Some challenges have failed

hahahaha I just installed nginx to run your command, it was not installed before

OK, let's show this again:
httpd -t -D DUMP_VHOSTS

3 Likes

[root@localhost ~]# httpd -t -D DUMP_VHOSTS
[Tue Nov 22 16:33:28.423449 2022] [so:warn] [pid 2023] AH01574: module php7_module is already loaded, skipping
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
110.174.21.194:80 andashare.andatech.com (/etc/httpd/sites-enabled/andashare.conf:1)
172.18.1.10:2020 cftp.com (/etc/httpd/sites-enabled/cftp.conf:1)

OK, let's have a look at this file:

We can make sure it has both servernames and can handle the challenge requests.
[this will require the addition of a location code]
We can then use the --webroot path to overcome the previous error.

3 Likes

Could be related to using an IP address in the <VirtualHost> statement. Not sure how Certbot makes the temporary <VirtualHost> for the challenge, but could have an incompatibility with the IP address when using <VirtualHost *:80>.

4 Likes

Thank you guys, much appreciated for your time.
Yes the IP was the issue @Osiris, I changed it to * and it worked.

But now, when I try https://andashare.andatech.com, it can not load the website! Do I need to do something else? I already restarted apache after installing the cert.

  1. is the firewall open for HTTPS Port 443?
  2. is HTTPS Port 443 being forwarded from (I assume) the NAT router?
  3. is your server serving HTTPS Port 443 on the local network?
$ nmap -Pn andashare.andatech.com
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2022-11-22 14:18 PST
Nmap scan report for andashare.andatech.com (110.174.21.194)
Host is up (0.19s latency).
rDNS record for 110.174.21.194: 110-174-21-194.static.tpgi.com.au
Not shown: 992 closed ports
PORT     STATE    SERVICE
25/tcp   filtered smtp
80/tcp   open     http
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
646/tcp  filtered ldp
2000/tcp open     cisco-sccp
8291/tcp filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 9.97 seconds
2 Likes

Yes, the port is open and already been NAT on the router

also I added this lines the htaccess to redirect https to http :

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

OK; nmap is now showing Port 443 open :slight_smile:

$ nmap -Pn andashare.andatech.com
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2022-11-22 14:45 PST
Nmap scan report for andashare.andatech.com (110.174.21.194)
Host is up (0.19s latency).
rDNS record for 110.174.21.194: 110-174-21-194.static.tpgi.com.au
Not shown: 991 closed ports
PORT     STATE    SERVICE
25/tcp   filtered smtp
80/tcp   open     http
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
443/tcp  open     https
445/tcp  filtered microsoft-ds
646/tcp  filtered ldp
2000/tcp open     cisco-sccp
8291/tcp filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 8.59 seconds

With curl I get error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version

$ curl -I https://andashare.andatech.com
curl: (35) error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version
$ curl https://andashare.andatech.com
curl: (35) error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version
$

At this point, kindly wait for more knowledgeable Let's Encrypt community volunteers to assist.

3 Likes

You have that backward. You should rewrite http to https. But, that is not causing the https on port 443 problem.

Your port 443 is not handling https (it is handling http). You should review your NAT and your Apache config. Can you show output of this again:

httpd -t -D DUMP_VHOSTS

HTTPS and port 443 are wrong because:

This should not work (http to port 443)
curl -I http://andashare.andatech.com:443
HTTP/1.1 200 OK
Date: Tue, 22 Nov 2022 22:52:01 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.32
X-Powered-By: PHP/7.4.32

and this should:
curl -I https://andashare.andatech.com
curl: (35) error:0A00010B:SSL routines::wrong version number
4 Likes

Here is the output: So where Do I need to change the config? I'm sure about the NAT part

[root@localhost ~]# httpd -t -D DUMP_VHOSTS
[Wed Nov 23 11:11:16.574825 2022] [so:warn] [pid 4186] AH01574: module php7_module is already loaded, skipping
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
110.174.21.194:443 andashare.andatech.com (/etc/httpd/conf.d/andashare-le-ssl.conf:2)
172.18.1.10:2020 cftp.com (/etc/httpd/sites-enabled/cftp.conf:1)
*:80 andashare.andatech.com (/etc/httpd/sites-enabled/andashare.conf:1)

Can you show contents of that file?

As for NAT, you already mentioned it. Check to ensure that incoming requests to port 443 get sent to port 443 on the Apache machine (and back). Sometimes people wrongly send port 443 to port 80.

4 Likes

Yes, it's 443 to 443.

1 Like

Try changing the VirtualHost to

<VirtualHost *:443>

like you did for your http (port 80) VHost

4 Likes

Now the error changed, something happened hahaha

when I browse https://andashare.andatech.com, it redirect me to Andashare- Cloud Storage.

image
Is that the correct path?
If so, then let's confirm it is being served.
Try putting a test txt file there:
echo "testing" > /var/www/andashare/html/test.txt

Then it should be visible via:
https://andashare.andatech.com/test.txt

3 Likes

The path is correct but it doesn't come up. just a good sign, Andashare shows secured

I typed this url https://andashare.andatech.com/ and saw this. Did you fix something? Because your path has an added /public but I was not redirected to that

3 Likes

Yes, I changed .env file and changed the domain name to https.....

Much appreciated for your help and your time. Thank you all :heart_eyes:

3 Likes