Error: Connection refused on HTTPS with Letsencrypt SSL, apache

I'm trying to enable Let's Encrypt ssl certificate on jammetti.lv (magento 2, apache, raspbian buster) but when I force SSL connection and try to load the website connection to the website is refused.

I've also checked if my SSL certificates are valid.

I've made sure my SSL port is open on router.
My DNS server is mydomain.com and I didn't add any specific DNS record for SSL connection.

I've ran apachectl configtest

I've been trying to fix this problem for several days now.

Thanks,

Pavels

1 Like

Hi @regent116

I don't see a refused answer, I see a direct loop - see https://check-your-website.server-daten.de/?q=jammetti.lv - and a missing slash:

Domainname Http-Status redirect Sec. G
http://jammetti.lv/ 77.38.185.163 301 https://jammetti.lv Html is minified: 100,00 % 0.093 A
http://www.jammetti.lv/ 77.38.185.163 301 https://jammetti.lv Html is minified: 100,00 % 0.110 E
https://jammetti.lv/ 77.38.185.163 301 https://jammetti.lv Html is minified: 100,00 % 3.076 B
https://www.jammetti.lv/ 77.38.185.163 301 https://jammetti.lv Html is minified: 100,00 % 2.826 N
Certificate error: RemoteCertificateNameMismatch
https://jammetti.lv 301 https://jammetti.lv Html is minified: 100,00 % 2.613 L

All redirects are to https + the domain name without a slash.

Would be correct in the port 80 vHost.

But not in the port 443 vHost.

And you don't have an explicit port 80 vHost with that domain name.

So first step: Create that port 80 vHost, apachectl -S must show it.

Second: Remove the wrong redirect in your port 443 vHost.

3 Likes

We should have a look at the file:
/etc/apache2/sites-enabled/000-default-le-ssl.conf

2 Likes

Now the loop is gone.

Instead, there is mixed content.

2 Likes

I've updated 80 vHost configuration with ServerName
Also here is 443 vHost file:
/etc/apache2/sites-enabled/000-default-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined



ServerName jammetti.lv
SSLCertificateFile /etc/letsencrypt/live/jammetti.lv/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/jammetti.lv/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Found a loop in my .htaccess file

1 Like

Unfortunately I can't load the website in my browser:

I would check which resources are loading through http with chrome developer tools If I could inspect the page. What would you suggest?

1 Like

Welcome to the Let's Encrypt Community :slightly_smiling_face:

2 Likes

You've still got some strange (or missing) redirects:

http://www.jammetti.lv/ --302--> http://jammetti.lv/

https://www.jammetti.lv/ --302--> https://jammetti.lv/

These should be:

http://jammetti.lv/ --301--> https://jammetti.lv/

http://www.jammetti.lv/ --301--> https://www.jammetti.lv/ --301--> https://jammetti.lv/

1 Like

Thanks Griffin and JuergenAuer.
I've fixed mixed content issue. Infact, I've asked a friend to load the website from different IP and the website was secure and fully functional. But I still can't get it to work on my PC. Website doesn't load. That's odd. Website works fine for others except me. I've cleared cache & cookies and even tried different browser. Of Course I should fix the redirect issue, but I don't know where to begin. What would you suggest?

.htaccess file:

/etc/apache2/sites-enabled/000-default.conf:
80 vHost

<VirtualHost *:80>

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html
	ServerName jammetti.lv


	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
1 Like

There are still some things that need fixing:

2 Likes

Do you have a wrong / expired hosts entry? So you use the wrong ip address?

2 Likes

I've got only two vHost configurations

1 Like

Your hosts file:

Windows:

C:\windows\system32\drivers\etc\hosts

There you can define

127.0.0.1 jammetti.lv

then you don't see the online version, instead your local pc is connected.

1 Like

@regent116

Open /etc/letsencrypt/options-ssl-apache.conf with a text editor using root (for example: sudo nano /etc/letsencrypt/options-ssl-apache.conf). Modify according to the following then reload apache (/etc/init.d/apache2 reload). You may have some of the directives cited below in multiple configuration files, so be sure to check.

SSLEngine on

# Comment out the existing line:
# SSLProtocol all -SSLv2 -SSLv3
# Add a new line:
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

#Comment out the existing line:
# SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305 .....
# Add a new line:
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES

SSLHonorCipherOrder on
SSLCompression off