My web server is (include version): APACHE
The operating system my web server runs on is (include version): Linux Ubuntu
My hosting provider, if applicable, is: AWS
I can login to a root shell on my machine (yes or no, or I don't know): YES

My site is not secure, it was using TrustSSL cert that expired recently. I did not set it up. I migrated the site from another AWS account. Now that the cert expired I want to set it up with LetsEncrypt SSL. I see youtube videos on how to, but they are all pretty old. Also, since I already had a cert before, do I need to run all those steps? Anyway, Im new to all of this so any input appreciated.

I'm not familiar with TrustSSL. Did it also use the ACME protocol?

If you're not familiar with the ACME protocol, the best place to start is probably the getting started page on the Let's Encrypt website.

So I ran certbot. Looks like my site has an SSL cert installed when i try it on ssl checker. However, now i get an ERR_TOO_MANY_REDIRECTS when I visit site. Traceresults shows the url being redirected 301 and 302 until loop detected error.

How about you give us volunteers here a fighting chance at solving your problem.
Please answer the questions that are normally resented when opening a HELP topic below:

---

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

until then...
Let me consult with my
...
It says, you should check your Cloudflare [CDN] settings.
Does that mean anything to you?

Domain is: example.org
Web server is apache: Apache/2.4.52 (Ubuntu)
OS on web server is: Ubuntu 22.04.1 LTS
AWS EC2 instance
I can login to root shell: Yes
Certbot version: certbot 2.7.4

The HTTP site is working.
The HTTP to HTTPS redirection as expected.

The HTTPS site is NOT working correctly:
The HTTPS site redirects right back to the same HTTPS site [redirection loop].

Let's start to unravel this with the output of:

sudo apachectl -t -D DUMP_VHOSTS

And my was incorrect - LOL

It tells me that Cloudflare needs to be set to Full (strict).

https://community.cloudflare.com/t/community-tip-fixing-err-too-many-redirects/42335

VirtualHost configuration:
*:80 example.org (/etc/apache2/sites-enabled/000-default.conf:1)
*:443 is a NameVirtualHost
default server example.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost example.org (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
alias www.example.org
port 443 namevhost example.com (/etc/apache2/sites-enabled/default-ssl.conf:2)

This is what im getting from letdsdebug. Something about a redirect loop.

ERROR

A test authorization for example.org to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.

3.132.2.17: Fetching https://example.org/.well-known/acme-challenge/bWJZ_eBuYPghN5cm7NQzjAu16AxkNxcc9HSq8epXxo8: Redirect loop detected

Let's have a look at this file:

<IfModule mod_ssl.c>
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName csteachertoolkit.org
        ServerAlias www.csteachertoolkit.org

        ServerAdmin admin@csteachertoolkit.org
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn
        Redirect "/" "https://csteachertoolkit.org/"

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf


Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/csteachertoolkit.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/csteachertoolkit.org/privkey.pem
</VirtualHost>
</IfModule>

That redirect should have a check for the hostname. If the hostname is already csteachertoolkit.org, it shouldn't redirect again. Only when it's www.csteachertoolkit.org. (Assuming you want a www to non-www redirect to begin with.)

For testing purposes you could comment the redirect directive out and test your website.

I commented it out. Do I have to reset apache or do anything else besides write out? I appreciate the guidance.

Good to go. Thanks Fellas. This has been fun!

Just a reload is fine.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.