paramt
March 31, 2019, 2:06pm
1
I installed a certificate from certbot using these instructions , and everything seems fine. I got the Congratulations you successfully enabled https://api.param.me message. Additionally,
sudo apachect1 configtest says Syntax OKsudo service apache2 restart works
but HTTPS still doesn’t work (it times out)
I don’t know whether it matters or not but I should mention that www.param.me is hosted by Github Pages and its HTTPS works perfectly. I have 4 A records pointing @ to Github’s IP addresses, and 1 A record pointing api.param.me to my server, 206.167.183.187. My server has a virtual host in sites-enabled\api.param.me.conf that looked like this
<VirtualHost *:80>
ServerAdmin contact@param.me
ServerName api.param.me
DocumentRoot /var/www/param
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Certbot added this to sites-enabled\api.param.me.conf
<VirtualHost *:443>
ServerAdmin contact@param.me
ServerName api.param.me
DocumentRoot /var/www/param
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/api.param.me/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/api.param.me/privkey.pem
</VirtualHost>
And created sites-enabled\api.param.me-le-ssl.conf which looks like this
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin contact@param.me
ServerName api.param.me
DocumentRoot /var/www/param
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/api.param.me/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/api.param.me/privkey.pem
</VirtualHost>
</IfModule>
Domain: api.param.me
Web server: Apache 2.4.29
Operating system: Ubuntu 18.04
I can login to a root shell on my machine: Yes
Control Panel: No
Certbot Version: 0.31.0
Could there be a firewall blocking port 443?
Or a port forwarding configuration issue, if that’s involved?
paramt
March 31, 2019, 2:20pm
3
I’m not too sure on how I would check but I tried sudo ufw status and it returned Status: inactive. I haven’t touched any firewall/port forwarding configurations though
Hi @paramt
two different vHosts with the same ServerName and port 443?
You have created 4 certificates
CRT-Id
Issuer
not before
not after
Domain names
LE-Duplicate
next LE
1328795857
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-03-29 20:55:06
2019-06-27 19:55:06
api.param.me duplicate nr. 4
1326751937
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-03-29 01:07:57
2019-06-27 00:07:57
api.param.me duplicate nr. 3
1326640608
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-03-29 00:11:10
2019-06-26 23:11:10
api.param.me duplicate nr. 2
1326655302
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-03-29 00:10:12
2019-06-26 23:10:12
api.param.me duplicate nr. 1
but all certificates are new.
Looks like it is your first certificate.
Is mod_ssl.c installed?
What says
apachectl -S
paramt
March 31, 2019, 2:39pm
5
apachectl -S outputs
VirtualHost configuration:
*:80 is a NameVirtualHost
default server host-192-168-208-5.openstacklocal (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost host-192-168-208-5.openstacklocal (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost api.mathu.ca (/etc/apache2/sites-enabled/api.mathu.ca.conf:1)
port 80 namevhost api.param.me (/etc/apache2/sites-enabled/api.param.me.conf:1)
*:443 is a NameVirtualHost
default server host-192-168-208-5.openstacklocal (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost host-192-168-208-5.openstacklocal (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost api.mathu.ca (/etc/apache2/sites-enabled/api.mathu.ca-le-ssl.conf:2)
port 443 namevhost api.mathu.ca (/etc/apache2/sites-enabled/api.mathu.ca.conf:10)
port 443 namevhost api.param.me (/etc/apache2/sites-enabled/api.param.me-le-ssl.conf:2)
port 443 namevhost api.param.me (/etc/apache2/sites-enabled/api.param.me.conf:10)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33 not_used
Group: name="www-data" id=33 not_used
And my php.info has mod_ssl listed under Loaded Modules. If it would help here’s my info.phphttp://206.167.183.187/info.php
Looks like you have duplicated entries. Remove one of these (first, make a backup).
But (more important):
That's a local ip. So there must be a router or a firewall somewhere else. That must have a rule
yourpublic ip + 443 extern -> 192.168.208.5. + 443 intern
paramt
March 31, 2019, 3:19pm
7
I removed one of the duplicate entries, but I’m having trouble finding the redirect. Is there a certain directory where such rules are located? I tried putting
RewriteEngine off
in both /var/www/.htaccess as well as /etc/apache2/sites-enabled/000-default-le-ssl.conf but apachectl -S still shows the same thing
That's not a redirect in your webserver configuration.
That may be a router or a firewall otherwhere.
Your ip address 192.168 is a local address, so your webserver is invisible.
But your port 80 is visible, your port 443 not (checked with https://check-your-website.server-daten.de/?q=api.param.me ):
So this instance must have a rule
206.167.183.187 + port 80 -> 192.168.208.5 + port 80
You need the same with port 443.
system
April 30, 2019, 3:40pm
9
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.