Performed steps but now SSL not installed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:www.citihealth.in - https://crt.sh/?q=www.citihealth.in

I ran this command:1. sudo apt update
2. sudo apt install ufw
3. sudo ufw status, if inactive
4. sudo ufw allow ssh
5. sudo ufw allow http
6. sudo ufw allow https

INSTALLING SNAPD

  1. sudo apt update
  2. sudo apt install snapd
  3. sudo snap install core
  4. sudo snap refresh core

Installing Certbot

  1. sudo apt remove certbot
  2. sudo snap install --classic certbot
  3. sudo ln -s /snap/bin/certbot /usr/bin/certbot
  4. sudo certbot --apache

It produced this output: Successfully received certificate.

My web server is (include version): Apache2 2.8

The operating system my web server runs on is (include version):Debian 4.19

My hosting provider, if applicable, is: contabo

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): No Idea about the version

Currently WEBSITE IS DOWN after performing those steps

2 Likes

You have a redirect loop going on:

$ curl -L -X GET -I www.citihealth.in
HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Jul 2021 07:30:47 GMT
Server: Apache/2.4.38 (Debian)
Location: https://www.citihealth.in/
Content-Length: 317
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Wed, 28 Jul 2021 07:30:48 GMT
Server: Apache/2.4.38 (Debian)
Location: https://citihealth.in/index.php?
Content-Length: 0
Content-Type: text/html; charset=utf-8

HTTP/1.1 302 Moved
Date: Wed, 28 Jul 2021 07:30:50 GMT
Server: Apache/2.4.38 (Debian)
Cache-Control: no-cache
Location: http://citihealth.in/index.php
Content-Length: 0
Content-Type: text/html; charset=utf-8

HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Jul 2021 07:30:50 GMT
Server: Apache/2.4.38 (Debian)
Location: https://citihealth.in/index.php
Content-Length: 318
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Moved
Date: Wed, 28 Jul 2021 07:30:51 GMT
Server: Apache/2.4.38 (Debian)
Cache-Control: no-cache
Location: http://citihealth.in/index.php
Content-Length: 0
Content-Type: text/html; charset=utf-8

...

It's worth checking where that 302 redirect is coming from.

The 301 redirect is set up by Certbot - it redirects HTTP to HTTPS.

It's not clear where the 302 redirect is coming from - it redirects HTTPS back to HTTP. Check in your .htaccess file, in your PHP code etc.

4 Likes

Your website is stuck in a redirect loop. I suspect your :443 VirtualHost mapping has a Redirect line in it that should only be specified for the :80 mapping. Once removed you may need to restart apache.

5 Likes

Welcome to the Let's Encrypt Community :slightly_smiling_face:

An additional resource:

Redirect Request to SSL:
https://cwiki.apache.org/confluence/plugins/servlet/mobile?contentId=115522478#content/view/115522444

5 Likes

It is not going anywhere, still not solved

1 Like

What are the outputs of:

sudo apachectl -S
sudo ls -lRa /etc/apache2
sudo ls -lRa /etc/letsencrypt
sudo certbot certificates

Please put 3 backticks above and below each output, like this:

```
output
```


Tool for checking redirects:

https://www.redirect-checker.org/index.php

2 Likes

The problem with the apex domain is a loop:

curl -Iki http://citihealth.in/
HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Jul 2021 17:09:41 GMT
Server: Apache/2.4.38 (Debian)
Location: https://citihealth.in/
Content-Type: text/html; charset=iso-8859-1

curl -Iki https://citihealth.in/
HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Jul 2021 17:09:47 GMT
Server: Apache/2.4.38 (Debian)
Cache-Control: no-cache
Location: http://citihealth.in/
Content-Type: text/html; charset=utf-8
3 Likes

A (bigger) loop also exists within the "www" name:

curl -Iki http://www.citihealth.in/
HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Jul 2021 17:12:39 GMT
Server: Apache/2.4.38 (Debian)
Location: https://www.citihealth.in/
Content-Type: text/html; charset=iso-8859-1

curl -Iki https://www.citihealth.in/
HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Jul 2021 17:12:51 GMT
Server: Apache/2.4.38 (Debian)
Location: https://citihealth.in/index.php?
Content-Type: text/html; charset=utf-8

curl -Iki https://citihealth.in/index.php?
HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Jul 2021 17:13:02 GMT
Server: Apache/2.4.38 (Debian)
Cache-Control: no-cache
Location: http://citihealth.in/index.php?
Content-Type: text/html; charset=utf-8

curl -Iki http://citihealth.in/index.php?
HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Jul 2021 17:13:23 GMT
Server: Apache/2.4.38 (Debian)
Location: https://citihealth.in/index.php?
Content-Type: text/html; charset=iso-8859-1

curl -Iki https://citihealth.in/index.php?
HTTP/1.1 301 Moved Permanently
Date: Wed, 28 Jul 2021 17:13:36 GMT
Server: Apache/2.4.38 (Debian)
Cache-Control: no-cache
Location: http://citihealth.in/index.php?
3 Likes

Yes, what is the solution for these redirects?

1 Like

What are the outputs of:

sudo cat /etc/apache2/sites-available/000-default.conf
sudo cat /etc/apache2/sites-available/citihealth.in
sudo cat /etc/apache2/sites-available/default-ssl.conf
sudo cat /etc/apache2/sites-available/prestashop.conf
sudo cat /etc/apache2/sites-available/prestashop-le-ssl.conf
3 Likes

Fixing the configuration files. Hence my previous post. :slightly_smiling_face:

3 Likes

Try this one again, please. Something is amiss.

2 Likes

same out put, no out put

1 Like

What about:

sudo cat /etc/apache2/sites-enabled/prestashop-le-ssl.conf
3 Likes

Same out put

1 Like

Is that file open in some type of editor or locked for some reason? It's clearly not empty and sudo apachectl -S was able to read it.

3 Likes

The file is not locked or opened in any editor.

1 Like

If the file is open in the nano editor, it is empty

1 Like

What's the current output of sudo apachectl -S ?

3 Likes

Let's try this:

sudo apachectl -k graceful
sudo cat /etc/apache2/sites-enabled/prestashop-le-ssl.conf
2 Likes