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

    ErrorLog ${APACHE_LOG_DIR}/web_website_url.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel error
    CustomLog ${APACHE_LOG_DIR}/web_website_url.log combined

And I cannot run certbot certificates I get command not found
Its installed in here I believe

/opt/eff.org/certbot/venv/bin/certbot

So I went into that directory and tried to run it from there, it didn't work...

rg305 · September 11, 2019, 10:37am

How exactly did you install certbot?
Which instructions did you follow?
[feel free to review your history file]

That is only port 80 (HTTP).
There should also exist a file (or section) with:
<VirtualHost *:443>
[For the HTTPS]

TheErminK · September 11, 2019, 10:41am

I believe I followed these instructions

Install Let's Encrypt to Create SSL Certificates | Linode Docs

That is the only thing that says in the file that I opened in the path

ls -l /etc/apache2/sites-enabled/

rg305 · September 11, 2019, 10:46am

Please show output of:
find / -name letsencrypt-auto

Which steps from that guide did you take?
Where did you stop?

Please show:
ls -l /etc/letsencrypt/

TheErminK · September 11, 2019, 10:49am

Output:

/opt/letsencrypt/letsencrypt-auto
/opt/letsencrypt/letsencrypt-auto-source/letsencrypt-auto

This is the last command I followed from the tutorial

sudo -H ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

except it didn't work, so instead of --standalone i used --apache and that worked and gave me certificates.

rg305 · September 11, 2019, 10:51am

OK.
Try:
/opt/letsencrypt/letsencrypt-auto certificates

rg305 · September 11, 2019, 10:53am

certonly only gets you a new cert it won't create all the necessary things that go with it.

TheErminK · September 11, 2019, 10:58am

Here is the output of command

/opt/letsencrypt/letsencrypt-auto certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: justsayingkiddo.nl
Domains: justsayingkiddo.nl
Expiry Date: 2019-12-09 06:56:45+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/justsayingkiddo.nl/fullchain.pem
Private Key Path: /etc/letsencrypt/live/justsayingkiddo.nl/privkey.pem
Certificate Name: www.elami.mk
Domains: www.elami.mk
Expiry Date: 2019-12-09 13:13:32+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.elami.mk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.elami.mk/privkey.pem
Certificate Name: www.justsayingkiddo.nl
Domains: www.justsayingkiddo.nl
Expiry Date: 2019-12-09 06:23:21+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/www.justsayingkiddo.nl/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.justsayingkiddo.nl/privkey.pem

certonly only gets you a new cert it won’t create all the necessary things that go with it.

I did not know, this I am sorry and thankful for your help

rg305 · September 11, 2019, 11:03am

No worries; we will get this resolved (together).

It looks like you have 3 certificates.
But they all have only one name on them:

Certificate Name: justsayingkiddo.nl
Domains: justsayingkiddo.nl

Certificate Name: www.elami.mk
Domains: www.elami.mk

Certificate Name: www.justsayingkiddo.nl
Domains: www.justsayingkiddo.nl

Were probably better off just deleting those and getting new ones with two name on each, like:
Domains: justsayingkiddo.nl, www.justsayingkiddo.nl
Domains: elami.mk, www.elami.mk
Domains: justsayingkiddo.nl, www.justsayingkiddo.nl

And we can also let certbot do its’ magic and create the missing virtualhosts for us.

TheErminK · September 11, 2019, 11:09am

Oh that would be great!

rg305 · September 11, 2019, 11:09am

Let’s do one at a time (since I only see one port 80 vhost).
We can begin with domain: elami.mk

delete existing cert:
sudo -H /opt/letsencrypt/letsencrypt-auto delete --cert-name www.elami.mk
create a new cert (with two names and let certbot create the https vhost) for same domain:
sudo -H /opt/letsencrypt/letsencrypt-auto --apache -d elami.mk -d www.elami.mk

TheErminK · September 11, 2019, 11:18am

Sorry which one do I choose

1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.

2 right ?

rg305 · September 11, 2019, 11:20am

either way…
Maybe better 1 for now.
The redirection merely adds code to the HTTP/80 section to say:
(in computer speak) The site has moved to HTTPS/443 - there is nothing to see here.

[code which can be added/removed at any time - rather easily.]

TheErminK · September 11, 2019, 11:22am

IT is WORKING
https://www.elami.mk/

This is great! thank you so much!
I am in your debt!
I just repeat that step for the other two domains, merge them in one like this here and that is it

Thank you again

rg305 · September 11, 2019, 11:25am

You are welcome.
But we are not done yet.
Now that you got the secure site up.
You need to decide if you want to redirect all traffic to HTTPS.
And also to which name www or no www.

Essentially there exist four sites:
http://site
http://www.site
https://site
https://www.site
Three should redirect and end up at the fourth one.
[you need to decide which]

rg305 · September 11, 2019, 11:26am

There should be a new file in that folder (SSL related).