Ran certbot with Apache on multiple domains, HTTPS not working on any of them but HTTP is


#1

My domain is: 24pin.tech
I ran this command: sudo curl -L https://24pin.tech/
It produced this output: curl: (7) Failed to connect to 24pin.tech port 443: Connection timed out
My web server is: Apache 2.4
The operating system my web server runs on is: Ubuntu Server 18.04 LTS
My hosting provider, if applicable, is: Myself.
I can login to a root shell on my machine: Yes.
I’m using a control panel to manage my site: No.

Hi,
I ran Certbot on my Apache server a few days ago and have been trying to troubleshoot it ever since. Certbot said that it had installed successfully, but when I had tried the SSL test it said it was unable to connect to the server. I’ve tried checking the firewall and making sure port 443 is open, and as far as I’m aware it is. I even reset my firewall and re-opened all of the ports manually. Completely disabling the firewall on both the server and the virtual machine does not create any changes, either. When I looked through my virtual host ssl configuration file I couldn’t see anything wrong with what was in there, and running sudo apachectl configtest and got no results. I also made sure that my ssl mod was enabled (sudo a2enmod ssl). I have also made sure to restart my Apache server after making changes to my configuration. Below are my configuration files. Thanks in advance for any replies!

24pin.tech.conf

ServerRoot /var/www/24pin.tech/html
Listen 10.21.25.11:80

RewriteEngine On

DocumentRoot /var/www/24pin.tech/html

<Directory /var/www/24pin.tech/html>
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted
</Directory>

<VirtualHost *:80>
	ServerName 24pin.tech
	DocumentRoot /var/www/24pin.tech/html
</VirtualHost>

<VirtualHost *:80>
	ServerName wiki.24pin.tech
	DocumentRoot /var/www/24pin.tech/html/wiki
</VirtualHost>

<VirtualHost *:80>
	ServerName forum.24pin.tech
	DocumentRoot /var/www/24pin.tech/html/forum
</VirtualHost>

RedirectMatch "/forum" "http://forum.24pin.tech/$1"
#RedirectMatch "/wiki" "http://wiki.24pin.tech/"

<Directory /var/www/24pin.tech/html>
	Allow from 127.0.0.1
	Satisfy Any
</Directory>

24pin.tech-le-ssl.conf

<VirtualHost *:443>
	ServerName 24pin.tech
	DocumentRoot /var/www/24pin.tech/html

	Include /etc/letsencrypt/options-ssl-apache.conf
	ServerAlias www.24pin.tech
	SSLCertificateFile /etc/letsencrypt/live/24pin.tech/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/24pin.tech/privkey.pem
</VirtualHost>

<VirtualHost *:443>
	ServerName forum.24pin.tech
	DocumentRoot /var/www/24pin.tech/html/forum

	SSLCertificateFile /etc/letsencrypt/live/24pin.tech/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/24pin.tech/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

<VirtualHost *:443>
	ServerName wiki.24pin.tech
	DocumentRoot /var/www/24pin.tech/html/wiki

	SSLCertificateFile /etc/letsencrypt/live/24pin.tech/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/24pin.tech/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

#2

Hi @fsktt,

You should check for both host and network firewalls, including ufw and your own firewall/router device, and your ISP’s policies and practices. Some ISPs and hosting providers will block inbound ports either by default or mandatorily.

You can confirm that your Apache configuration is causing Apache to listen on port 443 by running a command like ss -tlp which shows which programs are listening on which TCP port numbers. If you see that Apache is listening on port 443, you can rule out your Apache configuration as a cause of the problem.


#3

Hi @schoen,

Thank you for the quick response! I ran the command you suggested and saw that Apache is listening on the address of our web server 10.21.25.11:http but I noticed that it also said a few lines down that it was listening on *:https. Does this mean that it is in fact an issue with my Apache configuration? I checked on the host firewalls (Windows Firewall and ufw) and saw that Inbound and Outbound requests on port 443 were allowed.

If it isn’t an issue with my Apache configuration, I can check with my network administrator and have him make sure that the ports are open. He informed us a few days before I ran certbot that he did open them, but he could have made a typo or opened it on the wrong address.


#4

On the contrary, * in this context means it’s listening on all IP addresses and so your Apache configuration is apparently OK. (You can also try curl -v --resolve 24pin.tech:443:10.21.25.11 https://24pin.tech/ just to be sure that Apache is really listening there from the local system’s point of view.)


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.