yagami
August 17, 2019, 5:43pm
1
Alright instead to set manual SLL I decided to go with let’s encrypt on a fresh install of Mint 19.2
following this guide:
https://linuxize.com/post/secure-apache-with-let-s-encrypt-on-ubuntu-18-04/
It’s worked fine I been able to create the SSL, however now I encounter two problem called: SSL_ERROR_RX_RECORD_TOO_LONG or “WRONG PAGE REDIRECT”
I took time to look and read many post since this setting problem is recurrent.
And I did’t been able to fix it.
I get “SSL_ERROR_RX_RECORD_TOO_LONG” If my VirtualHost is settle like this:
<VirtualHost *:80>
ServerName cloud.oursecretgarden.xyz
ServerAlias www.cloud.oursecretgarden.xyz
Redirect permanent / https://cloud.oursecretgarden.xyz/
<VirtualHost *:443>
ServerName cloud.oursecretgarden.xyz
ServerAlias www.cloud.oursecretgarden.xyz
Protocols h2 http:/1.1
<If “%{HTTP_HOST} == ‘cloud.oursecretgarden.xyz’”>
Redirect permanent / https://cloud.oursecretgarden.xyz/
DocumentRoot /var/www/cloud.oursecretgarden.xyz/public_html
ErrorLog {APACHE_LOG_DIR}/cloud.oursecretgarden.xyz-error.log
CustomLog {APACHE_LOG_DIR}/cloud.oursecretgarden.xyz-access.log combined
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/cloud.oursecretgarden.xyz/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.oursecretgarden.xyz/privkey.pem
Other Apache Configuration
However If I try to access to the web page using the https://local IP instead of the domain name it works.
but If i change: 80 into 443 , I won’t get SSL errors AND i will get “WRONG REDIRECT” problem and i won’t be abble to access it by https://IP or either name domain.
If you have any question for i can be more clear here I am, I guess i missed a settings somewhere.
1 Like
Hi @yagami
the SSL_ERROR_RX_RECORD_TOO_LONG error means: Your port 443 sends http content, not https content. So the client expects a TLS-handshake, but the server sends the complete page -> the content is too long.
But checking your site looks like you have fixed that problem. Now you have another problem - a direct loop - https://check-your-website.server-daten.de/?q=cloud.oursecretgarden.xyz
https + non-www redirects to https + non-www.
Perhaps you have a redirect http -> https. Add that only to your port 80 vHost, not to your port 443 vHost.
1 Like
yagami
August 17, 2019, 6:34pm
4
Hum in this case of loop what can I do?
yagami:
<VirtualHost *:443>
ServerName cloud.oursecretgarden.xyz
ServerAlias www.cloud.oursecretgarden.xyz
Protocols h2 http:/1.1
<If “%{HTTP_HOST} == ‘cloud.oursecretgarden.xyz’”>
Redirect permanent / https://cloud.oursecretgarden.xyz/
The redirect seems to be coming from the HTTPS virtual host here.
You need to remove it, or change it to do something else.
yagami
August 18, 2019, 5:19am
6
The file I show is the file created by let’encrypts, so do I need to edit the file 000-default.conf and default-ssl.conf? or those files is not requiered since let’encrypt create a file with the name of the web site?
Also I tried to edit the part you show me, the result is SSL TOO LONG or Apache2 is broken.
Looks like you have a buggy configuration.
What says
apachectl -S
Check your vHost configuration (apachectl -S, nginx -T). Every combination of port and ServerName / ServerAlias (Apache) or Server (Nginx) must be unique. Merge duplicated entries in one vHost.
Read your last check - 40 minutes old - https://check-your-website.server-daten.de/?q=cloud.oursecretgarden.xyz
http is redirected to http -> that's wrong, must be https as destination.
And your https redirect isn't required, but now it's a different redirect, the / at the end is missing.
With that configuration, creating a Letsencrypt certificate via http validation wouldn't work -> Loop.
yagami
August 18, 2019, 8:01am
8
Alright,
there is the answer for apachectl -s
sudo apachectl -S
[sudo] password for nextcloud:
AH00112: Warning: DocumentRoot [/var/www/cloud.oursecretgarden.xyz/public_html] does not exist
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
VirtualHost configuration:
*:80 is a NameVirtualHost
default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost cloud.oursecretgarden.xyz (/etc/apache2/sites-enabled/cloud.oursecretgarden.xyz.conf:1)
alias www.cloud.oursecretgarden.xyz
*:443 cloud.oursecretgarden.xyz (/etc/apache2/sites-enabled/cloud.oursecretgarden.xyz.conf:9)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33
Shall I delete some files en restart properly ?
