Hi all.
I have a website on https://unfalsecoding.net (without www)
OS is Ubuntu 14.04
Server version: Apache/2.4.7 (Ubuntu)
Server built: Nov 28 2018 00:08:50
My webserver is hosted on a virtual server.
Ran
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache
$ sudo certbot --apache
It found out that I have a website on unfalsecoding.net and gave me a choice to make a redirect or not (1 or 2). I chose 1.
After that it worked for a while and then wrote
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/unfalsecoding.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/unfalsecoding.net/privkey.pem
Your cert will expire on 2019-04-24. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
Everything seems installed properly and port 443 is opened but I cannot open my website anymore as chrome shows an error
This site can’t be reached
**unfalsecoding.net** refused to connect.
The ssllabs at
https://www.ssllabs.com/ssltest/analyze.html?d=www.unfalsecoding.net
also shows
Assessment failed: No secure protocols supported
Also I didn’t do anything else besides the steps above.
Should I share my apache configs ?
Hi @unfalse
you have created a certificate:
But your website ( https://check-your-website.server-daten.de/?q=unfalsecoding.net )
| Domainname |
Http-Status |
redirect |
Sec. |
G |
| • http://unfalsecoding.net/ |
|
|
|
|
| 109.234.36.89 |
-2 |
|
1.060 |
V |
| ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 109.234.36.89:80 |
|
|
|
|
|
|
|
|
|
| • http://www.unfalsecoding.net/ |
|
|
|
|
| 109.234.36.89 |
-2 |
|
1.050 |
V |
| ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 109.234.36.89:80 |
|
|
|
|
|
|
|
|
|
| • https://unfalsecoding.net/ |
|
|
|
|
| 109.234.36.89 |
-4 |
|
0.070 |
W |
| SendFailure - The underlying connection was closed: An unexpected error occurred on a send. Authentication failed because the remote party has closed the transport stream. |
|
|
|
|
|
|
|
|
|
| • https://www.unfalsecoding.net/ |
|
|
|
|
| 109.234.36.89 |
-4 |
|
0.077 |
W |
| SendFailure - The underlying connection was closed: An unexpected error occurred on a send. Authentication failed because the remote party has closed the transport stream. |
|
|
|
|
|
|
|
|
|
blocks everything.
Active blocking or closing the transport stream. Is there a firewall or something else? Are you able to connect the website from the server (using curl with 127.0.0.1 and port 80)?
Is your webserver running?
Thank you for your answer!
sudo service apache2 restart
* Restarting web server apache2
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
AH00015: Unable to open logs
Action 'start' failed.
The Apache error log may have more information.
...fail!
* The apache2 instance did not start within 20 seconds. Please read the log files to discover problems
I am trying now to solve it by myself but I highly appreciate any help.
Looks like you have already an instance running. Can you reboot your server?
Thanks a lot!
I have just found a docker-proxy on :443
So I launched sudo docker stop and sudo service apache2 restart and my website is running now on http now but still not on https. Maybe I need to comment out the config for http and port 80.
Oh, I know. It's always a good idea what the own server is doing 
Same with code 
Now everything is working!
I forgot that I have a couple of other virtual hosts and it seems that the automated cert-bot found the first virtual host and installed the certificates on it. So I removed them and only one has left. Ran sudo certbot --apache and restarted the Apache.
It has now a gray lock icon in Chrome but I think it’s another issue that I will solve later.
Thanks for help!
There are two problems:
First, you have the www version defined in your dns settings. But the certificate has only the non-www domain name. So perhaps create a new certificate with both domain names.
This
http://unfalsecoding.net/fonts/blox2.ttf
is mixed content on your http status 404 page.