Redirection problem

Hello everyone,

I have a problem on my web server when trying to enable Lets Encrypt for one website.
First of all I’m running Ubuntu Server 16.04 with Apache 2.4 and the other websites on the server work very well.
When I try to load a particular website the following message appears:
The page isn’t redirecting properly

Here’s is my domain.conf in apache

<VirtualHost *:80>
            ServerAdmin admin@domain.fr
            ServerName www.domain.fr
            DocumentRoot /home/website/
            <Directory /home/website/>
                    Options Indexes FollowSymLinks MultiViews ExecCGI
                    AllowOverride All
                    Require all granted
            </Directory>
            ErrorLog ${APACHE_LOG_DIR}/domain.fr_error.log
            # Possible values include: debug, info, notice, warn, error, crit,
            # alert, emerg.
            LogLevel warn
            CustomLog ${APACHE_LOG_DIR}/domain.fr_access.log combined
 RewriteEngine on
RewriteCond %{SERVER_NAME} =www.domain.fr
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

And here is my domain-le-ssl.conf in apache:

<IfModule mod_ssl.c>
    <VirtualHost *:443>
            ServerAdmin admin@domain.fr
            ServerName www.domain.fr
            DocumentRoot /home/website/
            <Directory /home/website/>
                    Options Indexes FollowSymLinks MultiViews ExecCGI
                    AllowOverride All
                    Require all granted
            </Directory>
            ErrorLog ${APACHE_LOG_DIR}/domain.fr_error.log
            # Possible values include: debug, info, notice, warn, error, crit,
            # alert, emerg.
            LogLevel warn
            CustomLog ${APACHE_LOG_DIR}/domain.fr_access.log combined
    SSLCertificateFile /etc/letsencrypt/live/www.domain.fr/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/www.domain.fr/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
    </VirtualHost>
    </IfModule>

Does anyone see something wrong in this configuration ?
I have nothing in apache error log except
[Sat Jul 08 08:10:04.938672 2017] [ssl:warn] [pid 16376] AH01909: domain.fr:443:0 server certificate does NOT include an ID which matches the server name

I don’t see anything wrong in those files. However, I notice you have AllowOverride All in both. Do you have a .htaccess file in /home/website? If so, the problem may be there instead.

Good idea but I haven’t any .htaccess file in my root directory…

Hmm.

Are you using a reverse proxy or CDN with this domain? If so, it might be connecting to your webserver over HTTP, which would cause the :80 configuration to kick in again.

No Cloudflare or CDN either

I still have the problem, does anyone have ideas ?

maybe share your domain name so people can investigate it?

Andrei

I’m more of an nginx guy, so I’m just going by what’s familiar, but are you sure those redirect rules are set up properly? I seem to recall seeing that typically written differently.

I have two more domains on the same server that use the exacts same rules and they work perfectly.

Here is my configuration so you can compare…

# domain.org site
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
DocumentRoot "/Users/domain2/Sites"
ServerName domain.org
ServerAlias www.domain.org
ServerAdmin webmaster@domain.org
</VirtualHost>

# domain.org site virtual host SSL 443
<VirtualHost *:443>
DocumentRoot "/Users/domain2/Sites"
ServerName domain.org
ServerAlias www.domain.org
ServerAdmin webmaster@domain.org
SSLProtocol all -SSLv2 -SSLv3
SSLEngine on
    SSLCertificateFile "/etc/letsencrypt/live/domain.org/cert.pem"
    SSLCertificateKeyFile "/etc/letsencrypt/live/domain.org/privkey.pem"
    SSLCertificateChainFile "/etc/letsencrypt/live/domain.org/chain.pem"

    # HSTS (mod_headers is required) (15768000 seconds = 6 months)
    Header always set Strict-Transport-Security "max-age=15768000"
    # Always ensure Cookies have "Secure" set (JAH 2012/1)
    Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"

    ErrorLog "/usr/apache2/logs/error_log"
    TransferLog "/usr/apache2/logs/access_log"
    CustomLog /usr/apache2/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

You have this line which I think is not necessary putting “=www.domain.fr” ;
RewriteCond %{SERVER_NAME} =www.domain.fr
Try to do this instead;

RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

hi @Notarobot

I think you missed my previous comment so I will try again.

