cshaw
April 30, 2019, 3:03pm
1
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
www.kellyscleanbees.com
I ran this command:
It produced this output:
My web server is (include version):
Apache2
The operating system my web server runs on is (include version):
Debain 8
My hosting provider, if applicable, is:
OVH VPS
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
certbot 0.33.1
I currently have several sites on the same server using certbot and all work fine, but the domain www.kellyscleanbees.com just wont work with https.
The Apache VirtualHosts are as follows:
<VirtualHost *:80>
ServerName kellyscleanbees.com
ServerAlias www.kellyscleanbees.com
DocumentRoot /var/www/www.kellyscleanbees.com/htdocs/
SetEnv URL_BASE http://www.kellyscleanbees.com/
SetEnv APP_BASE /var/www/www.kellyscleanbees.com/htdocs/
<directory /var/www/www.kellyscleanbees.com/htdocs/>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</directory>
</VirtualHost>
<VirtualHost *:443>
ServerName kellyscleanbees.com
ServerAlias www.kellyscleanbees.com
DocumentRoot /var/www/www.kellyscleanbees.com/htdocs/
SetEnv APP_BASE /var/www/www.kellyscleanbees.com/htdocs/
SetEnv URL_BASE http://www.kellyscleanbees.com/
<directory /var/www/www.kellyscleanbees.com/htdocs/>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</directory>
SSLCertificateFile /etc/letsencrypt/live/www.kellyscleanbees.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.kellyscleanbees.com-0001/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
This actually mirrors another vhost for another domain which works fine.
Hi @cshaw
there is no public visible ip address defined ( https://check-your-website.server-daten.de/?q=kellycleanbees.com ):
Not ipv4, not ipv6.
And there is no certificate.
cshaw
April 30, 2019, 3:21pm
3
@JuergenAuer
Sorry it was a typo in the domain name, the domain is www.kellyscleanbees.com
Check your redirects http - https, your preferred version (www vs. non-www), certificates, connections and your html-content. A ranking system shows, if your domain is A+ (no errors + preload), has errors (https - http) or loops.
There is a Grade Q - http over port 443.
What says
apachectl configtest
apachectl fullstatus
apachectl -S
cshaw
May 1, 2019, 8:55am
5
@JuergenAuer
root@vps425446:~# apachectl configtest
Syntax OK
root@vps425446:~# apachectl fullstatus
Apache Server Status for localhost (via 127.0.0.1)
Server Version: Apache/2.4.10 (Debian) OpenSSL/1.0.1t
Server MPM: prefork
Server Built: Feb 24 2017 18:40:28
-------------------------------------------------------------------------------
Current Time: Wednesday, 01-May-2019 09:53:42 UTC
Restart Time: Tuesday, 30-Apr-2019 15:57:09 UTC
Parent Server Config. Generation: 2
Parent Server MPM Generation: 1
Server uptime: 17 hours 56 minutes 33 seconds
Server load: 0.00 0.00 0.00
Total accesses: 4021 - Total Traffic: 6.7 MB
CPU Usage: u1.42 s.18 cu0 cs0 - .00248% CPU load
.0623 requests/sec - 109 B/second - 1758 B/request
1 requests currently being processed, 9 idle workers
___..___.._.._.W......_.........................................
................................................................
......................
