Http to Https redirect using Certbot results in %24servame

I am using Certbot/Letsencrypt on my own VPS to add an extra layer of security to my websites (http --> https).

Problem

When I visit the link http://subdomain.example.nl, I get the following error:

This site can't be reached (DNS_PROBE_FINISHED_NXDOMAIN)

as it tries to reach https://subdomain.%24servame (this is what I find in my url bar)

www.example.nl results in https://%24servame/

So I think there is something wrong in my Apache2 config (sites-available) files.

What I tried

Basically nothing yet, as I'm afraid to mess it up even more. It is a live website, and via the https:// directly it works (basically how people get to there anyways, as they just click a link). So it works. But when I quickly try to type the link in a chat, it won't work. I need to make sure people can share this link by memory if they have to.

I sincerely hope somebody can spot something wrong in my file. I googled this issue, but i can't seem to find anything relevant.

Apache config

subdomain.example.nl.conf

<VirtualHost *:80>
        ServerAdmin webmaster@example.nl
        DocumentRoot /var/www/example.nl/www/webroot

        ServerName subdomain.example.nl

        <Directory /var/www/example.nl/www>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride all
                Order allow,deny
                allow from all
        </Directory>

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        ErrorLog ${APACHE_LOG_DIR}/www.example.nl.error.log
        CustomLog ${APACHE_LOG_DIR}/www.example.nl.access.log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =subdomain.example.nl
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

subdomain.example.nl-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@example.nl
        DocumentRoot /var/www/example.nl/www/webroot

        ServerName subdomain.example.nl

        <Directory /var/www/example.nl/www>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride all
                Order allow,deny
                allow from all
        </Directory>

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        ErrorLog ${APACHE_LOG_DIR}/www.example.nl.error.log
        CustomLog ${APACHE_LOG_DIR}/www.example.nl.access.log combined

RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =subdomain.example.nl
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]


SSLCertificateFile /etc/letsencrypt/live/subdomain.example.nl/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subdomain.example.nl/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

I asked my question at serverfault as well, but since I'm with my hands in my hair I'm posting it here as well.

https://serverfault.com/posts/1092916

Do you have any .htaccess file(s) in effect?

Are you using any url redirect feature at your domain name registrar?
(I could not check since you did not share domain name)

2 Likes

Hi there Mike,

I'm using CakePHP, so these are the only .htaccess files to my knowlege. GitHub - cakephp/app: CakePHP application template
Please note that my documentroot is already set to /webroot/, therefore only this .htaccess file is used. https://github.com/cakephp/app/blob/4.x/webroot/.htaccess

My registrar is not using any url redirect features (as far as I know). I can send you the domain name per DM if you really need it. I'm not allowed to share it publicly unfortunately.

Edit:

https://check-your-website.server-daten.de/ gives the following error: (also i'm missing HSTS headers).

Wrong redirect one domain http to other domain https. First redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security). First step: Add correct redirects http ⇒ https. Perhaps in your port 80 vHost something like "RewriteEngine on" + "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]" (two rows, without the "). Don't add this in your port 443 vHost, that would create a loop. Then recheck your domain, should be Grade C. There is the rule to select one https version as preferred version.

This jumps out at me:

%24 is url encoding for $

My guess is that somewhere you have a redirect to $servame as a string, not an interpolated variable. I would search your apache configs and .htaccess files for that string.

5 Likes

You sir, are a legend.

Apparantly I still had a unused vhost, which I hadn't enabled. As I was already using another file with some Macros in it. Therefore, I was looking at the whole wrong config file.

Running grep -rnw '/etc/apache2' -e '$servame' gave me a result I wasn't quite expecting.

This was in the config file I was actually using.

<Macro VHostBlock $servname>
<IfModule mod_ssl.c>
use VHostSSL $servname $servname/www/webroot
use VHostSSL rsvp.$servname $servname/www/webroot
use VHostRewrite www.$servname $servname
</IfModule>

use VHostRedirect $servname $servame <-- typo
use VHostRedirect www.$servname $servame <-- typo
use VHostRedirect rsvp.$servname rsvp.$servame <-- typo
</Macro>

use VHostBlock example.nl

UndefMacro VHostBlock

I never noticed it myself, as my browser was caching the correct redirect of the old vhost file.

Thanks for the heads up.

And yes, I'm lazy, so I try to put everything in functions/macros.

2 Likes

glad to help!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.