Are you sure you didn't create it in /etc/apache2/sites-enabled the first time? Don't end up with duplicates, that will result in confusing behavior.
Location is documented at cockpit.conf
Yes
2 Likes
You're completely right I knew it had to be a tiny mistake on my side. It's in sites-enabled not sites-available
I also do not have a file called cockpit.conf inside of /etc/cockpit/. I just have 2 folders called ws-certs.d and machines.d. I did sudo vim /etc/cockpit/cockpit.conf to make a new file and included
I restarted apache2 and cockpit and it works perfectly after clearing my browser cache. I have no idea how you're so knowledgeable about all of this SSL stuff but it's absolutely crazy and as someone who wants to major in cybersecurity I need to be doing what you're doing to learn.
2 Likes
Also this is my last question I'm gonna try doing things with plex on my own using the advice you gave way earlier so this isn't about that, but I can still access http://cockpit.shinytreecko.com which doesn't use SSL. https://cockpit.shinytreecko.com is working perfectly though and I am about to delete the port forwarding rule for 9090 on my router so I can't use shinytreecko.com:9090 without SSL but I want to see if I can get this to work before doing that. I tried changing
to AllowUnencrypted = false then restarting apache2 and cockpit which caused the same redirect issue. I changed it back and ran sudo certbot-auto install --cert-name cockpit.shinytreecko.com -i apache, then I ran sudo certbot-auto --apache -d cockpit.shinytreecko.com and pressed 2 each time to make it force redirects to https then restarted both services. It still lets me use http://cockpit.shinytreecko.com. This is okay and I am so happy with all of the help you have given and if you do not want to help with this piece I understand that I have asked for a whole lot.
I would have expected that running the following should cause Apache to redirect HTTP to HTTPS for the Cockpit domain:
sudo certbot-auto install --cert-name cockpit.shinytreecko.com -i apache --redirect
If it doesnât, thatâs probably Certbot doing the wrong thing again.
But you can mimic what Certbot does by hand. In your cockpit.conf, youâd add inside the virtualhost tag the following:
RewriteEngine on
RewriteCond %{SERVER_NAME} =cockpit.shinytreecko.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
2 Likes
It might also be this command, which I have literally never seen anybody use but thats what the help topic says:
sudo certbot-auto enhance --redirect --cert-name cockpit.shinytreecko.com -i apache -n
But it looks like you got it working on your own already 
.
2 Likes
It was certbot doing the right thing but putting it in the wrong place.
This was the contents of
/etc/apache2/sites-enabled/cockpit.conf. I moved all of this
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://192.168.1.90:9090/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://192.168.1.90:9090/$1 [P,L]
below everything that certbot added so that it wasnât in between RewriteEngine On and the lines certbot added. This fixed it and it now redirects thank you so much for all of your help and this has been a really great learning opportunity which has also increased the amount of patience I have with computers. I almost feel like I need to try plex by myself while Iâm on a roll instead of waiting until I feel like trying then getting confused and posting on a forum full of smarter people 
!
1 Like
I just had to say that just before bed, you gave me a good laugh! That's exactly what computers. 
Happy to see you got things under control.
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.