Scoreboard Key:
"_" Waiting for Connection, "S" Starting up, "R" Reading Request,
"W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup,
"C" Closing connection, "L" Logging, "G" Gracefully finishing,
"I" Idle cleanup of worker, "." Open slot with no current process
Srv PID Acc M CPU SS Req Conn Child Slot Client VHost Request
0/2
0-1 15316 / _ 0.02 123 25 0.0 0.00 0.36 141.101.77.59 vps425446.ovh.net:80 NULL
272
0/6
1-1 15231 / _ 0.09 315 18 0.0 0.01 0.32 162.158.150.43 vps425446.ovh.net:80 NULL
181
0/2
2-1 15309 / _ 0.04 316 19 0.0 0.00 0.49 162.158.150.7 vps425446.ovh.net:80 NULL
178
0/0
3-1 - / . 0.00 310 0 0.0 0.00 0.29 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
263
0/0
4-1 - / . 0.00 315 0 0.0 0.00 0.23 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
170
0/2
5-1 15312 / _ 0.04 315 22 0.0 0.00 0.32 162.158.150.43 vps425446.ovh.net:80 NULL
187
0/1
6-1 15319 / _ 0.01 311 18 0.0 0.00 0.27 108.162.229.37 vps425446.ovh.net:80 NULL
167
0/
7-1 14999 11/ _ 0.17 315 20 0.0 0.02 0.55 162.158.150.43 vps425446.ovh.net:80 NULL
274
0/0
8-1 - / . 0.00 312 0 0.0 0.00 0.23 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
149
0/0
9-1 - / . 0.00 313 0 0.0 0.00 0.25 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
159
0/2
10-1 15313 / _ 0.02 132 0 0.0 0.00 0.39 172.68.244.147 vps425446.ovh.net:80 NULL
171
0/0
11-1 - / . 0.15 308 0 0.0 0.00 0.36 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
151
0/0
12-1 - / . 0.18 311 0 0.0 0.00 0.32 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
253
0/2
13-1 15314 / _ 0.04 128 22 0.0 0.00 0.57 172.68.11.254 vps425446.ovh.net:80 NULL
260
0/0
14-1 - / . 0.12 309 0 0.0 0.00 0.34 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
149
0/1
15-1 15315 / W 0.02 0 0 0.0 0.00 0.15 127.0.0.1 vps425446.ovh.net:80 GET /server-status HTTP/1.0
122
16-1 - 0/0 . 0.00 314 0 0.0 0.00 0.10 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/92
0/0
17-1 - / . 0.00 821 0 0.0 0.00 0.14 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
158
18-1 - 0/0 . 0.00 820 0 0.0 0.00 0.17 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/97
19-1 - 0/0 . 0.00 818 0 0.0 0.00 0.09 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/86
20-1 - 0/0 . 0.00 819 0 0.0 0.00 0.19 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/95
21-1 - 0/0 . 0.00 817 0 0.0 0.00 0.07 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/84
22-1 15244 0/6 _ 0.08 315 21 0.0 0.01 0.09 162.158.150.43 vps425446.ovh.net:80 NULL
/80
23-1 - 0/0 . 0.02 808 0 0.0 0.00 0.28 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/78
24-1 - 0/0 . 0.00 812 0 0.0 0.00 0.12 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/94
25-0 - 0/0 . 0.00 24561 0 0.0 0.00 0.00 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/1
26-0 - 0/0 . 0.00 24562 0 0.0 0.00 0.00 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/1
27-0 - 0/0 . 0.14 22535 0 0.0 0.00 0.01 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/9
28-0 - 0/0 . 0.16 22529 0 0.0 0.00 0.01 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/9
29-0 - 0/0 . 0.10 23030 0 0.0 0.00 0.01 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/7
30-0 - 0/0 . 0.00 24560 0 0.0 0.00 0.00 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/1
31-0 - 0/0 . 0.04 23676 0 0.0 0.00 0.00 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/4
32-0 - 0/0 . 0.00 24559 0 0.0 0.00 0.00 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/1
33-0 - 0/0 . 0.03 23675 0 0.0 0.00 0.00 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/4
34-0 - 0/0 . 0.02 24056 0 0.0 0.00 0.00 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/2
35-0 - 0/0 . 0.00 24556 0 0.0 0.00 0.00 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/1
36-0 - 0/0 . 0.00 24558 0 0.0 0.00 0.00 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/1
37-0 - 0/0 . 0.00 24557 0 0.0 0.00 0.00 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/1
38-0 - 0/0 . 0.00 24554 0 0.0 0.00 0.00 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/1
39-0 - 0/0 . 0.00 24553 0 0.0 0.00 0.00 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/1
40-0 - 0/0 . 0.11 23570 0 0.0 0.00 0.01 ::1 vps425446.ovh.net:80 OPTIONS * HTTP/1.0
/7
-------------------------------------------------------------------------------
Srv Child Server number - generation
PID OS process ID
Acc Number of accesses this connection / this child / this slot
M Mode of operation
CPU CPU usage, number of seconds
SS Seconds since beginning of most recent request
Req Milliseconds required to process most recent request
Conn Kilobytes transferred this connection
