So close to getting my SSL to work - can someone please give some guidance?

Hi!

So I am running centos 7.7 , I am running apache, and SQLite for my database… My domain is thermal.website where I am using it just as a Nextcloud login for a few users. I am trying to create a SSL with Let’s encrypt and I have the certificates created but for some reason am coming up against this error:

This site can’t provide a secure connection

thermal.website sent an invalid response.

  • [Try running Windows Network Diagnostics](javascript:diagnoseErrors()).

ERR_SSL_PROTOCOL_ERROR

I have a suspicion of what is going on - and it is that for some reason my web server is serving HTTP over 443 - but I can’t figure out how or where to change this.

So, some config files to give a bigger picture -

my apache nextcloud config file that is located in /etc/httpd/conf.d/nextcloud.conf:


<VirtualHost :443>
** ServerName thermal.website
*
** ServerAdmin garyhall@trinc.ca**
** DocumentRoot /var/www/html/nextcloud**
# RewriteEngine On
# RewriteCond %{HTTPS} off
# RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
** Alias /nextcloud “/var/www/html/nextcloud/”**
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =thermal.website
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/thermal.website-0002/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/thermal.website-0002/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/thermal.website-0002/chain.pem

One more odd behavior - if I goto http://thermal.website:443 I can get to the login screen - Obviously unsecured using http - but any other combination, like https://thermal.website or even http://thermal.website won’t come back.

Please, anyone that can give me a hand with this I will be so grateful.

Thanks

1 Like

Hi @mitcHELLspawn

first, you have created some certificates - https://check-your-website.server-daten.de/?q=thermal.website#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-12-01 2020-02-29 thermal.website - 1 entries duplicate nr. 3
Let’s Encrypt Authority X3 2019-12-01 2020-02-29 thermal.website - 1 entries duplicate nr. 2
Let’s Encrypt Authority X3 2019-11-29 2020-02-27 thermal.website - 1 entries duplicate nr. 1

So that part has worked.

Second: Your http works, your https not, instead, http + port 443 works.

Is your port forwarding correct?

Extern port 80 -> intern port 80
Extern port 443 -> intern port 443?

Third: Works your https internal, from that machine?

curl http://thermal.website/
curl https://thermal.website/

or

curl http://thermal.website:443/

What says

apachectl -S
2 Likes

Hi there. first, thanks for helping.

OKay so the output for the curl commands :

[root@localhost conf.d]# curl http://thermal.website/
!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”
301 Moved Permanently
Moved Permanently
The document has moved here.

[root@localhost conf.d]# curl https://thermal.website/
curl: (35) SSL received a record that exceeded the maximum permissible length.

[root@localhost conf.d]# curl http://thermal.website:443/
!DOCTYPE html>

     window.location.href="index.php";
    meta http-equiv="refresh" content="0; URL=index.php"

Output of apachectl -S -

[root@localhost conf.d]# apachectl -S
VirtualHost configuration:
*:80 is a NameVirtualHost
default server 192.168.0.110 (/etc/httpd/conf.d/nc.conf:1)
port 80 namevhost 192.168.0.110 (/etc/httpd/conf.d/nc.conf:1)
port 80 namevhost thermal.website (/etc/httpd/conf.d/nextcloudmike.conf:1)
*:443 is a NameVirtualHost
default server 192.168.0.110 (/etc/httpd/conf.d/nc.conf:14)
port 443 namevhost 192.168.0.110 (/etc/httpd/conf.d/nc.conf:14)
port 443 namevhost thermal.website (/etc/httpd/conf.d/nextcloud.conf:2)
port 443 namevhost thermal.website (/etc/httpd/conf.d/nextcloudmike-le-ssl.conf:2)
port 443 namevhost thermal.website (/etc/httpd/conf.d/ssl.conf:56)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/etc/httpd/logs/error_log”
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
PidFile: “/run/httpd/httpd.pid”
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“apache” id=48
Group: name=“apache” id=48

1 Like

Wow I just realized with the apachectl -S

Those are all the wrong files ------ the port 80 namevhost thermal.website should be /etc/httpd/conf.d/nextcloud.conf

also nc.conf should not be there

and for 443 namevhost nextcloudmike-le-ssl.conf should not be there either!

How can I make them all point at the correct nextcloud.conf ?

That’s

wrong. Every combination of port and domain name must be unique, you have three vHosts instead of one.

How did you create your certificate? With Certbot?

If yes, may be the easiest solution:

  • Make a backup
  • remove alle three vHosts (a2dissite)
  • certbot --reinstall -i apache -d thermal.website - certbot should find the certificate and should create a correct port 443 vHost

Or fix it manual, merge the three vHosts in one.

4 Likes

Oh my goodness! THank you so so so much.

you are my savior sir! It works :slight_smile: I had all those old misconfigured conf files in the conf.d folder and not realizing that apache was seeing them as actual config files - I thought only nextcloud.conf was being picked up.

Once I removed all the extra conf files from the folder and reinstalled the cert it worked perfectly!!

Thanks again sir!

4 Likes