Help with ssl with apache2

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: customserver.me

I ran this command: sudo certbot --apache -d customserver.me -d www.customserver.me

It produced this output:
austin@mc:~$ sudo certbot --apache -d customserver.me -d www.customserver.me
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for customserver.me
http-01 challenge for www.customserver.me
Enabled Apache rewrite module
Waiting for verificationā€¦
Cleaning up challenges
Failed authorization procedure. customserver.me (http-01): urn:ietf:params:a cme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://customserver.me/.well-known/acme-challenge/ll O5TDCX0nM6ps2MNwBxBHotkDX03lFEXyk0qMea7aU: Timeout during connect (likely fi rewall problem), www.customserver.me (http-01): urn:ietf:params:acme:error:c onnection :: The server could not connect to the client to verify the domain :: Fetching http://www.customserver.me/.well-known/acme-challenge/JJa1NH1ex LUQgzimrBl7Qr_D1SKcmFsa_1Wo9_9JI90: Timeout during connect (likely firewall problem)

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: customserver.me
    Type: connection
    Detail: Fetching
    http://customserver.me/.well-known/acme-challenge/llO5TDCX0nM6ps2MNwBxBHo tkDX03lFEXyk0qMea7aU:
    Timeout during connect (likely firewall problem)

    Domain: www.customserver.me
    Type: connection
    Detail: Fetching
    http://www.customserver.me/.well-known/acme-challenge/JJa1NH1exLUQgzimrBl 7Qr_D1SKcmFsa_1Wo9_9JI90:
    Timeout during connect (likely firewall problem)

    To fix these errors, please make sure that your domain name was
    entered correctly and the DNS A/AAAA record(s) for that domain
    contain(s) the right IP address. Additionally, please check that
    your computer has a publicly routable IP address and that no
    firewalls are preventing the server from communicating with the
    client. If youā€™re using the webroot plugin, you should also verify that you are serving files from the webroot path you provided.

My web server is (include version):apache2.4.29

The operating system my web server runs on is (include version):Xubuntu 18.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I donā€™t know):yes

Iā€™m using a control panel to manage my site (no, or provide the name and version of the control panel):

using Certbot): certbot 0.31.0

I am extremely new to SSL please go easy on me. :wink:

1 Like
2

Is the site accessible from the Internet?
[port 80 needs to be open for the validation to succeed]

1 Like
3

Yes port 80 is open it works when you type in the IP but not the domain name for some reason.
173.216.36.24

1 Like
4

Iā€™m now outside my network and it now not wanting to workā€¦ would it be possible that my OSP is blocking port 80? Suddenlink communications?

2 Likes
5

ISPs blocking port 80 is quite common. It's definitely possible.

6

Just spoke with them. They did not have anything blocked. Could it be my router?

1 Like
7

Hi @AustinL321

checking your ip there is no port 80 answer - https://check-your-website.server-daten.de/?q=173.216.36.24

Domainname Http-Status redirect Sec. G
ā€¢ http://173.216.36.24/
173.216.36.24 -14 10.050 T
Timeout - The operation has timed out
ā€¢ https://173.216.36.24/
173.216.36.24 -14 10.060 T
Timeout - The operation has timed out
ā€¢ http://173.216.36.24/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
173.216.36.24 -14 10.060 T
Timeout - The operation has timed out

Only timeouts.

So if your ISP doesn't block port 80, your router configuration is wrong or there is a blocking firewall.

Port 80 extern -> port 80 intern is required.

2 Likes
8

I will once Iā€™m home I will look at my firewall rules and figure out what is going on.

1 Like
9

I will post with an update on my firewall rules

2 Likes
10

UFW RULES:
root@mc:/var/www# ufw status
Status: active

To Action From

80 ALLOW Anywhere
22 ALLOW Anywhere
53 ALLOW Anywhere
Apache Full ALLOW Anywhere
443/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443 ALLOW Anywhere
80 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
53 (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)

router firewall
Minecraft Server External port: 25565-25565 Internal port: 25565-25565
HTTP External port: 80-80 Internal port 80-80

These are my router and server firewalls

1 Like
11

Did your internal IP change?
[or did your external IP change?]

Based on your configs, the router should connect
REAL_IP:80 to INTERNAL_IP:80
REAL_IP:25565 to INTERNAL_IP:25565

But neither one connects to anything.

You might want to go ahead and add:
HTTPS External port: 443-443 Internal port 443-443
[if you are going to use it]

1 Like
12

Capture
Capture1806Ɨ698 48.1 KB

Like this?

1 Like
13

Checking your ssh port

telnet 173.216.36.24 23

that answers. So your port rules should be correct.

Works your http internal?

What says

apachectl -S
1 Like
14

Windows Terminal

austin@mc:~$ apachectl -S
AH00558: apache2: Could not reliably determine the serverā€™s fully qualified domain name, using 127.0.1.1. Set the ā€˜Serv
erNameā€™ directive globally to suppress this message

VirtualHost configuration:

*:80 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)

ServerRoot: ā€œ/etc/apache2ā€

Main DocumentRoot: ā€œ/var/www/htmlā€

Main ErrorLog: ā€œ/var/log/apache2/error.logā€

Mutex watchdog-callback: using_defaults

Mutex default: dir="/var/run/apache2/" mechanism=default

PidFile: ā€œ/var/run/apache2/apache2.pidā€

Define: DUMP_VHOSTS

Define: DUMP_RUN_CFG

User: name=ā€œwww-dataā€ id=33 not_used

Group: name=ā€œwww-dataā€ id=33 not_used

austin@mc:~$

And yes internal it works

1 Like
15

What is the internal IP of the web server?
[it should match the router setting: 10.10.10.2]

What is returned by the web server for:
curl -4 https://ifconfig.me/
[it should match the DNS resolution: 173.216.36.24]

1 Like
16

173.216.36.24 returns back using that command. I have checked that a few time thinking that was the problem.

1 Like
17

1:50AM sorry if I speak in wired hycose

1 Like
18

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.