Page display error even when config seems right

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
uat5.myeg.com.my

I ran this command:

curl -vvv https://uat5.myeg.com.my

curl -vvv https://192.168.121.11

It produced this output:

[root@qavm6-2 ~]# curl -vvv https://uat5.myeg.com.my
* About to connect() to uat5.myeg.com.my port 443 (#0)
*   Trying 58.26.224.128...
* Connected to uat5.myeg.com.my (58.26.224.128) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -5978 (PR_NOT_CONNECTED_ERROR)
* Network file descriptor is not connected
* Closing connection 0
curl: (35) Network file descriptor is not connected


[root@qavm6-2 ~]# curl -vvv https://192.168.121.11
* About to connect() to 192.168.121.11 port 443 (#0)
*   Trying 192.168.121.11...
* Connected to 192.168.121.11 (192.168.121.11) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*       subject: CN=uat5.myeg.com.my
*       start date: Jul 10 07:14:23 2020 GMT
*       expire date: Oct 08 07:14:23 2020 GMT
*       common name: uat5.myeg.com.my
*       issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
* NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN)
* Unable to communicate securely with peer: requested domain name does not match the server's certificate.
* Closing connection 0
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
[root@qavm6-2 ~]#

My web server is (include version):
httpd24-httpd
Server version: Apache/2.4.34 (Red Hat)

The operating system my web server runs on is (include version):
CentOS Linux release 7.6.1810 (Core)

My hosting provider, if applicable, is:
NA

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
NA

There is nothing responding there. Is the IP address right? Is the firewall configured appropriately?

Connections refused:

curl -Iki https://uat5.myeg.com.my
curl: (7) Failed to connect to uat5.myeg.com.my port 443: Connection refused

curl -Iki http://uat5.myeg.com.my
curl: (7) Failed to connect to uat5.myeg.com.my port 80: Connection refused
% nmap -A uat5.myeg.com.my
Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-25 18:24 CEST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.46 seconds

% nmap -Pn -A uat5.myeg.com.my
Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-25 18:25 CEST
Nmap scan report for uat5.myeg.com.my (58.26.224.128)
Host is up.
All 1000 scanned ports on uat5.myeg.com.my (58.26.224.128) are filtered

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 202.16 seconds

I’m getting ICMP communication administratively prohibited responses back in a (standard ICMP) traceroute from the host 58.26.224.4.

By the way, this is also the case for your base domain myeg.com.my on the IP address 58.26.224.29. Same response from the same host.

Looks like a firewall or misconfigured router if you ask me.

Funny enough I’m getting timeouts indeed on TCP port 80 and 443.

And by the way: this is not a TLS nor Let’s Encrypt issue, but more like a generic networking issue. Port 80 is down too, so no specific relation to HTTPS on port 443.

For http I am using port 81.

Perhaps physical firewall, because the server software firewall has been turned off.

You have to use port 80, nothing else.

Please read the basics:

then

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.