Site unreachable after certificate reinstall

I looked at similar problems here on the community site but none seemed to match my situation.

My domain is:
www.ideatreelive.com

I ran this command:

  1. https://www.ideatreelive.com from browsers

  2. I can ssh into the server and ping works from there to both the site ip and outside ip’s, but can’t ping in from a remote client.

  3. I can telnet in from a remote client on port 22 but not on port 443 or 80.

  4. ‘apachectl configtest’ says syntax OK

  5. apache2 is up and running

  6. No errors shown in /var/log/apache2/error.log with error levels set to ‘debug’, but I did see the following in error.log:
    ’ Configuring server www.ideatreelive.com:443 for SSL protocol
    Certificate and private key www.ideatreelive.com:443:0 configured from /etc/letsencrypt/live/www.ideatreelive.com/fullchain.pe…
    mod_ssl/2.4.29 compiled against Server: Apache/2.4.29, Library: OpenSSL/1.1.1’

  7. ufw firewall has ports 80, 22, and 443 all open (ufw “Apache Full” and ufw ssh)

‘netstat -antp +’ produced this output:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 704/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1743/sshd
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 966/postgres
tcp 0 464 138.197.202.166:22 67.0.212.212:55746 ESTABLISHED 5400/sshd: root@pts
tcp6 0 0 :::22 :::* LISTEN 1743/sshd
tcp6 0 0 :::443 :::* LISTEN 939/apache2
tcp6 0 0 :::80 :::* LISTEN 939/apache2

My web server is (include version):
Apache 2.4.29

The operating system my web server runs on is (include version):
Ubuntu 18.04

My hosting provider, if applicable, is:
DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know):
yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.31.0

1 Like

Hi,

According to a port check utility, your port 80 and 443 are closed.
Could you please check if your DigitalOcean cloud firewall for that IP is set to allow access on such ports?

Thank you

1 Like

Thanks for the quick reply.

Duh, dumb mistake: I had both ubuntu’s ufw firewall and Digital Ocean’s cloud firewall running.

I disabled the cloud firewall and kept ufw.

But I’m curious, what port check utility did you use? Sounds like a handy tool to have.

1 Like

I used portqry on my Windows PCs.
https://www.microsoft.com/en-us/download/details.aspx?id=17148

When I'm away, I just use whatever tool is available on Google😂. Yours is pretty obvious because it didn't show connection refused, and also didn't connect immediately (when I'm on mobile).

I liked portqry simply because it can tell if the port is closed or filtered. Nmap in this case won't be a better fit since my ISP monitor that program. (They warned me for this because I scanned my own VPS).

1 Like

Good to know. Thanks.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.