Help with mod_rewrite creating redirection loop

I really messed up one of my sites and my skill level is not high enough to figure this out, i don't understand enough about rewrite rules but i think that must be the cause.

My domain is: zaviera.nl
My web server is (include version): Apache/2.4.7 (Ubuntu)
The operating system my web server runs on is (include version): Ubuntu 14.04.2 LTS
My hosting provider is: this is a VPS
I can login to a root shell on my machine: Yes
I'm using a control panel to manage my site: No
I ran this command: ./certbot-auto renew --dry-run

It produced this output:

First i kep struggling with errors like> timeout authentication failure, could not connect to the client to verify the domain.

From other threads i gathered this could be a firewall issue but then why are my other sites working normally from the same server? Also i could just ping my site without problems and als do a telnet command to port 80.

But suddenly it worked even though chrome still give me an insecure message so it seems the certificate install failed?
Please take a look here: https://zaviera.nl/administratie

The weird thing is that i have different other sites on this same VPS which are running fine and also have a Letsencrypt certificate. Example: opendial.nl

Now the help i would very much appreciate:

1.How do i remove the faulty certificate and reinstall it? In the past i always did:

./certbot-auto --apache
chose the site and then chose option 2 (secure redirect all to HTTPS)
then i would do
./certbot-auto certonly --webroot -w /var/www/zaviera.nl/public_html/ -d www.zaviera.nl -d zaviera.nl
(otherwise google web console would complain that the certificate would only match for the domain without www)

2.How do i fix the Too many redirects error? What i already did was delete my vhosts here:
/etc/apache2/sites-available
specifically:

zaviera.nl.conf
zaviera.nl-le-ssl.conf
After that i let Certbot re-create zaviera.nl-le-ssl.conf automatically.

The contents of these files show these rules:

zaviera.nl.conf:

RewriteEngine on
RewriteCond %{SERVER_NAME} =zaviera.nl [OR]
RewriteCond %{SERVER_NAME} =www.zaviera.nl
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

This is usually caused by a mis-configured proxy in the mix, or likely the rewrite rules a setting in the web application running here which is causing requests to do 301 redirect. Looking at the rules pasted, I suspect the latter in this case.

closer look at the response headers from the domain listed

First Request to *http ->Response is "HTTP/1.1 301 Moved Permanently"
Second Request *https -> Response is also “HTTP/1.1 301 Moved Permanently”

So the second request above, which is 301 redirected to https & matching the domain, also gets redirected.

Check your rewrite rules carefully, your redirecting a matching domain (great!)
… but you really only want to be doing that for http normally. Put a matching condition to check for that.

Hint: search “apache redirect loop https htaccess” … there will be plenty of results

you may also find this helpful: https://www.digitalocean.com/community/questions/redirecting-from-http-to-https

Hope this helps, all the best.
Erle

Hey, thanks for your help Erlepereira. I'm not really experienced enough with apache URL rewriting to figure out what i need to change here. I did a search for "apache redirect loop https htaccess" but the articles i found didn't really apply to my situation or i didn't understand some parts of the solutions offered. The Digitalocean topic as well, those rules posted there are completely different from mine but i don't understand how they work so in order to replace my rules with those seems unwise.

Also i have a couple of other vhosts with exactly the same rules but they are working fine and so was this vhost before i started renewing this certificate. The only difference is that this vhost is a Prestashop install and the other ones are Wordpress installs.

Is zaviera.nl.conf the only file which can be causing this problem? Or do i need to look for other files? Let's say for instance i'd want to temporarily revert the site back to http only so i can see if the issue goes away. How would i do that?

I already removed the .htaccess file and generated a new one.

edit:

So if i comment out the line:

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

My site suddenly works.

But it's not https. And the strange thing is my other vhosts have this exact same rule and they don't give me the same problem?

Could you post the whole zaviera.nl.conf file here?

Actually, also the zaviera.nl-le-ssl.conf file.

Sure, zaviera.nl.conf:

<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.

    ServerAdmin info@zaviera.nl
    DocumentRoot /var/www/zaviera.nl/public_html
    ServerName zaviera.nl
    ServerAlias www.zaviera.nl
    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

RewriteEngine on
RewriteCond %{SERVER_NAME} =zaviera.nl [OR]
RewriteCond %{SERVER_NAME} =www.zaviera.nl
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

zaviera.nl-le-ssl.conf:

# The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly.
    ServerAdmin info@zaviera.nl
    DocumentRoot /var/www/zaviera.nl/public_html
    ServerName zaviera.nl
    ServerAlias www.zaviera.nl
    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

SSLCertificateFile /etc/letsencrypt/live/zaviera.nl/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/zaviera.nl/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/zaviera.nl/chain.pem

Did you change something intentionally to cause the HTTPS → HTTP redirection that I see now?

Otherwise, what I think is happening is that you have some other software on your system that has set up an additional HTTPS → HTTP redirection, perhaps via an .htaccess file.

I would suggest doing

egrep -r '(Redirect|Rewrite)' /etc/apache2

and

egrep -r '(Redirect|Rewrite)' /var/www/zaviera.nl

to see if you can find an additional directive that you didn’t expect to have that’s doing the redirection in the contrary direction.

Thank you for the reply. The situation right now is that i commented out this line so i can open the site via http:

#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Otherwise i get the redirect loop.

I did not do anything else intentionally because i have no experience with rewrite rules.

I did those commands and here is their output:

egrep -r '(Redirect|Rewrite)' /etc/apache2

/etc/apache2/sites-available/opendial.nl.conf:RewriteEngine on
/etc/apache2/sites-available/opendial.nl.conf:RewriteCond %{SERVER_NAME} =opendial.nl [OR]
/etc/apache2/sites-available/opendial.nl.conf:RewriteCond %{SERVER_NAME} =www.opendial.nl
/etc/apache2/sites-available/opendial.nl.conf:RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
/etc/apache2/sites-available/zaviera.nl.conf:RewriteEngine on
/etc/apache2/sites-available/zaviera.nl.conf:RewriteCond %{SERVER_NAME} =zaviera.nl [OR]
/etc/apache2/sites-available/zaviera.nl.conf:RewriteCond %{SERVER_NAME} =www.zaviera.nl
/etc/apache2/sites-available/zaviera.nl.conf:#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

So here you can see the content of both conf files is the same.

Here is the output from the other command:
http://zaviera.nl/zavieraerror.txt

What's the best way i can share this securely? It's too big for pastebin.

Any, most of what i can gather is from the .htaccess file. After i got this problem i deleted it and forced Prestashop to generate a new one but it didn't help.

Sorry, I didn’t mean to match non-Apache stuff like Javascript.

So I think the problem is some kind of conflict between the .htaccess rewrites and the Certbot-suggested HTTP to HTTPS rewrites. You can get such a loop when one rule causes a redirect from A to B, while another rule causes a redirect from B to A, among other possibilities.

I’m not much of an expert on mod_rewrite; maybe someone else on this forum is more familiar with it and can immediately see the problem?

The documentation is at

https://httpd.apache.org/docs/current/mod/mod_rewrite.html

and if necessary we could change the title of this thread to make clear that we could use help from someone with more mod_rewrite experience.

Hi Seth, which topic title would you suggest?

Maybe “Help with mod_rewrite creating redirection loop”?

Alright, i changed the title. Now i hope someone can help, thanks for the help so far Seth!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.