Good: You don’t have duplicated combinations port / domain name.
Not so good: Your configuration may be buggy.
First: Split your /etc/apache2/sites-enabled/cloud.oursecretgarden.xyz.conf in two files, so you have one config port 80 and one config port 443.
yagami
August 18, 2019, 8:45am
10
My original site-enabled is composed of one file named 000-default.conf and another cloud.oursecretgarden.xyz.conf
I opened cloud.oursecretgarden.xyz.conf
<VirtualHost *:80>
ServerName cloud.oursecretgarden.xyz
ServerAlias www.cloud.oursecretgarden.xyz
Redirect permanent / https://cloud.oursecretgarden.xyz/
</VirtualHost>
<VirtualHost *:443>
ServerName cloud.oursecretgarden.xyz
ServerAlias www.cloud.oursecretgarden.xyz
Protocols h2 http:/1.1
<If "%{HTTP_HOST} == 'cloud.oursecretgarden.xyz'">
Redirect permanent / https://cloud.oursecretgarden.xyz/
</If>
DocumentRoot /var/www/cloud.oursecretgarden.xyz/public_html
ErrorLog ${APACHE_LOG_DIR}/cloud.oursecretgarden.xyz-error.log
CustomLog ${APACHE_LOG_DIR}/cloud.oursecretgarden.xyz-access.log combined
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/cloud.oursecretgarden.xyz/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.oursecretgarden.xyz/privkey.pem
# Other Apache Configuration
</VirtualHost>
so you recommand me to split this file in two file?
how shall I name them?
There
is your wrong redirect. Remove these rows.
Please read the basic documentation. If you remove a starting <IF
- element, you have to remove the content of that element and the ending </IF>
element.
PS: Ah, the quote removes the ending element.
<If "%{HTTP_HOST} == 'cloud.oursecretgarden.xyz'">
Redirect permanent / https://cloud.oursecretgarden.xyz/
</If>
yagami
August 18, 2019, 8:53am
12
wow you are right;
I deleted it and it is working, I didn't writed this line i tough it came automatically with let's encrypt ?
So if I type again the previous command you gave me,
Apachectl -S
sudo apachectl -S
AH00112: Warning: DocumentRoot [/var/www/cloud.oursecretgarden.xyz/public_html] does not exist
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80 is a NameVirtualHost
default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost cloud.oursecretgarden.xyz (/etc/apache2/sites-enabled/cloud.oursecretgarden.xyz.conf:1)
alias www.cloud.oursecretgarden.xyz
*:443 cloud.oursecretgarden.xyz (/etc/apache2/sites-enabled/cloud.oursecretgarden.xyz.conf:9)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
It's correct in your port 80 vHost, but not in your port 443 vHost.
That may be the problem if you have all in one file.
yagami
August 18, 2019, 9:32am
14
So, with your help we discovering that delete:
<If "%{HTTP_HOST} == 'cloud.oursecretgarden.xyz'">
Redirect permanent / https://cloud.oursecretgarden.xyz/
</If>
Allow me to access the website in HTTPS,
However regarding the result of the command:
systemctl apache2 -s
AH00112: Warning: DocumentRoot [/var/www/cloud.oursecretgarden.xyz/public_html] does not exist
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80 is a NameVirtualHost
default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost cloud.oursecretgarden.xyz (/etc/apache2/sites-enabled/cloud.oursecretgarden.xyz.conf:1)
alias www.cloud.oursecretgarden.xyz
*:443 cloud.oursecretgarden.xyz (/etc/apache2/sites-enabled/cloud.oursecretgarden.xyz.conf:9)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
Seem the configuration remain not proper enough isn’t it?
And the result of check my website show me some information that remain obscure to me.
Misconfiguration - http-status 400 - 499
Thank you to take time to help me understand and fixing those code.
There is no content, a simple http status 404 - Not Found.
Where is your content? Or an index.html file?
yagami
August 18, 2019, 11:02am
16
That’s is interessting because I use this Apache server to use Nextcloud so nextcloud is in my VM, maybe it is cause by a wrong configuration.
The nextcloud is reachable and working fine.
If you don’t want content there, the 404 is ok.
And https://cloud.oursecretgarden.xyz/nextcloud/
works.
system
Closed
September 17, 2019, 2:57pm
20
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.