HTTP and HTTPS work but site does not show for HTTPS


#1

Hello,

Thank you for a very cool way to install HTTPS.

I am on a LAMP stack with Apache 2.2.15 version. I am not blocking 443 with a firewall in fact I am allowing it.

Successfully installed Let’s Encrypt through the certbot install and HTTPS works but I get a default Apche2 page instead of my website showing. As you can see from the 2 below links. All files ssl.conf and hosts file have all the correct variables and directives. I even used a redirect to HTTPS but it still shows just the default Apache2 page.

The correct document root is set for both HTTP and HTTPS.

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.techlick.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.techlick.com/privkey.pem
/var/www/techlick.com/public_html>
AllowOverride All

DocumentRoot /var/www/techlick.com/public_html
ServerName techlick.com

http://techlick.com

https://techlick.com

Could someone help - I need a new set of eyes and brains to help me with this one.

Thank you again for your time and wonderful efforts. :grinning:

Regards,
techspecX


#2

I don’t know if you tried to paste the proper <VirtualHost> parts of the configuration file, but perhaps they are missing because of HTML parsing of the forum. You can use the “Preformatted text” button ("</>") to preformat the text as code so all the pieces of the config are showing.

Only this small piece of (visible) config isn’t enough to help you, because I can’t see if you’ve got the proper <VirtualHost *:443> section et cetera.


#3

My apologies Osiris. I did what you mentioned. I looked in all my current conf files and all document roots are /var/www/ so I don’t know why my site goes to a default Apache homepage. I am thinking it is something simple but cannot figure it out.

https://techlick.com

<VirtualHost *:80>
    ServerAdmin admin@techlick.com
    DocumentRoot /var/www/techlick.com/public_html
    ServerName www.techlick.com
    ServerAlias techlick.com
    ErrorLog /var/www/techlick.com/error.log
    CustomLog /var/www/techlick.com/requests.log common
</VirtualHost>
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/www.techlick.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/www.techlick.com/privkey.pem
        <Directory> /var/www/techlick.com/public_html>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/techlick.com/public_html
        ServerName techlick.com
</VirtualHost>

Thank you for your time and reply.

Regards,
Robert


#4

That’s strange indeed…? Should be fine…


#5

Hi Osiris,

Thanks for your reply. I have checked everything is there something that I may have missed. I removed the default apache welcome page and now I get a directory listing but my website is not showing.

https://techlick.com

Whereas http://techlick.com shows my website.

Regards.


#6

Stricktly speaking, your Let’s Encrypt certificate works perfectly :stuck_out_tongue:

You’re sure there aren’t any typo’s in the SSL part of the config? The config above is literally a copy/paste of the original?


#7

Thank you Osiris for continuing to support our quest to figure this out. I checked all files and literally I am scratching my head. I do not see any spaces or errors at all.

When tested at SSL Labs I got an “A” for locking this down but still my website will not show. And I have tried to reinstall the certs which is awesome :slight_smile: but to no avail since the website still will not show. But the https works! No website though.

Are there any path variables other than the httpd.conf and ssl.conf that need to be set with cert bot? I am scouring your documentation looking for any clue that may help.

Thank you again.

Regards,
Rob


#8

Specify LogLevel info in your SSL <VirtualHost *:443> section. Reload your Apache. Then, run a (for example) tail -f /var/log/apache/error.log. (Of course, pointing to the correct error log your Apache/VirtualHost is using!) And see what’s produced when you surf to https://techlick.com/non-existing-file. It should produce something like:

[Fri Aug 19 21:26:54.892409 2016] [core:info] [pid 28479:tid 139916577781504] [client 2001:981:xxxx:1:59da:9114:cfa4:fbcf:52768] AH00128: File does not exist: /var/www/vhosts/example.com/htdocs/non-existing-file

And with that error message, you can verify the correctness of your DocumentRoot/config.


