HTTP is fine and access content, but HTTPS after installed shows nothing on browser

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: quitandavirtual.saf.pi.gov.br

I ran this command: certbot --apache

It produced this output: Certbot is installed and working, i see it on browser

My web server is (include version): Apache 2.4.37 (Oracle Linux)

The operating system my web server runs on is (include version): Oracle Linux 8

My hosting provider, if applicable, is: Self hosted

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.16.0

Hello. As i say on the information below, certbot is installed and generates the certificate as we can see when access the address on some browser at https://quitandavirtual.saf.pi.gov.br. The issue is that when SSL is active, don't show the website content... just a blank page.


But the website has content. If you check at HTTP address at http://quitandavirtual.saf.pi.gov.br will se content normally.

Is something i forgot to do?

2 Likes

I am seeing the same issue

my sites are all owned by www-data:www-data

also chmod 755 seems to be the best option

But the file permissions does not changes the fact that the content is not available when accesss via HTTPS

2 Likes

I don't see the relation with ownership/permissions, could you please clarify why this would help?

No, usually this works nicely out of the box. I'm guessing your initial Apache configuration was a little bit too non-standard for certbot to understand. Or perhaps there already was a non-functional HTTPS virtualhost and certbot thought it should use that. So it just installed the newly issued certificates and thats it: still non-functional, but now with a good cert.

Could you please show the output of:

sudo apachectl -S

3 Likes

I second the motion; the best place to start is with the Apache configuration:

2 Likes

Hello @Osiris , follow the result of sudo apachectl -S command:

$ sudo apachectl -S
[sudo] senha para gestor: 
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::e3eb:a75e:2c3c:c292. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80                   quitandavirtual.saf.pi.gov.br (/etc/httpd/conf.d/quitandavirtual.saf.pi.gov.br.conf:11)
*:443                  is a NameVirtualHost
         default server quitandavirtual.saf.pi.gov.br (/etc/httpd/conf.d/quitandavirtual.saf.pi.gov.br.conf:21)
         port 443 namevhost quitandavirtual.saf.pi.gov.br (/etc/httpd/conf.d/quitandavirtual.saf.pi.gov.br.conf:21)
         port 443 namevhost fe80::e3eb:a75e:2c3c:c292 (/etc/httpd/conf.d/ssl.conf:40)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex lua-ivm-shm: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/etc/httpd/run/" mechanism=default 
Mutex cache-socache: using_defaults
PidFile: "/etc/httpd/run/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
2 Likes

We should have a look at this file:

3 Likes

HTTPS redirect commented to allow HTTP for tests purposes...

<VirtualHost *:80>
  ServerName quitandavirtual.saf.pi.gov.br

  #RewriteEngine on
  #RewriteCond %{SERVER_NAME} =quitandavirtual.saf.pi.gov.br
  #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>
  ServerName quitandavirtual.saf.pi.gov.br

  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/quitandavirtual.saf.pi.gov.br/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/quitandavirtual.saf.pi.gov.br/privkey.pem
  Include /etc/letsencrypt/options-ssl-apache.conf

  DocumentRoot /var/www/quitandavirtual.saf.pi.gov.br/html/

  ErrorLog /var/log/httpd/quitandavirtual.saf.pi.gov.br_error.log
  CustomLog /var/log/httpd/quitandavirtual.saf.pi.gov.br_access.log combined
</VirtualHost>
2 Likes

hmm...
Is that the correct document root?

2 Likes

Yes.

Also, it works fine on HTTP access

2 Likes

No it doesn't work.
[you must be viewing cached content]

This is what I get now:
image

2 Likes

This is what I am seeing Rudy...

Screenshot_2021-06-02_10-58-11

Source Code is empty. (Hence Blank)

3 Likes

@RIp The problem isn't the certificate, but the sites content: apparently it shouldn't be blank.

3 Likes

Yeah I am seeing that... wondering if Op is actually serving from "/var/www/html" ? :face_with_raised_eyebrow:
There must be a file or there would be a 404... correct me if I am in error please.

2 Likes

Well, the HTTP *:80 VirtualHost only has a ServerName directive with the redirect commented out, so all other directives such as DocumentRoot are inherited from the default directives outside the VirtualHost.

OP should fix the HTTPS *:443 VirtualHost or put some contents in /var/www/quitandavirtual.saf.pi.gov.br/html/ :stuck_out_tongue:

3 Likes

Exactly. This is the content.

So if you see too, it's not cache... HTTP works... HTTPS gives blank content!

2 Likes

Hi @wemersonrv so I see what you see.
Are you certain that you are serving HTTP and HTTPS with the same content from the same folder space? Food for thought.
(I'd recommend checking the server logs for additional verification and possible errors.)

EDIT: I agree with @Osiris . Additionally I would declare the same document root in your vhost :80 that you declare in vhost 443. This would eliminate the possibility of a "rogue" DocumentRoot in your main config confusing things.

3 Likes

Found the problem!

Well, not a problem... the HTTPS access is fine. see: https://quitandavirtual.saf.pi.gov.br/teste.html

There is something wrong on the main index.php file... so it's not my problem anymore... sen't it to developer do his fixes.

Thank U all for you help folks!!

5 Likes

Are you using PHP 8 which seems to be best for WordPress ect

@wemersonrv

You could do yourself a favor by replacing these three lines:

with this one line:

Redirect permanent "/" "https://quitandavirtual.saf.pi.gov.br/"

https://httpd.apache.org/docs/current/rewrite/avoid.html

4 Likes