Redirecting error 400 Bad Request

Hey there,

I have some problems by redirecting http requests to https. The redirect via vhost file works fine for all other domains.

<VirtualHost *:80>
 ServerName sc-workarounds.de
 ServerAlias www.sc-workarounds.de
 Redirect permanent / https://sc-workarounds.de/
</VirtualHost>

<VirtualHost *:443>
ServerName www.sc-workarounds.de
ServerAlias sc-workarounds.de
DocumentRoot "/var/www/html/workaround/"

# SSL configuration, you may want to take the easy route instead and use Lets Encrypt!
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLProtocol -all +TLSv1.2 +TLSv1.1
#SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256

SSLHonorCipherOrder on

# Encoded slashes need to be allowed
AllowEncodedSlashes             NoDecode

SSLCertificateFile    /etc/letsencrypt/live/sc-workarounds.de-0002/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sc-workarounds.de-0002/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/sc-workarounds.de-0002/chain.pem
</VirtualHost>

My domain is: sc-workarounds.de

My web server is (include version): Apache/2.4.6 (CentOS 7)

I can login to a root shell on my machine (yes or no, or I don’t know): yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.35.0

By sending an request to http://sc-workarounds.de I get an 400 Bad Request

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Hope someone can help me.

Tanks Adminroot

Hi @Adminroot

your configuration has some errors ( https://check-your-website.server-daten.de/?q=sc-workarounds.de ):

Your port 80 sends https instead of http. Looks like there is another vHost used.

If port 80 sends a http status 400, then https + port 80 is checked -> there is a correct http protocol answer (http status 301).

Two options:

• your vHost is wrong
• you have wrong port forwardings port 80 -> port 443

What says

apachectl -T

[Sun Jun 09 21:48:36.184197 2019] [so:warn] [pid 2922] AH01574: module rewrite_module is already loaded, skipping

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 178.254.31.129. Set the 'ServerName' directive globally to suppress this message

httpd (pid 21959) already running

Sorry, wrong command.

vHosts are

apachectl -S

[Sun Jun 09 22:06:26.894534 2019] [so:warn] [pid 7992] AH01574: module rewrite_module is already loaded, skipping
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 178.254.31.129. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80                   is a NameVirtualHost
         default server monitoring.adminroot.de (/etc/httpd/conf.d/icingaweb2.conf:1)
         port 80 namevhost monitoring.adminroot.de (/etc/httpd/conf.d/icingaweb2.conf:1)
         port 80 namevhost adminroot.de (/etc/httpd/sites-enabled/adminroot.de.conf:1)
                 alias www.adminroot.de
         port 80 namevhost media.adminroot.de (/etc/httpd/sites-enabled/media.adminroot.de.conf:1)
         port 80 namevhost minecraft.adminroot.de (/etc/httpd/sites-enabled/minecraft.adminroot.de.conf:1)
         port 80 namevhost sc-workarounds.de (/etc/httpd/sites-enabled/sc-workaround.de.conf:1)
                 alias www.sc-workarounds.de
         port 80 namevhost web.adminroot.de (/etc/httpd/sites-enabled/web.adminroot.de.conf:1)
*:443                  is a NameVirtualHost
         default server 178.254.31.129 (/etc/httpd/conf.d/ssl.conf:56)
         port 443 namevhost 178.254.31.129 (/etc/httpd/conf.d/ssl.conf:56)
         port 443 namevhost media.adminroot.de (/etc/httpd/sites-enabled/media.adminroot.de.conf:6)
         port 443 namevhost minecraft.adminroot.de (/etc/httpd/sites-enabled/minecraft.adminroot.de.conf:6)
         port 443 namevhost sawyer.adminroot.de (/etc/httpd/sites-enabled/sawyer.adminroot.de.conf:1)
                 alias sawyer.adminroot.de
                 alias sawyer.adminroot.de
         port 443 namevhost www.sc-workarounds.de (/etc/httpd/sites-enabled/sc-workaround.de.conf:11)
                 alias sc-workarounds.de
         port 443 namevhost streamtool.adminroot.de (/etc/httpd/sites-enabled/streamtool.adminroot.de.conf:1)
                 alias streamtool.adminroot.de
         port 443 namevhost web.adminroot.de (/etc/httpd/sites-enabled/web.adminroot.de.conf:6)
         port 443 namevhost adminroot.de (/etc/httpd/sites-available/adminroot.de-le-ssl.conf:2)
                 alias www.adminroot.de
ServerRoot: "/etc/httpd/"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default 
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

Checked some of your other domain names with the browser.

Always the same error:

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Does it work internal? (curl http://monitoring.adminroot.de/)

Or you have really a wrong port forwarding.

No, same problems by internal request.

Then share the default port 80 vHost

Thanks for your help. I forgot, that the installation of icingaweb2 autogenerates a vhost file and set it to default.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.