Infinite Redirect Loop After Installing Cert

My domain is: imnegs.net

My web server is (include version):
2023.3.20240108-0.amzn2023 I think

The operating system my web server runs on is (include version):
Amazon Linux 2023

My hosting provider, if applicable, is:
AWS EC2

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.8.0

Hi, first off I'm a complete noob so please explain as if I know almost nothing. I'm a web dev (that works in a MS environment) and wanted to mess around and try to learn about certs and networking.

Before installing the Let's Encrypt cert, my site was working fine. I was able to go to the domain and see my html (which is just test). After installing, I get the "too many redirects" page in my browser. While searching through the posts here, I found someone that was using check-your-website.server-daten.de, so I ran that and that's how I came to the conclusion that I have an https > https redirect loop. How do I fix this?

Your webserver version is Server: Apache/2.4.58 (Amazon Linux) OpenSSL/3.0.8 (as it self-reports via http headers).

It is likely something bad is in the Apache configuration, which is causing your page to redirect to itself.

If you run this command on your server, it will tell us the configuration and we can help debug it:

sudo apachectl -t -D DUMP_VHOSTS

5 Likes

Thanks for pointing that out!

That command returns "Passing arguments to httpd using apachectl is no longer supported." I've seen other posts with a similar command though:

httpd -t -D DUMP_VHOSTS

So I tried that, and this is the output. Thank you for helping me!

VirtualHost configuration:
*:80                   imnegs.net (/etc/httpd/conf.d/imnegs.net.conf:1)
*:443                  is a NameVirtualHost
         default server imnegs.net (/etc/httpd/conf.d/imnegs.net-le-ssl.conf:2)
         port 443 namevhost imnegs.net (/etc/httpd/conf.d/imnegs.net-le-ssl.conf:2)
         port 443 namevhost ip-172-31-38-50.us-east-2.compute.internal (/etc/httpd/conf.d/ssl.conf:56)

I've been messing around with stuff since posting this topic. I think I should just trash the server at this point and spin up a new one. I'll reply again if I run into the same issue.

1 Like

If you want to paste the config files from /etc/http/conf.d/, we can try to find out what's wrong with them, but it's up to you :slight_smile:

2 Likes

@TheCC presently I see both Ports 80 & 443 are filtered,
most likely one or more firewalls are the cause.

$ nmap -Pn -p80,443 imnegs.net
Starting Nmap 7.80 ( https://nmap.org ) at 2024-01-25 03:26 UTC
Nmap scan report for imnegs.net (3.144.72.153)
Host is up.
rDNS record for 3.144.72.153: ec2-3-144-72-153.us-east-2.compute.amazonaws.com

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 3.10 seconds

Also using the online tool Let's Debug yields these results https://letsdebug.net/imnegs.net/1781846

ANotWorking
ERROR
imnegs.net has an A (IPv4) record (3.144.72.153) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with imnegs.net/3.144.72.153: Get "http://imnegs.net/.well-known/acme-challenge/letsdebug-test": context deadline exceeded

Trace:
@0ms: Making a request to http://imnegs.net/.well-known/acme-challenge/letsdebug-test (using initial IP 3.144.72.153)
@0ms: Dialing 3.144.72.153
@10000ms: Experienced error: context deadline exceeded
IssueFromLetsEncrypt
ERROR
A test authorization for imnegs.net to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
3.144.72.153: Fetching http://imnegs.net/.well-known/acme-challenge/zzgQUA63sN_CRrIs45Kt9A58z7xJGCqf-br2wLdevnw: Timeout during connect (likely firewall problem)
2 Likes

They've probably deleted the server now. It was up earlier.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.