ERR_CONNECTION_TIMED_OUT after installing with certbot

Hello!
I'm having this error after I installed certbot in order to get an SSL certificate for my Django website. It was running just fine before installing certbot:

I configured certbot using this tutorial https://certbot.eff.org/lets-encrypt/debianbuster-apache

My domain is: www.andolasalud.com

The first time I ran into this issue:
Syntax error on line 7 of /etc/apache2/sites-enabled/000-default.conf: Name duplicates previous WSGI daemon definition

Which I solved editing my django_project.conf according to this answer:

So now my .conf file looks like this:

WSGIApplicationGroup %{GLOBAL}
WSGIRestrictEmbedded On

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.


        ServerName www.andolasalud.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

        Alias /static /home/pi/Andola/static
        <Directory /home/pi/Andola/static>
                Require all granted
        </Directory>

        Alias /media /home/pi/Andola/media
        <Directory /home/pi/Andola/media>
                Require all granted
        </Directory>

        <Directory /home/pi/Andola/AnDjo>
                <Files wsgi.py>
                        Require all granted
                </Files>
        </Directory>

        WSGIDaemonProcess django_app python-home=/home/pi/Andola/myDjangoEnv python-path=/home/pi/Andola
        WSGIProcessGroup django_app
        WSGIScriptAlias / /home/pi/Andola/AnDjo/wsgi.py


RewriteEngine on
RewriteCond %{SERVER_NAME} =www.andolasalud.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
	
	ServerName www.andolasalud.com

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html
	
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	Alias /static /home/pi/Andola/static
	<Directory /home/pi/Andola/static>
		Require all granted
	</Directory>

        Alias /media /home/pi/Andola/media
        <Directory /home/pi/Andola/media>
                Require all granted
        </Directory>

	<Directory /home/pi/Andola/AnDjo>
		<Files wsgi.py>
			Require all granted
		</Files>
	</Directory>
	
	WSGIProcessGroup django_app


Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.andolasalud.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.andolasalud.com/privkey.pem
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

I'm trying to deploy a Django website on a home server:

Raspberry Pi 4
Raspbian 10
Apache2
Django 3.0.3
Python 3.8.2

I can login to a root shell on my machine, yes.

I'm using a control panel to manage my site, no.

certbot --version
certbot 1.10.1

systemctl status apache2.service
● apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2020-12-16 22:08:39 CST; 1 day 22h ago
     Docs: https://httpd.apache.org/docs/2.4/
  Process: 549 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
  Process: 1028 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
 Main PID: 643 (apache2)
    Tasks: 73 (limit: 4915)
   CGroup: /system.slice/apache2.service
           ├─ 643 /usr/sbin/apache2 -k start
           ├─1034 /usr/sbin/apache2 -k start
           ├─1035 /usr/sbin/apache2 -k start
           └─1036 /usr/sbin/apache2 -k start

dic 16 22:08:37 andola-server systemd[1]: Starting The Apache HTTP Server...
dic 16 22:08:39 andola-server systemd[1]: Started The Apache HTTP Server.
dic 18 19:38:43 andola-server systemd[1]: Reloading The Apache HTTP Server.
dic 18 19:38:43 andola-server systemd[1]: Reloaded The Apache HTTP Server.

sudo tail -100 /var/log/apache2/error.log

[Fri Dec 18 19:38:43.857930 2020] [mpm_event:notice] [pid 643:tid 3070116368] AH00489: Apache/2.4.38 (Raspbian) OpenSSL/1.1.1d mod_wsgi/4.7.1 Python/3.8 configured -- resuming normal operations
[Fri Dec 18 19:38:43.858058 2020] [core:notice] [pid 643:tid 3070116368] AH00094: Command line: '/usr/sbin/apache2'

sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443                        ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)
443/tcp (v6)               ALLOW       Anywhere (v6)
1 Like

It looks like port 443 on your server is inaccessible.

I see you have already checked ufw, that is good.

Have you also checked that port 443 is also correctly forwarded on your modem/router?

2 Likes

Sorry for the late response,
I forwarded port 443 on my modem as you said, but now my website shows the apache2 default page. Also

wget https://www.andolasalud.com
--2020-12-23 09:46:29--  https://www.andolasalud.com/
Resolviendo www.andolasalud.com (www.andolasalud.com)... 189.171.101.16
Conectando con www.andolasalud.com (www.andolasalud.com)[189.171.101.16]:443... conectado.
ERROR: The certificate of “www.andolasalud.com” doesn't have a known issuer.
El propietario del certificado no se ajusta al nombre de equipo “www.andolasalud.com”

apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:80                   www.andolasalud.com (/etc/apache2/sites-enabled/django_project.conf:4)
*:443                  www.andolasalud.com (/etc/apache2/sites-enabled/django_project.conf:61)

sudo apache2ctl -S
VirtualHost configuration:
*:80                   www.andolasalud.com (/etc/apache2/sites-enabled/django_project.conf:4)
*:443                  www.andolasalud.com (/etc/apache2/sites-enabled/django_project.conf:61)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

Thank you

1 Like

Just solved adding this line at the end of django_project.conf

WSGIScriptAlias / /home/pi/Andola/AnDjo/wsgi.py

1 Like