HTTPS certificate not working

Last April, I asked for a HTTPS certificate "Let's Encrypt" for my application.
I installed a script to renew it autommatically.
Since April, I had no problem until last week and my HTTPS certificate has been renewed successfully.

Problem: My application is still reachable by my IP Adress but the redirection of my domain name to my IP Adress doesn't work anymore. I have no clue why.

  1. When I check on: https://www.ssllabs.com/ssltest/index.html with my domain name, I have this error:
    Assessment failed: Unable to connect to the server (but the result still return my IP Adress).

  2. When I check on: https://crt.sh/, I have my certificate who is valid unitl 26th of November:
    Validity
    Not Before: Aug 28 23:00:25 2020 GMT
    Not After : Nov 26 23:00:25 2020 GMT

Any clue where the problem can be ? What can I check to locate the problem ?
The problem is problably due to:

  • My certificate renewal ?

  • My redirection domaine name --> IP Adress ?

  • My server web ?

2 Likes

Hi @farang1991

your setup is unknown.

Your domain name is required.

2 Likes

My domain name is: https://promis2.laophenixconsulting.com/

What information of my Setup should be required?

2 Likes

Checking your domain - https://check-your-website.server-daten.de/?q=promis2.laophenixconsulting.com#url-checks

You have created one certificate, so that part has worked.

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2020-08-28 2020-11-26 promis2.laophenixconsulting.com
1 entries
Let's Encrypt Authority X3 2020-06-30 2020-09-28 promis2.laophenixconsulting.com
1 entries

But your https doesn't answer

ConnectFailure - Unable to connect to the remote server

So it's impossible to check your configuration.

2 Likes

Ok so my certificate is valid but not reachable from outside ?
How can I know where is the problem ?

I'm using NodeJS server and Apache. (I redirect my application to my port 80 and then my port 443)

2 Likes

I don't know if you use the certificate. So that conclusion is wrong.

Change that. AWS -> Firewall, security groups.

2 Likes

My port HTTPS is active on AWS.
How can I know on my server if I use a certificate or not ?

*Edit: My certificate was used during some months and renewed successfully as well more than 1 time.
Maybe a problem happened while my script was executed to renew my certificate (I stop and start my apache server)?

2 Likes

I would say try restarting your web server one more time, but port 80 is responding:

HTTP/1.1 200 OK
Date: Fri, 16 Oct 2020 17:05:59 GMT
Server: Apache/2.4.18 (Ubuntu)
X-Powered-By: Express
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Wed, 05 Aug 2020 10:14:59 GMT
ETag: W/"1acf-173be1deec0"
Content-Type: text/html; charset=UTF-8
Content-Length: 6863

So port 443 should also be responding, but it doesn't:
curl: (7) Failed to connect to 52.220.236.212 port 443: Connection refused

2 Likes

@rg305, I just restarted it but still the same problem :sleepy: Should I restart my AWS server ?

2 Likes

I don't think that will change anything, but if you can, sure.

I would focus on any firewalls along the way.
Then if that is all open, ensure that port 443 is actually listening on your server:
Show:
netstat -pant | grep -i listen

I'm still getting:

curl -Iki https://promis2.laophenixconsulting.com/
curl: (7) Failed to connect to promis2.laophenixconsulting.com port 443: Connection refused

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

2 Likes

This is the result:

Apparently, my 443 port is not listening.
My port 443 in Amazon is open.

3 Likes

There is where to start.
Something should be listening on port 443 (and using the active cert).

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

3 Likes

When I open my conf file in /opt/bitnami/apache2/conf/bitnami/bitnami.conf, I have that config:
Capture1

My config indicate that my web server should listen the 443 port, right ?
I used for some months already my HTTPS port and I didn't touch about my config, I don't see why it goes down.

2 Likes

I know very little about bitnami.
I do see the listen statements shown, but obviously something is preventing that from happening.

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

2 Likes

@rg305, I'm not sure if this could be a reason, but do you remember one user who is using AWS and several of his IPs stopped working? AWS was dropping packets which made it seem like it was a firewall blocking. In the last post (#6) the user included a reply from AWS.

To quote from end of his post:

Quoting from aws support:
"With the size and scale of AWS, traffic from different IPs can take different routes within the AWS network and a routing issue could cause a packet drop which looks very similar to a firewall that simply drops denied packets"

3 Likes

I think this is probably what you're looking for:

Then:

2 Likes

Thanks @griffin.
My AWS server port are already open and my redirection HTTP --> HTTPS worked for some months, so not sure that can help.

2 Likes

In the first picture I see <IfVersion 2.3 > around your NameVirtualHosts, which seems a very strange choice, but according to your web server it's running

Apache/2.4.18

which is the apache2 package version for Ubuntu 18.04.

I suggest you remove the <IfVersion 2.3 > condition.

While I doubt that an update of the Ubuntu apache2 package from 2.3 to 2.4 was what changed your working configuration, since 2.4 has been the apache2 version since at least 14.04, the non-default path you show suggests that this is a bundled httpd which may have been updated.

3 Likes

Okay @AJCxZ0, I removed my <IfVersion 2.3> condition for my appache config.
I restart as well my AWS server ... but still the same problem.
My application is reachabled by the port 80, but not the port 443. I don't knwo what to do now. Any suggestion ?

2 Likes

We need to be sure it is even listening on 443 first.

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

2 Likes