Installation successful but pages do not load via https

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: edupro.academy and lms.edupro.academy

I ran this command:

It produced this output:

My web server is (include version): Apache 2.4

The operating system my web server runs on is (include version): Ubuntu 22.04

My hosting provider, if applicable, is: my server

I can login to a root shell on my machine (yes or no, or I don't know): yes - port 22,80,443 open

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.21

I have made a successful installation for both VHosts, edupro.academy and lms.edupro.academy. Both can be accessed via http but not via https.

I have set my DNS records to : @ > server ip address and www > ip address and finally created a CNAME with lms pointing to edupro.academy

Am i missing something ?

Any help would be very much appreciated.

Cheers

1 Like

@lyes Welcome to the community.

Yes, much looks good. First thing to check is your router NAT config for port 443. Your port 80 is working right so compare to that (except of course use port 443).

And, make sure any firewall allows port 443.

4 Likes

edupro@edupro:~$ lsof -i -P -n | grep LISTEN | grep :22
edupro@edupro:~$ sudo lsof -i -P -n | grep LISTEN | grep :22
sshd 912 root 3u IPv4 20454 0t0 TCP *:22 (LISTEN)
sshd 912 root 4u IPv6 20456 0t0 TCP *:22 (LISTEN)
edupro@edupro:~$ sudo lsof -i -P -n | grep LISTEN | grep :80
apache2 956 root 4u IPv6 25601 0t0 TCP *:80 (LISTEN)
apache2 972 www-data 4u IPv6 25601 0t0 TCP *:80 (LISTEN)
apache2 973 www-data 4u IPv6 25601 0t0 TCP *:80 (LISTEN)
edupro@edupro:~$ sudo lsof -i -P -n | grep LISTEN | grep :443
apache2 956 root 6u IPv6 25605 0t0 TCP *:443 (LISTEN)
apache2 972 www-data 6u IPv6 25605 0t0 TCP *:443 (LISTEN)
apache2 973 www-data 6u IPv6 25605 0t0 TCP *:443 (LISTEN)

However when i run an ssl check at my domain name provider, i get :
443 port seems to be filtered, check your firewall/server configuration.
Hostname* edupro.academy
Port* 443

Looks like your Apache is listening on 443 so there must be something between Apache and the public internet.

Looks like you might be hosting at icosnet. Check all their network settings to ensure it allows HTTPS (port 443) and is routed to your Apache

Also check

sudo ufw status

You might also try asking your hosting provider about this network / server config problem.

4 Likes

The thing is that i also have access via vpn to the server's local address 10.10.x.x in which case the https access should not be affected by the external firewall rules.

From your server, what does this do:

echo | openssl s_client -connect 127.0.0.1:443 --servername edupro.academy | head
4 Likes

Please show where you made all that happen.

3 Likes

on local LAN 10.10.x.x

I was able to load the website using https on local LAN using a different machine, very strange. Maybe there is a problem with my machine.

Anyway, i see there is an issue with a package installation. I will have to do a fresh install and start the process again.

Thanks for your help.

1 Like

i get :

:~$ echo | openssl s_client -connect 127.0.0.1:443 --servername
edupro.academy | head
40A7F98C1E7F0000:error:8000006F:system library:BIO_connect:Connection
refused:../crypto/bio/bio_sock2.c:125:calling connect()
40A7F98C1E7F0000:error:10000067:BIO routines:BIO_connect:connect
error:../crypto/bio/bio_sock2.c:127:

i get

Probably so if below is happening on your original machine. Does below work on the different machine that is working per above comment?

You could also try this but likely same result as openssl (error message will differ but same fails to connect). Try on working and failing machine

curl -I --resolve 'edupro.academy:443:10.10.x.x' https://edupro.academy

Replace x.x with actual local IP

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.