HTTPS certificate not working

I don't think that will change anything, but if you can, sure.

I would focus on any firewalls along the way.
Then if that is all open, ensure that port 443 is actually listening on your server:
Show:
netstat -pant | grep -i listen

I'm still getting:

curl -Iki https://promis2.laophenixconsulting.com/
curl: (7) Failed to connect to promis2.laophenixconsulting.com port 443: Connection refused

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

2 Likes

This is the result:

Apparently, my 443 port is not listening.
My port 443 in Amazon is open.

3 Likes

There is where to start.
Something should be listening on port 443 (and using the active cert).

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

3 Likes

When I open my conf file in /opt/bitnami/apache2/conf/bitnami/bitnami.conf, I have that config:
Capture1

My config indicate that my web server should listen the 443 port, right ?
I used for some months already my HTTPS port and I didn't touch about my config, I don't see why it goes down.

2 Likes

I know very little about bitnami.
I do see the listen statements shown, but obviously something is preventing that from happening.

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

2 Likes

@rg305, I'm not sure if this could be a reason, but do you remember one user who is using AWS and several of his IPs stopped working? AWS was dropping packets which made it seem like it was a firewall blocking. In the last post (#6) the user included a reply from AWS.

To quote from end of his post:

Quoting from aws support:
"With the size and scale of AWS, traffic from different IPs can take different routes within the AWS network and a routing issue could cause a packet drop which looks very similar to a firewall that simply drops denied packets"

3 Likes

I think this is probably what you're looking for:

Then:

2 Likes

Thanks @griffin.
My AWS server port are already open and my redirection HTTP --> HTTPS worked for some months, so not sure that can help.

2 Likes

In the first picture I see <IfVersion 2.3 > around your NameVirtualHosts, which seems a very strange choice, but according to your web server it's running

Apache/2.4.18

which is the apache2 package version for Ubuntu 18.04.

I suggest you remove the <IfVersion 2.3 > condition.

While I doubt that an update of the Ubuntu apache2 package from 2.3 to 2.4 was what changed your working configuration, since 2.4 has been the apache2 version since at least 14.04, the non-default path you show suggests that this is a bundled httpd which may have been updated.

3 Likes

Okay @AJCxZ0, I removed my <IfVersion 2.3> condition for my appache config.
I restart as well my AWS server ... but still the same problem.
My application is reachabled by the port 80, but not the port 443. I don't knwo what to do now. Any suggestion ?

2 Likes

We need to be sure it is even listening on 443 first.

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

2 Likes

My web server doesn't listen on port 443 anymore. I opened already this port on AWS Networking of my instance. How to make my web server listen to this port again ?

1 Like

Did it ever?

This section is very confusing:
Capture1
It tries to setup a virtual host that listens to both 80 and 443.
But only IF version = 2.3 ?
That doesn't sound like anything I would ever want to do.

Can we see the complete file?

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

2 Likes

Yes it was working well from April to September. My certificate was renewed automatically few times already.

I deleted the condition IF version = 2.3 yesterday.

My complete file:

Capture2

Maybe I sould delete as well the <IfVersion <2.3> from my configuration of VirtualHost:80 and from VirtualHost:443 ?

2 Likes

This section is outside of any virtual host:
image
[that looks weird]

I'm not sure this hasn't been deprecated (in your version):
image

Do you have an old backup of this file or folder?
[maybe we can look in there for how it used to be and worked]

Can you run?:
apachectl -S

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

2 Likes

apachectl -S give me:

I never modified my conf file since April.

2 Likes

Please show:
grep -Ri listen /etc/apache2/ /opt/bitnami/

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

2 Likes

grep -Ri listen /etc/apache2/ /opt/bitnami/ give me a long output starting by:

2 Likes

Let's have look at:
cat /etc/apache2/ports.conf

and retry search with sudo:
sudo grep -Ri listen /opt/bitnami/

[&2* readers: Get involved; Be heard. It starts with: if you read something you like, then like it :heart:]

2 Likes

give me:
image

2 Likes