#9

Hi Osiris,

Thanks for the reply! Steps on what I did:

  1. Typed https://techlick.com/letsencrypt_is_awesome.php in my browser and pressed enter.

  2. I received the below message but the real puzzle is I do not have /var/www/html set as my root, I have /var/www set as my DocumentRoot.

  3. Message I received:

[Fri Aug 19 18:19:01 2016] [error] [client 69.113.90.221] script ‘/var/www/html/letsencrypt_is_awesome.php’ not found or unable to stat

But I also received this error even though techlick.com is defined as server name:

[Fri Aug 19 18:08:54 2016] [warn] RSA server certificate CommonName (CN) `techlick.com’ does NOT match server name!?

I have some ideas on searching with grep or find but I got to come up with the correct syntax as I do not want to search the whole server.

What are your thoughts?

Thank you again.

Regards,
Rob


#10

In your pasted configuration file, it states DocumentRoot /var/www/techlick.com/public_html ?

I’m sure you’re not having gigabytes of configuration files, correct? So grepping in /etc/apache2 shouldn’t be too hard… B/c I’m still sure it’s a configuration error somewhere.


#11

Osiris thank you for the very quick reply.

Yes that is right /var/www/techlick.com/public_html but I do not have a apache2 directory.

Bear with me I am not that experienced - have only be running my own server for a year. :blush:

But I think I should find all conf files on my server and see where that entry /var/www/html resides. I’ll report back.

Thank you again for your time and reply! :sunglasses:


#12

Apache2 directory or not, you do have a specific directory where all your Apache config files reside, is it not? How could you give us the above VirtualHost parts?


#13

Osiris thank you again for your reply! You were right.

Yes I found the culprit and it appears somehow my original hosts files changed the path from /var/www/ to /var/www/html. Which in all honesty I know I had commented out and replaced with /var/www/ before I even started researching for an https solution.

Anywhoos now I get a directory listing of all my sites only on https ands I have assigned the https cert to a bunch of vhosts.

The install went beautiful but it is these configurations that I need to track down and fix.

Any other suggestions?

Thanks again for your time and support on this issue! :slight_smile:


#14

Can’t really help you further besides that your DocumentRoot obviously still isn’t correct…

The directory listing you’re referring to is even loaded when entered a fake, non-existing hostname in the HTTP Host header. Probably you have some default (the first) <VirtualHost *:443> which is used.

Also:

This server could not prove that it is betterhalf.date; its security certificate is from techlick.com. This may be caused by a misconfiguration or an attacker intercepting your connection.


#15

You are quick. Interesting feedback. HTTP works with the following /var/www/ as DocumentRoot but with HTTPS it is perplexing me.

I agree with you I think it is just a major misconfiguration somewhere in my files. I might start up a new server and see how that works. But thanks for your help and I’ll try to get back to you on what really was going on.

Have a good life Osiris.


#16

I’m not sure why your configuration files are so difficult to manage. The *:443 VirtualHosts should be practically identical to the :*80 ones. Only the SSLCertificateFile, SSLCertificateChainFile and SSLCertificateKeyFile and perhaps some small details, but thinks like DocumentRoot should be identical.


#17

Exactly - the files are identical. I will have to go over this - anyway I am thinking of upgrading the server. Just don’t know why a directory list was showing after I set the DocumentRoot even though all the other files have the correct variables such as htaccess and the conf files.

Thanks again Osiris - I’ll get back to you on this one.


#18

The first thing I notice is an extra >


#19

Thank you for the reply - been quite busy - I am actually building a new server and all should be good when I am done. I changed what you noticed and still for some reason it didn’t work - hence the new server. Cheers!


#20

Hello my friend Osiris,

I finally got around to improving my sites and everything is working - the only issue is that I have rss feeds on some pages and it breaks the SSL because these images are served with HTTP. I am trying to figure out what I could do to fix this - so I am googling for an answer. Thought I could do this in my .htaccess file but hasn’t worked.

Most images come from Amazon or eBay. And some from other sites that have the http source.

Any suggestions are welcomed. And thanks for all your help.

Regards,
Rob