Child Megabytes transferred this child
Slot Total megabytes transferred this slot
-------------------------------------------------------------------------------
SSL/TLS Session Cache Status:
cache type: SHMCB, shared memory: 512000 bytes, current entries: 0
subcaches: 32, indexes per subcache: 88
index usage: 0%, cache usage: 0%
total entries stored since starting: 0
total entries replaced since starting: 0
total entries expired since starting: 0
total (pre-expiry) entries scrolled out of the cache: 0
total retrieves since starting: 0 hit, 0 miss
total removes since starting: 0 hit, 0 miss
-------------------------------------------------------------------------------
Apache/2.4.10 (Debian) Server at localhost Port 80
root@vps425446:~# apachectl -S
VirtualHost configuration:
*:80 is a NameVirtualHost
default server vps425446.ovh.net (/etc/apache2/sites-enabled/dev.chris-shaw.com.conf:1)
port 80 namevhost vps425446.ovh.net (/etc/apache2/sites-enabled/dev.chris-shaw.com.conf:1)
wild alias *.*.*.chris-shaw.com
port 80 namevhost vps425446.ovh.net (/etc/apache2/sites-enabled/dev.chris-shaw.com.conf:11)
wild alias *.*.chris-shaw.com
port 80 namevhost chris-shaw.com (/etc/apache2/sites-enabled/www.chris-shaw.com.conf:1)
port 80 namevhost www.chris-shaw.com (/etc/apache2/sites-enabled/www.chris-shaw.com.conf:6)
port 80 namevhost kellyscleanbees.com (/etc/apache2/sites-enabled/www.kellyscleanbees.com.conf:1)
alias www.kellyscleanbees.com
*:443 is a NameVirtualHost
default server chris-shaw.com (/etc/apache2/sites-enabled/www.chris-shaw.com-le-ssl.conf:2)
port 443 namevhost chris-shaw.com (/etc/apache2/sites-enabled/www.chris-shaw.com-le-ssl.conf:2)
port 443 namevhost www.chris-shaw.com (/etc/apache2/sites-enabled/www.chris-shaw.com-le-ssl.conf:8)
alias chris-shaw.com
port 443 namevhost kellyscleanbees.com (/etc/apache2/sites-enabled/www.kellyscleanbees.com.conf:16)
alias www.kellyscleanbees.com
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="deploy" id=1002
Group: name="deploy" id=1003
root@vps425446:~#
Isn't there a
SSLEngine on
directive required?
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.kellyscleanbees.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.kellyscleanbees.com-0001/privkey.pem
cshaw
May 1, 2019, 9:41am
7
That directive is not in the other virtualhost files, I had just added it and restarted apache2 but still having the same issue.
One other idea.
Is this a home server?
Is there a wrong port forwarding?
So port 443 (external) is forwarded to port 80 (internal)?
cshaw
May 1, 2019, 3:29pm
9
Its on a Virtual Private Server in a DataCentre in i believe france or germany. Provided by the firm OVH.
My main website https://www.chris-shaw.com is hosted on the same vps, using letscencrypt and is working fine.
That domain has the same problem. And there is an indicator what maybe wrong.
https + non-www has the typical error:
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format.
"unexcpected packet format" - the handshake expects some bytes, but a complete http answer is sent, so my tool checks, if http + port 443 works.
And there you see one error:
Visible Content: Moved Permanently The document has moved here .
Apache/2.4.10 (Debian) Server at chris-shaw.com Port 80
The request goes to port 443 - but port 80 answers with a http status 301.
The server uses two different ip addresses:
Host
T
IP-Address
is auth.
∑ Queries
∑ Timeout
chris-shaw.com
A
151.80.234.19
yes
1
0
AAAA
yes
www.chris-shaw.com
A
104.24.122.44
yes
1
0
A
104.24.123.44
yes
1
0
AAAA
yes
And the 151.80.234.19 is the ip address with the wrong answer, the same has kellyscleanbees.com
.
PS: Checking a not existing file in /.well-known/acme-challenge should produce a http status 404 - not found. The last row sends http status 200 with a content
Visible Content: ERROR 404
and
Server: cloudflare
as one header. Looks like this is an incomplete Cloudflare setting.
cshaw
May 3, 2019, 12:30pm
11
@JuergenAuer
I have setup a new domain, not touching cloudflare at all and having the same issue.
I have registered www.sha1.tk and pointed it to my vps
Created a singe page site which serves fine over http
used certbot-auto to get the certificate and allowed it to add the redirects to the virtualhost
Can you run your tool on this domain and see what the issue is, since cloudflare is not involved on this domain.
The tool is online. Use it to check your domain if you want.
That's the reason I've created an online tool, not an offline tool (so I would be the only person who could use it).
system
Closed
June 2, 2019, 2:04pm
13
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.