Secured Connection but ERR_TOO_MANY_REDIRECTS on HTTP and HTTPS

My domain is: www.mukinoy.com

I ran this command: I followed the SSL cert installation and ran “sudo certbot --apache -d mukinoy.com -d www.mukinoy.com” because I kept getting ERR_TOO_MANY_REDIRECTS on HTTP and HTTPS

It produced this output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.
(ref: /etc/letsencrypt/renewal/mukinoy.com.conf)

What would you like to do?


1: Attempt to reinstall this existing certificate
2: Renew & replace the cert (limit ~5 per 7 days)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Keeping the existing certificate
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/default-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/default-ssl.conf
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message

Unable to restart apache using [‘apache2ctl’, ‘graceful’]
Rolling back to previous server configuration…
Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message

Unable to restart apache using [‘apache2ctl’, ‘graceful’]
Encountered exception during recovery:
Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2185, in _reload
util.run_script(self.option(“restart_cmd”))
File “/usr/lib/python3/dist-packages/certbot/util.py”, line 86, in run_script
raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 526, in deploy_certificate
self.installer.restart()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2175, in restart
self._reload()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2203, in _reload
raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2185, in _reload
util.run_script(self.option(“restart_cmd”))
File “/usr/lib/python3/dist-packages/certbot/util.py”, line 86, in run_script
raise errors.SubprocessError(msg)
certbot.errors.SubprocessError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/certbot/error_handler.py”, line 108, in _call_registered
self.funcs-1
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 626, in _rollback_and_restart
self.installer.restart()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2175, in restart
self._reload()
File “/usr/lib/python3/dist-packages/certbot_apache/configurator.py”, line 2203, in _reload
raise errors.MisconfigurationError(error)
certbot.errors.MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message

Error while running apache2ctl graceful.
httpd not running, trying to start
Action ‘graceful’ failed.
The Apache error log may have more information.

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message

IMPORTANT NOTES:

  • An error occurred and we failed to restore your config and restart
    your server. Please post to
    https://community.letsencrypt.org/c/server-config with details
    about your configuration and this error you received.
  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/mukinoy.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/mukinoy.com/privkey.pem
    Your cert will expire on 2020-02-15. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot again
    with the “certonly” option. To non-interactively renew all of
    your certificates, run “certbot renew”

My web server is (include version):

The operating system my web server runs on is (include version): Apache, Ubuntu 16.04

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): I’m using just my Terminal to access mySQL


When I run this line sudo nano /etc/apache2/sites-available/000-default-le-ssl.conf, this is what I get:
Redirect permanent “/” “https://mukinoy.com/

ServerAdmin mukinoy@gmail.com DocumentRoot /var/www/html
    <Directory /var/www/html/>
        Options FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    Redirect "/" "https://mukinoy.com/"

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    ServerName mukinoy.com
    ServerAlias www.mukinoy.com
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/mukinoy.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/mukinoy.com/privkey.pem

When I run this: sudo nano /etc/apache2/sites-available/000-default.conf
I get this:
<VirtualHost *:80>
ServerAdmin mukinoy@gmail.com
DocumentRoot /var/www/html
ServerName mukinoy.com
ServerAlias www.mukinoy.com

    SSLEngine on

    Redirect "/" "https://mukinoy.com/"

    <Directory /var/www/html/>
        Options FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

Could anyone please help me fixing this? Thank you!

1 Like

Remove this line:

from: /etc/apache2/sites-available/000-default-le-ssl.conf
HTTP is redirecting to HTTPS is redirecting to HTTPS is redirecting to HTTPS ...

Hi there,

I followed your instructions but now the error page is connection_refused. Know why this is still happening?

