I have issued many certs using certbot, I don't know why I am suddenly having this problem. I have even resorted to destroying the instance and starting from scratch on a new one, but still running into the same problem.
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Apache/2.4.41 (Ubuntu) Server at yolosand.com Port 80
Output for ufw status
Status: active
To Action From
OpenSSH ALLOW Anywhere
Apache Full ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Apache/2.4.41 (Ubuntu) Server at yolosand.com Port 80
So you see: External port 443 / https -> internal port 80 instead of port 443.
Looks like your router has a wrong port forwarding.
I've tried editing both yolosand.com.conf and yolosand.com-le-ssl.conf in so many different ways, nothing has worked. So I have deleted both files.
I edited 000-default.conf and default-ssl.conf to have webroot /var/www/yolosand.com and this is what I am receiving:
When I visit http://yolosand.com, it is from the desired webroot /var/www/yolosand.com
When I visit https://yolosand.com, it is from /var/www/html. The ssl cert being from R3. No idea what R3 is.
I have never seen this behavior before, I am pretty lost on where to go from here. Neither of the vhost configurations include the ssl cert file locations, so where is it even pulling the certificate?
Hey @griffin! The DNS for yolosand.com is pointing to 64.225.89.148 which is the ip for the load balancer. Currently there is only one server attached to this load balancer, which is 128.199.4.217, and this is where I am editing the vhosts and running certbot.
I changed the 000-default.conf and default-ssl.conf to be webroot /var/www/html, so now when I visit yolosand.com at either http or https, it goes to the apache welcome page.
Neither the 000-default.conf or the default-ssl.conf have the ServerName yolosand.com specified or cert files included. Any thoughts on how this is working?
Here is my output for
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33 not_used
Group: name="www-data" id=33 not_used
So when I setup my own webroot, along with it's own conf files, after running certbot this is when I start receiving the Bad Request.
Sorry, I do not understand. I thought the 000-default.conf is the config for port 80, is it not? Anytime I create a new conf file with the webroot /var/www/yolosand.com, apache is still not recognizing it.
I spun up a new server on digitalocean and I was able to issue a normal ssl cert per Certbot's instructions. The moment I tried issuing a wildcard ssl cert (also using certbot's instructions) with the use of their certbot plugin with provider digitalocean, I was no longer able to access the site at https.
