Letsencrypt successfully install in ubuntu but not redirection to https

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
3mad.in
I ran this command:
sudo lsof -iTCP -sTCP:LISTEN -P
It produced this output:


My web server is (include version):
Apache2
The operating system my web server runs on is (include version):
Ubuntu 18.04 LTS
My hosting provider, if applicable, is:
AWS
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot --version : certbot 0.31.0
certbot-auto --version : certbot 1.7.0

1 Like

The title says “not working” but the content doesn’t say what is not working.

sorry.
Cant get redirection to https working after setup with Certbot

Let’s start with:
apachectl -S
Which should show us all the domain names, and corresponding files, being served.
Then please also show the HTTP vhost config that covers the domain name that isn’t redirecting (file name will be shown by that command).

1 Like

VirtualHost configuration:
*:80 is a NameVirtualHost
default server 3mad.in (/etc/apache2/sites-enabled/000-default-le-ssl.conf:44)
port 80 namevhost 3mad.in (/etc/apache2/sites-enabled/000-default-le-ssl.conf:44)
port 80 namevhost 3mad.in (/etc/apache2/sites-enabled/000-default.conf:1)
alias www.3mad.in
*:443 is a NameVirtualHost
default server 3mad.in (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost 3mad.in (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
alias demo.3mad.in
port 443 namevhost ip-172-31-42-11.ap-south-1.compute.internal (/etc/apache2/sites-enabled/default-ssl.conf:2)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

1 Like

This is s problem:

The same domain name is being served by two vhost config files.

1 Like

so can we run this for disable default site
sudo a2dissite 000-default

Yes, that will disable the default site.
But I would review what both the files are doing before making a final decision.

Please show both files.

1 Like

/etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName 3mad.in
ServerAlias www.3mad.in

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

<Directory /var/www/html>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Require all granted
</Directory>

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf

#SSLEngine on
#SSLCertificateFile /etc/letsencrypt/live/3mad.in/cert.pem
#SSLCertificateKeyFile /etc/letsencrypt/live/3mad.in/privkey.pem
#SSLCertificateChainFile /etc/letsencrypt/live/3mad.in/chain.pem

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

/etc/apache2/sites-enabled/000-default-le-ssl.conf

<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName 3mad.in
#ServerAlias www.3mad.in

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
<Directory /var/www/html>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf

Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias demo.3mad.in
SSLCertificateFile /etc/letsencrypt/live/3mad.in/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/3mad.in/privkey.pem



<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName 3mad.in
#ServerAlias www.3mad.in

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

<Directory /var/www/html>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Require all granted
</Directory>

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
1 Like

The two blocks are essentially the same.
With only one minor difference:

/etc/apache2/sites-enabled/000-default.conf
ServerAlias www.3mad.in

/etc/apache2/sites-enabled/000-default-le-ssl.conf
#ServerAlias www.3mad.in

I would go ahead and disable the default file first and then we can work on the redirection.

1 Like

done

1 Like

Please show the current:
apachectl -S

1 Like

1 Like

Much better :slight_smile:
Now insert this code right after “DocumentRoot” line in 000-default-le-ssl.conf

  #set the default action for all other requests
  <LocationMatch "^/(?!\.well-known)">
    #send all other requests to HTTPS
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1
  </LocationMatch>

and restart Apache

to be clear: There are two documentroot lines, insert within the HTTP block

1 Like

done

1 Like

Didn’t type fast enough.
It actually goes lower in the other block - that is the HTTPS block
[there is no need to redirect to HTTPS from within the HTTPS block - LOL]

1 Like

done

<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName 3mad.in
#ServerAlias www.3mad.in

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
<Directory /var/www/html>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf

Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias demo.3mad.in
SSLCertificateFile /etc/letsencrypt/live/3mad.in/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/3mad.in/privkey.pem



<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName 3mad.in
#ServerAlias www.3mad.in

ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
 #set the default action for all other requests

<LocationMatch “^/(?!.well-known)”>
#send all other requests to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1

<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
1 Like

OK let’s thy the HTTP site now.

Seems a bit busy right now:

curl -Iki 3mad.in
HTTP/1.1 503 Service Unavailable: Back-end server is at capacity
Connection: keep-alive
1 Like

still show the same error

Hmmm… can’t reach this page

3mad.in refused to connect.

Try:

ERR_CONNECTION_REFUSED

1 Like

I originally got this:

curl -Iki 3mad.in
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 7969
Content-Type: text/html
Date: Fri, 14 Aug 2020 06:52:31 GMT
ETag: "1f21-5acbea5eba1c0"
Last-Modified: Thu, 13 Aug 2020 09:08:31 GMT
Server: Apache/2.4.29 (Ubuntu)
Vary: Accept-Encoding
Connection: keep-alive

but now only this:

curl -Iki 3mad.in
HTTP/1.1 503 Service Unavailable: Back-end server is at capacity
Connection: keep-alive
1 Like