I'm trying to enable Let's Encrypt ssl certificate on jammetti.lv (magento 2, apache, raspbian buster) but when I force SSL connection and try to load the website connection to the website is refused.
I've also checked if my SSL certificates are valid.
I've made sure my SSL port is open on router.
My DNS server is mydomain.com and I didn't add any specific DNS record for SSL connection.
I've ran apachectl configtest
I've been trying to fix this problem for several days now.
Thanks,
Pavels
Hi @regent116
I don't see a refused answer, I see a direct loop - see https://check-your-website.server-daten.de/?q=jammetti.lv - and a missing slash:
| Domainname | Http-Status | redirect | Sec. | G |
|---|---|---|---|---|
| • http://jammetti.lv/ 77.38.185.163 | 301 | https://jammetti.lv Html is minified: 100,00 % | 0.093 | A |
| • http://www.jammetti.lv/ 77.38.185.163 | 301 | https://jammetti.lv Html is minified: 100,00 % | 0.110 | E |
| • https://jammetti.lv/ 77.38.185.163 | 301 | https://jammetti.lv Html is minified: 100,00 % | 3.076 | B |
| • https://www.jammetti.lv/ 77.38.185.163 | 301 | https://jammetti.lv Html is minified: 100,00 % | 2.826 | N |
| Certificate error: RemoteCertificateNameMismatch | ||||
| • https://jammetti.lv | 301 | https://jammetti.lv Html is minified: 100,00 % | 2.613 | L |
All redirects are to https + the domain name without a slash.
Would be correct in the port 80 vHost.
But not in the port 443 vHost.
And you don't have an explicit port 80 vHost with that domain name.
So first step: Create that port 80 vHost, apachectl -S must show it.
Second: Remove the wrong redirect in your port 443 vHost.
We should have a look at the file:
/etc/apache2/sites-enabled/000-default-le-ssl.conf
Now the loop is gone.
Instead, there is mixed content.
I've updated 80 vHost configuration with ServerName
Also here is 443 vHost file:
/etc/apache2/sites-enabled/000-default-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName jammetti.lv
SSLCertificateFile /etc/letsencrypt/live/jammetti.lv/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/jammetti.lv/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Found a loop in my .htaccess file
Unfortunately I can't load the website in my browser:
I would check which resources are loading through http with chrome developer tools If I could inspect the page. What would you suggest?
Welcome to the Let's Encrypt Community 
You've still got some strange (or missing) redirects:
http://www.jammetti.lv/ --302--> http://jammetti.lv/
https://www.jammetti.lv/ --302--> https://jammetti.lv/
These should be:
http://jammetti.lv/ --301--> https://jammetti.lv/
http://www.jammetti.lv/ --301--> https://www.jammetti.lv/ --301--> https://jammetti.lv/
Thanks Griffin and JuergenAuer.
I've fixed mixed content issue. Infact, I've asked a friend to load the website from different IP and the website was secure and fully functional. But I still can't get it to work on my PC. Website doesn't load. That's odd. Website works fine for others except me. I've cleared cache & cookies and even tried different browser. Of Course I should fix the redirect issue, but I don't know where to begin. What would you suggest?
.htaccess file:
/etc/apache2/sites-enabled/000-default.conf:
80 vHost
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName jammetti.lv
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
There are still some things that need fixing:
Do you have a wrong / expired hosts entry? So you use the wrong ip address?
Your hosts file:
Windows:
C:\windows\system32\drivers\etc\hosts
There you can define
127.0.0.1 jammetti.lv
then you don't see the online version, instead your local pc is connected.
Open /etc/letsencrypt/options-ssl-apache.conf with a text editor using root (for example: sudo nano /etc/letsencrypt/options-ssl-apache.conf). Modify according to the following then reload apache (/etc/init.d/apache2 reload). You may have some of the directives cited below in multiple configuration files, so be sure to check.
SSLEngine on
# Comment out the existing line:
# SSLProtocol all -SSLv2 -SSLv3
# Add a new line:
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
#Comment out the existing line:
# SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305 .....
# Add a new line:
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
SSLHonorCipherOrder on
SSLCompression off