Site not reachable anymore after installation of certbot

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: suheyl.nl

I ran this command:

  1. sudo apt-get update
  2. sudo apt-get install software-properties-common
  3. sudo add-apt-repository universe
  4. sudo add-apt-repository ppa:certbot/certbot
  5. sudo apt-get update
  6. sudo apt-get install certbot python-certbot-apache
  7. sudo certbot --apache

It produced this output: I followed the the steps and enabled it for suheyl.nl
suheyl@KODI:~$ sudo certbot --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): xxxxx@gmail.com


Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory


(A)gree/©ancel: a


Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.


(Y)es/(N)o: n
No names were found in your configuration files. Please enter in your domain
name(s) (comma and/or space separated) (Enter ‘c’ to cancel): suheyl.nl
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for suheyl.nl
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le -ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP ac cess.


1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf


Congratulations! You have successfully enabled https://suheyl.nl

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=suheyl.nl


My web server is (include version): Apache 2.4.29

The operating system my web server runs on is (include version): Ubuntu 18.04.4

My hosting provider, if applicable, is: local

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

For me it’s the first time I’ve tried to enable ssl, and just followed the steps which are stated in the manual https://certbot.eff.org/lets-encrypt/ubuntubionic-apache
Installation looked succefull, but can’t reach my site anymore. When I run the debugger https://letsdebug.net/suheyl.nl/121083 I get a lot of errors…
I cannot reach https://suheyl.nl nor http://suheyl.nl
Now I don’t know what to do anymore. Any idea what went wrong?

1 Like

Hi @suheyl

checking your domain that looks different - https://check-your-website.server-daten.de/?q=suheyl.nl

You have different authoritative and non-authoritative ip addresses:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
suheyl.nl A 82.75.152.228 Hengelo/Provincie Overijssel/Netherlands (NL) - Vodafone Ziggo Hostname: 82-75-152-228.cable.dynamic.v4.ziggo.nl yes 2 0
AAAA ::ffff:82.75.67.213 Enschede/Provincie Overijssel/Netherlands (NL) - Vodafone Ziggo yes
www.suheyl.nl C suheyl.nl yes 1 0
A 82.75.152.228 Hengelo/Provincie Overijssel/Netherlands (NL) - Vodafone Ziggo Hostname: 82-75-152-228.cable.dynamic.v4.ziggo.nl yes
AAAA ::ffff:82.75.67.213 Enschede/Provincie Overijssel/Netherlands (NL) - Vodafone Ziggo yes
suheyl.nl A 82.75.67.213 Enschede/Provincie Overijssel/Netherlands (NL) - Vodafone Ziggo No Hostname found no
www.suheyl.nl A 82.75.67.213 Enschede/Provincie Overijssel/Netherlands (NL) - Vodafone Ziggo No Hostname found no

Looks like you have changed the ip address, but the non-authoritative is cached -> timeout -> clean your browser cache.

And ::ffff isn’t a public ip address, so that AAAA entry is wrong, remove it.

http + the correct ip address - that works:

Domainname Http-Status redirect Sec. G
http://suheyl.nl/ 82.75.152.228 301 https://suheyl.nl/ Html is minified: 100,00 % 0.083 A
http://suheyl.nl/ 82.75.67.213 -14 10.090 T
Timeout - The operation has timed out
http://suheyl.nl/ ::ffff:82.75.67.213 -2 0.017 V
ConnectFailure - Unable to connect to the remote server
http://www.suheyl.nl/ 82.75.67.213 -14 10.334 T
Timeout - The operation has timed out
http://www.suheyl.nl/ 82.75.152.228 GZip used - 450 / 1145 - 60,70 % 200 Html is minified: 102,69 % 0.087 H
http://www.suheyl.nl/ ::ffff:82.75.67.213 -2 0.010 V
ConnectFailure - Unable to connect to the remote server
https://suheyl.nl/ 82.75.67.213 -14 10.030 T
Timeout - The operation has timed out
https://suheyl.nl/ 82.75.152.228 -14 10.023 T
Timeout - The operation has timed out
https://suheyl.nl/ ::ffff:82.75.67.213 -2 0.013 V
ConnectFailure - Unable to connect to the remote server
https://www.suheyl.nl/ 82.75.67.213 -14 10.017 T
Timeout - The operation has timed out
https://www.suheyl.nl/ 82.75.152.228 -14 10.036 T
Timeout - The operation has timed out
https://www.suheyl.nl/ ::ffff:82.75.67.213 -2 0.013 V
ConnectFailure - Unable to connect to the remote server

So your https doesn’t work.

Is there a blocking firewall / wrong router forward? The hostname 82-75-152-228.cable.dynamic.v4.ziggo.nl looks like a home server.

Works https internal?

curl  https://www.suheyl.nl/

from that machine?

1 Like

Hi Jürgen,

When I run this in a terminal session I get the next message:
curl: (7) Failed to connect to www.suheyl.nl port 443: Connection timed out

Looks like during the installation something went wrong then. But I just followed the steps.

What says

apachectl -S

AH00526: Syntax error on line 33 of /etc/apache2/sites-enabled/000-default-le-ssl.conf:
SSLCertificateFile: file ‘/etc/letsencrypt/live/suheyl.nl/fullchain.pem’ does not exist or is empty
Action ‘-S’ failed.
The Apache error log may have more information.

Run it with sudo or as root.

That was stupid of me…

AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
VirtualHost configuration:
*:443 suheyl.nl (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

1 Like

There is no port 80 vHost with that domain name.

And there is no port 443 vHost with the www version.

So your www version can’t work. Check your non-www version via curl.

1 Like

I get the same message:

curl: (7) Failed to connect to suheyl.nl port 443: Connection timed out

“Connection timed out” indicates that port 443 is probably being blocked by a firewall. Traffic probably isn’t even reaching the web server, whether it’s working correctly or not.

2 Likes

I was using curl on my work laptop, that was the issue for connection time out. From my personal laptop I got this output for curl http://www.suheyl.nl

Index of /

Index of /

Name Last modified Size Description

alt="[DIR]"> html/ 2020-04-03 11:35 -  
alt="[DIR]"> spotweb/ 2020-04-03 11:44 -  
alt="[DIR]"> zenderlogos/ 2020-04-03 11:36 -  

Apache/2.4.29 (Ubuntu) Server at www.suheyl.nl Port 80

I’ve removed the image sources as I’m not allowed to add more then one.
As curl did not work on my work laptop, I’ve also tested to access those sites on my personal laptop, same result. But when I use local IP, 192.168.1.5 I can reach those sites, not from my external IP nor suheyl.nl

1 Like

That’s the reason I wrote “from that machine”.

What’s the output of curl + https?

Good morning Jürgen,

I did post the output from that machine yesterday. I just ran it again, and it gave the same output.
I’ve removed the image sources as I’m not allowed to add more then one.

Index of /

Index of /

Name Last modified Size Description

alt="[DIR]"> html/ 2020-04-03 11:35 -  
alt="[DIR]"> spotweb/ 2020-04-03 11:44 -  
alt="[DIR]"> zenderlogos/ 2020-04-03 11:36 -  

Apache/2.4.29 (Ubuntu) Server at www.suheyl.nl Port 80

I can reach for example suheyl.nl:9091 but not suheyl.nl or suheyl.nl/spotweb. But using local IP I can reach everything.

No, that’s the http output.

The https output is required to know if https works internal.

If yes, it’s only a firewall / router configuration.

No, it doesn’t work.
Failed to connect to https://www.suheyl.nl port 443: Connection timed out

Failed to connect to https://suheyl.nl port 443: Connection timed out

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.