How to fix or remove security from my server

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: garykoz.com

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

I have no idea what the above answers are.

I have never used a server before and just built mine. I tred to install security but did something wrong because I can’t get to my server any more. I tried undoning everything by doing the opposite of the install steps but it only got worse.

Can this all be fixed or undone or do I have to rebuild my server?

Any help will be greatly appreciated.

Thank you,
Gary Kozlowski

Hi @garykoz,

What did you do in order to build your server, and what did you do in order to add security to it?

Thank you for answering my call for help.

I used a download of ubuntu server 18.04 to build my server. I was working OK until I installed security.

I used a link fron the internet:

https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04

What output did you see from the commands in the tutorial?

When you say you “can’t get to [your] server anymore”, do you mean just with a web browser, or you also can’t log in to administer it via SSH anymore?

I’m sorry. Just my web browser.

I can get to it with SSH, Webadmin, phpMyAdmin and Dreamweaver.

OK! Maybe you could try accessing it with SSH and running

sudo certbot certificates

and

sudo service apache2 start

and telling us what the results of those are.

I can only include 1 screenshot per email so here is the 1st one.

Here is the 2nd one.

Did you get my screen shots?

Yes, I was out for the holiday weekend—sorry for the delay.

Could you try these commands too?

curl -v localhost

sudo ss -plt

Here is the 1st one

Here is the 2nd one

Hmmmm, so I wonder why Apache isn’t starting yet isn’t displaying a specific error message.

Could you look for error logs in /var/log/apache2/error_log? (They might also be somewhere else.) E.g.

sudo tail /var/log/apache2/error_log

Here is the one with the newest date

(Attachment error.log.1 is missing)

The e-mail attachment didn’t come through, apparently.

Here is the one with the newest date

error.log.1.txt (6.17 KB)

It looks like your site has some broken PHP configuration somehow; do you know what could be causing that? I realize that it showed up when you installed the Let’s Encrypt certificate but I’m not sure whether it’s directly related to that. (For example, it might be that the Apache server just hadn’t been restarted in a long time and that it was broken before, but now that Certbot caused it to restart, it noticed that its PHP configuration was broken.)

I’m not sure what tat means. Do I just re-install PHP and reboot the server?

Looking more closely at the timestamps, I think I may have misinterpreted the nature of the problem.

Are you sure there’s no error.log as opposed to error.log.1? Could we see error.log if it exists?

The reason I didn’t send error.log is because it was empty. I’m sending the next oldest error.log file. Hope that helps.

error.log.10.txt (39.4 KB)