Redirect to https not working + error when forcing


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:www.raidatrades.com

I ran this command:certbot SSL

It produced this output:

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/raidatrades.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/raidatrades.com/privkey.pem

Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains: https://raidatrades.com and
https://www.raidatrades.com

My web server is (include version):Apache2

The operating system my web server runs on is (include version):Ubuntu 18.04 LTS

My hosting provider, if applicable, is: *

I can login to a root shell on my machine (yes or no, or I don’t know):Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):No

I came here because I simply cant find what the problem is. I forwarded port 443 for SSL, which is open as the open port tool describes. I ran the certbot without any problems for apache2.

But the redirect is not working. I tried redirecting manually with a .htacces file, that worked BUT: the browser says that my site can not establish a secure connection. This is true on multiple devices.
It also gives a ERR_SSL_PROTOCOL_ERROR when i try to connect to my site with https.

Listening ports :
tcp6 0 0 :::80 :::* LISTEN 7201/apache2
tcp6 0 0 :::443 :::* LISTEN 7201/apache2

my ufw firewall allows everything coming in and out for apache2.
My virtual host file looks like this :

Normal ( port 80 )

<VirtualHost 94.110.172.188:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com

    ServerAdmin raida@raidatrades.com
    DocumentRoot /var/www/html/
    Redirect permanent /secure https://raidatrades.com/secure
    ServerName raidatrades.com
    ServerAlias www.raidatrades.com
    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

RewriteEngine on
RewriteCond %{SERVER_NAME} =raidatrades.com [OR]
RewriteCond %{SERVER_NAME} =www.raidatrades.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

SSL file ( port 443 )

# The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com
    ServerAdmin raida@raidatrades.com
    DocumentRoot /var/www/html/
    SSLEngine On
    ServerName raidatrades.com
    ServerAlias www.raidatrades.com
    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

RewriteEngine on

Some rewrite rules in this file were disabled on your HTTPS site,

because they have the potential to create redirection loops.

RewriteCond %{SERVER_NAME} =raidatrades.com [OR]

RewriteCond %{SERVER_NAME} =www.raidatrades.com

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/raidatrades.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/raidatrades.com/privkey.pem

If you need anything more please just say so, i’m literally breaking my head for days why this simple thing just won’t work. I’m losing my mind.


#2

Apache is listening with regular insecure HTTP on port 443: http://www.raidatrades.com:443 . This indicates that the VirtualHost is not properly configured for HTTPS.

Typically the minimum for what is required for a VirtualHost to be picked up as HTTPS is:

SSLEngine On

<VirtualHost *:443>
    SSLCertificateFile ...
    SSLCertificateKeyFile ...
</VirtualHost>

#3

This is the virtual host for port 443 right?
I included all of that, buit it should have been generated by certbot standard.
How do I know if this Virtual Host is ACTUALLY running? Because by the looks of it, It sure doesnt.


#4

You can see your VirtualHost list with

apachectl -S

Well, i can’t see the <VirtualHost *:443> scope in your original post, only one for port 80. Maybe you have it, maybe you don’t, can’t tell from here.

It also occurs to me to double check that port 443 is forwarded to port 443, in the past people have accidentally forwarded 443 externally to 80 internally, which can also manifest in these kinds of symptoms.


#5

When I enter that command i get this error

AH00526: Syntax error on line 193 of /etc/modsecurity/modsecurity.conf:
ModSecurity: Failed to open the audit log file: /var/log/apache2/modsec_audit.log
Action ‘-S’ failed.

I will post both virtual hosts again, maybe you can see what is wrong but I don’t.

<VirtualHost 94.110.172.188:80>
ServerAdmin raida@raidatrades.com
DocumentRoot /var/www/html/
ServerName raidatrades.com
ServerAlias www.raidatrades.com

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =raidatrades.com [OR]
RewriteCond %{SERVER_NAME} =www.raidatrades.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

port 443 host file :

<VirtualHost 94.110.172.188:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request’s Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
SSLEngine On
ServerAdmin raida@raidatrades.com
DocumentRoot /var/www/html/
ServerName raidatrades.com
ServerAlias www.raidatrades.com
# Available loglevels: trace8, …, trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

RewriteEngine on

Some rewrite rules in this file were disabled on your HTTPS site,

because they have the potential to create redirection loops.

RewriteCond %{SERVER_NAME} =raidatrades.com [OR]

RewriteCond %{SERVER_NAME} =www.raidatrades.com

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/raidatrades.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/raidatrades.com/privkey.pem


#6

If your Apache config isn’t passing compilation, then it’s possible that your current config was never actually loaded.

Maybe comment out your modsec stuff until apachectl -S actually works, reload Apache, and see if that helps the issue.


#7

Never mind, I had to run that command as root.
It gives this info

VirtualHost configuration:
94.110.172.188:80 raidatrades.com (/etc/apache2/sites-enabled/000-default.conf:1)
94.110.172.188:443 raidatrades.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: MODSEC_2.5
Define: MODSEC_2.9
User: name=“www-data” id=33
Group: name=“www-data” id=33


#8

Seems like your site is working fine now - https://www.raidatrades.com/

If you made any changes since you posted this thread, they seem to have helped.


#9

Oh what the heck. Ok then
The only thing I changed was changing my public ip in the port 443 host to default
and also I removed the modules in ports.conf and changed it to

Listen 80
Listen 443 https

Seems like that did the trick? I’m not sure.
Anyways thank you !


#10

Oh, yes, that would have done it. If you’re behind NAT (e.g. a router) then using

<VirtualHost 94.110.172.188:443>

would not have worked because Apache doesn’t know what its external IP is. You’d need to use your NAT-ted IP address, e.g. 192.168/16 or 10/8, or default or *.

I probably should have picked up on that earlier, sorry.


#11

I did not know this, this is true for only HHTPS then, because I could acces my website from anywhere using the http version whereas my public ip was stated in the virtual hosts file, which is strange. But anyway it sorted out now. Thanks for the effort for helping me, its appreciated!


#12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.