I apologize in advance for a question I’m sure has been asked before, but for the life of me I’m not able to find the answer. I just keep getting a ton of results that are not related to my issue.
I originally setup my test website at ParticleConsulting.com and later changed it to ParticleMarketing.com. This has given me a ton of headaches, but I’m through most of them. The last issue I have is that I cannot redirect traffic from ParticleConsulting.com to ParticleMarketing.com. Both have certificates on my Ubuntu/Apache Server and the only error I get from Google Chrome is, “ERR_CONNECTION_CLOSED”. I reached out to 1&1 and the said it had to do with a certificate/SSL issue and that the domain redirect was setup correctly on their end.
Can anyone point me in the right direction on how to go about troubleshooting this error?
My domain is: ParticleMarketing.com (the old one is ParticleConsulting.com)
I ran this command: they both have certificates, I’m not sure what command to run
It produced this output: see above
My web server is (include version): Apache/2.4.29
The operating system my web server runs on is (include version): Ubuntu 18.04.2
My hosting provider, if applicable, is: Digital Ocean
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): certbot 0.31.0
Redirection is NOT a function of, nor controlled by, certificates.
What did you do to try to do the redirection?
I find this statement particularly confusing:
when given that the two names return two completely different sets of IP addresses:
In the meantime…
curl -Iki http://particleconsulting.com
curl -Iki http://www.particleconsulting.com
HTTP/1.1 302 Found
curl -Iki https://www.particlemarketing.com
HTTP/1.1 301 Moved Permanently
Which all seems “correct”…
https://www.particlemarketing.com will FAIL because the cert doesn’t contain the WWW.
See SSLLabs results
So when I tired going visiting www.particleconsulting.com in my browser this morning, it forwarded to particlemarketing.com! Then I tired particleconulsting.com and it failed… I tried it again with http VS https VS www VS non-www and got different results. But then… all of the different versions started working somehow? I’m getting really inconsistent results on the redirection. The error that came up when it failed was, “ERR_SSL_PROTOCOL_ERROR”.
Again I apologize if this is confusing; this isn’t my specialty and I’m waaaaay outside of my comfort zone on this one.
The redirection was setup via 1&1 a week or so ago just like the other unused domains I own. All of those forward correctly with no errors. Again, I verified this on their end to make sure I didn’t mess anything up and they confirmed the issue wasn’t on their side.
I ran the following command to show you that the server has multiple certificates, again I’m not 100% sure why it would come back with different IP addresses?
root@particleconsulting:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Found the following certs:
Certificate Name: particleconsulting.com
Expiry Date: 2020-04-01 03:06:47+00:00 (VALID: 76 days)
Certificate Path: /etc/letsencrypt/live/particleconsulting.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/particleconsulting.com/privkey.pem
Certificate Name: particlemarketing.com
Expiry Date: 2020-04-01 03:10:51+00:00 (VALID: 76 days)
Certificate Path: /etc/letsencrypt/live/particlemarketing.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/particlemarketing.com/privkey.pem
It will “work” only after a visitor accepts the “mismatched” cert.
It is actually NOT working (as built).
You have a couple of options to correct this quickly:
- have the forwarding for ParticleConsulting.com changed
[which will match the cert in use]
- replace the single name cert particlemarketing.com)
with: particlemarketing.com and www.particlemarketing.com
[which will match either name and already forwards to short name]
If you need help with #1, speak with 1&1
If you need help with #2, we are here
Thank you so much for your help in clarifying this! Yes, I ran a new command to include the www. subdomain and it worked perfectly! (Unless you can see something on your end that says otherwise haha!)
Out of curiosity, how were you able to troubleshoot it to find out that info?
And in case anyone sees this in the future, the command I used to fix this was:
certbot --expand -d particlemarketing.com -d www.particlemarketing.com
The CURL command has various parameters; one of which can show the headers of the URL queried.
[It is (typically) in the headers that one can see redirection.]
I also tried the URL in a browser and saw the error firsthand and confirmed it via SSLLabs.
I'm glad you got it all straightened out
there are online tools to check such things. So you see all versions, non-www and www, http and https with redirects.
May be easier then using a tool that requires one command per url.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.