Now on "nano 2.5.3 File: /etc/apache2/sites-available/000-default.conf", this is what it showed:
<VirtualHost *:80>
ServerName example.com
Redirect permanent "/" "https://mukinoy.com/"

<VirtualHost *:443>
ServerAdmin mukinoy@gmail.com
DocumentRoot /var/www/html
ServerName mukinoy.com
ServerAlias www.mukinoy.com

    Redirect "/" "https://mukinoy.com/"

    SSLEngine on

    <Directory /var/www/html/>
        Options FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

and on File: /etc/apache2/sites-available/000-default-le-ssl.conf, this is what showed up.

ServerAdmin mukinoy@gmail.com DocumentRoot /var/www/html
    <Directory /var/www/html/>
        Options FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    ServerName mukinoy.com
    ServerAlias www.mukinoy.com
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/mukinoy.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/mukinoy.com/privkey.pem

Hi @mukinoy

your configuration is buggy. Your domain is invisible, only ConnectFailures.

What says

apachectl -S

this:

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
VirtualHost configuration:
*:443 is a NameVirtualHost
default server mukinoy.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost mukinoy.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
alias www.mukinoy.com
port 443 namevhost mukinoy.com (/etc/apache2/sites-enabled/default-ssl.conf:2)
*:80 mukinoy.com; (/etc/apache2/sites-enabled/mukinoy.com.conf:1)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

There

you see your buggy configuration.

Every combination of port and domain name must be unique, you have duplicated definitions.

Merge these, remove one vHost, restart your server, then again

apachectl -S

to see, if it is fixed.

Hi Juergen,

Thank you for your suggestion. However, I am quite foreign in server-related topics.

Could you elaborate on how I can merge these duplicate definitions on Terminal?

Also, which vHost should I remove and how can I do that?

I look forward to your response!

You have created these vHost definitions. So you are able to remove one.

1 Like

Hi, so which of the lines I should remove?

I don’t remember how I created the definitions so I used this suggestion on removing vhost and I ran
sudo rm /etc/apache2/sites-enabled/mukinoy.com.conf
and
sudo rm -Rf /var/www/mukinoy.com

See the result here:

Is this correct?

The first command makes some sense; but it doesn't directly address the conflicting files:
[you have two active SSL files using the same domain name]

With the second command... I'm not so sure; as that seems to delete a web content folder.
[hopefully you didn't need it or have a copy elsewhere - if you do need to restore it]

Hey, could you tell me the line on how can I restore it? By running those two lines, I could finally access mukinoy.com and wp-admin but when I go to other files, it says:

I don't know of any "undelete" command.
Do you have the content on another drive?
Where did you upload it from originally?

In Ubuntu, try looking in this folder:
ls -l /root/.local/share/Trash

or perhaps finding it elsewhere:
find / -name Trash

By another drive, do you mean if I have an external hard drive?
I do a backup on my external hard drive, but I am not sure on how to access the backup using Terminal :–(

I use Wordpress Semplice and it seems the media files are still there, but when I launch the Semplice theme, it says this:
It looks like your permalinks are not working.
Please make sure that permalinks are enabled
and that you have a working htaccess file in place.

Or do you mean ‘another drive’ as in a backup of original SSL Virtual Host?
Before all these errors happened, I did run this line:

sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.bak

based on this suggestion

I don’t know anything about Semplice, sorry.

As for the CP command run: That wasn’t the file deleted.
[nor the entire directory: /var/www/mukinoy.com]

I don’t know how your site is/was put together, nor anything on the backup program in use, so I can’t really help with that part of the problem [should it be one].

I was referring to wherever the content originated.
[most people (that I know) don't code directly on a web server - they have a working copy somewhere else and sync it]

Hi,

Screen Shot 2019-11-17 at 1.37.13 PM

Is this what you are referring to?

Those files may contain copies of that deleted folder.
You may try opening one to see if the contents are there.
[again: I don’t know anything about your site - so I can’t even say if those files are needed.]

So contents should look like, for instance, profile.html etc?

We are getting way off-track here.
[this is a forum about encryption - not data backup/restore]
But, yes, that is what web content files generally looks like: something.htm(l)