hahahaha I just installed nginx to run your command, it was not installed before
OK, let's show this again:
httpd -t -D DUMP_VHOSTS
3 Likes
[root@localhost ~]# httpd -t -D DUMP_VHOSTS
[Tue Nov 22 16:33:28.423449 2022] [so:warn] [pid 2023] AH01574: module php7_module is already loaded, skipping
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
110.174.21.194:80 andashare.andatech.com (/etc/httpd/sites-enabled/andashare.conf:1)
172.18.1.10:2020 cftp.com (/etc/httpd/sites-enabled/cftp.conf:1)
OK, let's have a look at this file:
We can make sure it has both servernames and can handle the challenge requests.
[this will require the addition of a location code]
We can then use the --webroot path to overcome the previous error.
3 Likes
Could be related to using an IP address in the <VirtualHost> statement. Not sure how Certbot makes the temporary <VirtualHost> for the challenge, but could have an incompatibility with the IP address when using <VirtualHost *:80>.
4 Likes
Thank you guys, much appreciated for your time.
Yes the IP was the issue @Osiris, I changed it to * and it worked.
But now, when I try https://andashare.andatech.com, it can not load the website! Do I need to do something else? I already restarted apache after installing the cert.
- is the firewall open for HTTPS Port 443?
- is HTTPS Port 443 being forwarded from (I assume) the NAT router?
- is your server serving HTTPS Port 443 on the local network?
$ nmap -Pn andashare.andatech.com
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2022-11-22 14:18 PST
Nmap scan report for andashare.andatech.com (110.174.21.194)
Host is up (0.19s latency).
rDNS record for 110.174.21.194: 110-174-21-194.static.tpgi.com.au
Not shown: 992 closed ports
PORT STATE SERVICE
25/tcp filtered smtp
80/tcp open http
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
646/tcp filtered ldp
2000/tcp open cisco-sccp
8291/tcp filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 9.97 seconds
2 Likes
Yes, the port is open and already been NAT on the router
also I added this lines the htaccess to redirect https to http :
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
OK; nmap is now showing Port 443 open 
$ nmap -Pn andashare.andatech.com
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2022-11-22 14:45 PST
Nmap scan report for andashare.andatech.com (110.174.21.194)
Host is up (0.19s latency).
rDNS record for 110.174.21.194: 110-174-21-194.static.tpgi.com.au
Not shown: 991 closed ports
PORT STATE SERVICE
25/tcp filtered smtp
80/tcp open http
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
646/tcp filtered ldp
2000/tcp open cisco-sccp
8291/tcp filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 8.59 seconds
With curl I get error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version
$ curl -I https://andashare.andatech.com
curl: (35) error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version
$ curl https://andashare.andatech.com
curl: (35) error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version
$
At this point, kindly wait for more knowledgeable Let's Encrypt community volunteers to assist.
4 Likes
You have that backward. You should rewrite http to https. But, that is not causing the https on port 443 problem.
Your port 443 is not handling https (it is handling http). You should review your NAT and your Apache config. Can you show output of this again:
httpd -t -D DUMP_VHOSTS
HTTPS and port 443 are wrong because:
This should not work (http to port 443)
curl -I http://andashare.andatech.com:443
HTTP/1.1 200 OK
Date: Tue, 22 Nov 2022 22:52:01 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.32
X-Powered-By: PHP/7.4.32
and this should:
curl -I https://andashare.andatech.com
curl: (35) error:0A00010B:SSL routines::wrong version number
4 Likes
Here is the output: So where Do I need to change the config? I'm sure about the NAT part
[root@localhost ~]# httpd -t -D DUMP_VHOSTS
[Wed Nov 23 11:11:16.574825 2022] [so:warn] [pid 4186] AH01574: module php7_module is already loaded, skipping
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
110.174.21.194:443 andashare.andatech.com (/etc/httpd/conf.d/andashare-le-ssl.conf:2)
172.18.1.10:2020 cftp.com (/etc/httpd/sites-enabled/cftp.conf:1)
*:80 andashare.andatech.com (/etc/httpd/sites-enabled/andashare.conf:1)
Can you show contents of that file?
As for NAT, you already mentioned it. Check to ensure that incoming requests to port 443 get sent to port 443 on the Apache machine (and back). Sometimes people wrongly send port 443 to port 80.
4 Likes
Try changing the VirtualHost to
<VirtualHost *:443>
like you did for your http (port 80) VHost
4 Likes
Now the error changed, something happened hahaha
when I browse https://andashare.andatech.com, it redirect me to Andashare- Cloud Storage.
Is that the correct path?
If so, then let's confirm it is being served.
Try putting a test txt file there:
echo "testing" > /var/www/andashare/html/test.txt
Then it should be visible via:
https://andashare.andatech.com/test.txt
3 Likes
The path is correct but it doesn't come up. just a good sign, Andashare shows secured
I typed this url https://andashare.andatech.com/ and saw this. Did you fix something? Because your path has an added /public but I was not redirected to that
3 Likes
Yes, I changed .env file and changed the domain name to https.....
Much appreciated for your help and your time. Thank you all 
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.