Installed cert-bot in automated mode on apache but website isn't opening


#1

Hi all.
I have a website on https://unfalsecoding.net (without www)

OS is Ubuntu 14.04
Server version: Apache/2.4.7 (Ubuntu)
Server built: Nov 28 2018 00:08:50
My webserver is hosted on a virtual server.

Ran

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache 
$ sudo certbot --apache

It found out that I have a website on unfalsecoding.net and gave me a choice to make a redirect or not (1 or 2). I chose 1.
After that it worked for a while and then wrote

- Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/unfalsecoding.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/unfalsecoding.net/privkey.pem
   Your cert will expire on 2019-04-24. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"

Everything seems installed properly and port 443 is opened but I cannot open my website anymore as chrome shows an error

This site can’t be reached
**unfalsecoding.net**  refused to connect.

The ssllabs at
https://www.ssllabs.com/ssltest/analyze.html?d=www.unfalsecoding.net
also shows

Assessment failed: No secure protocols supported

Also I didn’t do anything else besides the steps above.
Should I share my apache configs ?


#2

Hi @unfalse

you have created a certificate:

https://crt.sh/?q=unfalsecoding.net

But your website ( https://check-your-website.server-daten.de/?q=unfalsecoding.net )

Domainname Http-Status redirect Sec. G
http://unfalsecoding.net/
109.234.36.89 -2 1.060 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 109.234.36.89:80
http://www.unfalsecoding.net/
109.234.36.89 -2 1.050 V
ConnectFailure - Unable to connect to the remote server No connection could be made because the target machine actively refused it 109.234.36.89:80
https://unfalsecoding.net/
109.234.36.89 -4 0.070 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. Authentication failed because the remote party has closed the transport stream.
https://www.unfalsecoding.net/
109.234.36.89 -4 0.077 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. Authentication failed because the remote party has closed the transport stream.

blocks everything.

Active blocking or closing the transport stream. Is there a firewall or something else? Are you able to connect the website from the server (using curl with 127.0.0.1 and port 80)?

Is your webserver running?


#3

Thank you for your answer!

sudo service apache2 restart
 * Restarting web server apache2
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
AH00015: Unable to open logs
Action 'start' failed.
The Apache error log may have more information.
   ...fail!
 * The apache2 instance did not start within 20 seconds. Please read the log files to discover problems

I am trying now to solve it by myself but I highly appreciate any help.


#4

Looks like you have already an instance running. Can you reboot your server?


#5

Thanks a lot!
I have just found a docker-proxy on :443
So I launched sudo docker stop and sudo service apache2 restart and my website is running now on http now but still not on https. Maybe I need to comment out the config for http and port 80.


#6

Oh, I know. It’s always a good idea what the own server is doing :wink:

Same with code :sunny:


#7

Now everything is working!
I forgot that I have a couple of other virtual hosts and it seems that the automated cert-bot found the first virtual host and installed the certificates on it. So I removed them and only one has left. Ran sudo certbot --apache and restarted the Apache.
It has now a gray lock icon in Chrome but I think it’s another issue that I will solve later.
Thanks for help!:smiley:


#8

There are two problems:

First, you have the www version defined in your dns settings. But the certificate has only the non-www domain name. So perhaps create a new certificate with both domain names.

This

http://unfalsecoding.net/fonts/blox2.ttf

is mixed content on your http status 404 page.