A) You have made an assumption that Apache is the only thing that can do redirects.
B) You have not provided a domain name so people can’t do their own testing
C) You therefore should do your own testing. Use chrome developer tools or something like this http://www.redirect-checker.org/index.php

If you would like people to provide assistance then you should do your bit (share information) otherwise google and stackexchange are your friends if you can’t share your domain

Andrei

Still the same problem using your redirection rules..

Hi,

A) Can you explain to me what I’m missing ?
B) www.duboisveysseyre.fr
C) Rediret-cheker.org output:
https://www.duboisveysseyre.fr 301 Moved Permanently http://www.duboisveysseyre.fr/index.php? 302 Found https://www.duboisveysseyre.fr/index.php 301 Moved Permanently http://www.duboisveysseyre.fr/index.php? 302 Found https://www.duboisveysseyre.fr/index.php 301 Moved Permanently http://www.duboisveysseyre.fr/index.php? 302 Found https://www.duboisveysseyre.fr/index.php 301 Moved Permanently http://www.duboisveysseyre.fr/index.php? 302 Found https://www.duboisveysseyre.fr/index.php 301 Moved Permanently http://www.duboisveysseyre.fr/index.php? 302 Found https://www.duboisveysseyre.fr/index.php 301 Moved Permanently http://www.duboisveysseyre.fr/index.php? 302 Found https://www.duboisveysseyre.fr/index.php 301 Moved Permanently http://www.duboisveysseyre.fr/index.php? 302 Found https://www.duboisveysseyre.fr/index.php 301 Moved Permanently http://www.duboisveysseyre.fr/index.php? 302 Found https://www.duboisveysseyre.fr/index.php 301 Moved Permanently http://www.duboisveysseyre.fr/index.php? 302 Found https://www.duboisveysseyre.fr/index.php 301 Moved Permanently http://www.duboisveysseyre.fr/index.php? 302 Found Problems found:

    Too many redirects. Please try to reduce your number of redirects for https://www.duboisveysseyre.fr. Actually you use 19 Redirects. Ideally you should not use more than 3 Redirects in a redirect chain. More than 3 redirections will produce unnecessary load on your server and reduces speed, which ends up in bad user experience.
    You use 301 and 302 redirect at the same time. This might be confusing for search engine. Generally, please do not use 301 and 302 redirects at the same time.
    You use a 302 redirect. This means, that the actually content is temporary not reachable and will come back soon. To use a 302 redirection for generally moved pages is a bad idea. Search engine bot might not follow it or handle it as temporary. For SEO this is also a bad idea, because no link juice will be transferred to the linked page.`

Interesting, you are on the Ubuntu Server. On my server both of these directives goes on the virtual host file and not inside the if module configuration.

<IfModule mod_ssl.c>
...
</IfModule>

The </IfModule> is usually to redirect the includes pointing to the virtual host file.

Do you have an virtual host file? Something with the name
httpd-vhosts.conf ?

We are at different operating system but Apache directory tree is (I think) standard to everyone.

You should put your Apache Configuration Directory tree here because something is not adding up.

All of my vhosts files are in /etc/apache/sites-available/
I have a mydomain.conf that correspond to the http vhost containing redirection rules to the https domain
Certbot creates a mydomain-le.conf that correspond to the https vhost
All the sites on this server have the same configuration and structures and work fine.

Your HTTP site is redirecting to HTTPS. Your HTTPS site is then redirecting back to HTTP and adding index.php? to the end of the URL. I don’t see anything in domain-le-ssl.conf that looks like it would do that, so I’m guessing the problem is elsewhere.

Are you sure you don’t have a .htaccess file? (you know it’s hidden by default, right? type ls -a to see it)

If that’s not it, it might be something in the PHP code itself that’s doing the redirect. Is it your own custom code or something you downloaded? EDIT: based on your favicon I’m guessing you’re using webtrees - if so then this information may be helpful.

Well, I didnt thought about that ! Thanks for the link I’ll check that before anything else.

Ok That was it ! I just needed to change the website URL in webtrees DB so it can use HTTPS !
It definitely had nothing to do with Let’s Encrypt.

Thank you so much for your help @jmorahan

well done @jmorahan

@Notarobot that was what i was talking about in my post above when i said this

you have made an assumption that Apache is the only thing that can do redirects.

Javascript and Server Side Languages can also redirect hence why a domain is useful as it allows people to discover other sources.

Andrei

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.