SSL is not working

Hi,

I am trying to configure SSL for my site. I have installed everything that mentioned in doc. But the site is not working.
https://www.mycampusws.com

Can you please help?

regards,
hafiz

Hi @hafiz

please answer the following questions. We need informations about your environment, your client and your command you have used.

--

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):


Checking your domain there are already certificates - https://check-your-website.server-daten.de/?q=mycampusws.com#ct-logs

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-07-28 2019-10-26 www.mycampusws.com - 1 entries duplicate nr. 1
Let's Encrypt Authority X3 2019-07-16 2019-10-14 www.mycampusws.com - 1 entries
cPanel, Inc. Certification Authority 2019-07-16 2019-10-14 cpanel.mycampusws.com, mail.mycampusws.com, mycampusws.com, webdisk.mycampusws.com, webmail.mycampusws.com, www.mycampusws.com - 6 entries
Amazon 2019-07-14 2020-08-14 www.mycampusws.com - 1 entries
cPanel, Inc. Certification Authority 2019-07-13 2019-10-11 cpanel.mycampusws.com, mail.mycampusws.com, mycampusws.com, webdisk.mycampusws.com, webmail.mycampusws.com, www.mycampusws.com - 6 entries

If you use cPanel, you shouldn't use another client.

But you don't use that certificate.

Domainname Http-Status redirect Sec. G
http://mycampusws.com/
174.138.25.21 200 0.583 H
http://www.mycampusws.com/
174.138.25.21 200 0.546 H
https://mycampusws.com/
174.138.25.21 -14 10.027 T
Timeout - The operation has timed out
https://www.mycampusws.com/
174.138.25.21 -14 10.027 T
Timeout - The operation has timed out
http://mycampusws.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
174.138.25.21 404 0.527 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.2.15 (CentOS) Server at mycampusws.com Port 80
http://www.mycampusws.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
174.138.25.21 404 0.566 A
Not Found
Visible Content: Not Found The requested URL /.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de was not found on this server. Apache/2.2.15 (CentOS) Server at www.mycampusws.com Port 80

Only timeouts.

Hi JuergenAuer,

Thanks for your reply. Here is the feedback of your mail.

My domain is:

I ran this command: https://www.mycampusws.com/index.html

but it works
http://www.mycampusws.com/index.html

It produced this output: TIMEDOUT

My web server is (include version): Server version: Apache/2.2.15 (Unix)

The operating system my web server runs on is (include version): CentOS release 6.9 (Final)

My hosting provider, if applicable, is: DigitalOcean

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No control Panel, manage DNS, Cname records from DigitalOcean

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot-auto --version
certbot 0.36.0

I have run the below command and configuration to install LET’S ENCRYPTE

sudo yum install mod_ssl

  1. sudo yum install epel-release

sudo yum -y install yum-utils

  1. INSTALLING CERTBOT

wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto

  1. Add below line in apache
    ServerName www.mycampusws.com
    /etc/httpd/conf

<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName www.mycampusws.com
ServerAdmin info@techants.com

<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName *.mycampusws.com
ServerAdmin info@techants.com

sudo service httpd restart

Cd /usr/local/bin
sudo /usr/local/bin/certbot-auto --apache

What says

apachectl -S

Looks like your vHost configuration is buggy.

PS: Does your port 443 work internal? Something like

curl https://www.mycampusws.com/

from your console.

Is there a blocking firewall or a wrong configured router?

1 Like

Hi JuergenAuer,

Thanks for your reply. I have updated vhost as per your feedback. I have run 2 command that you suggested and here is the screenshot attached.

Whenever I run the site in browser it shows timeout error.

https://www.mycampusws.com/

Your feedback is highly appreciated.

regards,

hafiz

curl_screenshot.png

Hi @hafiz,

You have a firewall somewhere that is intentionally blocking inbound connections from the rest of the Internet to this server. I can see the same ICMP message from the firewall that I saw with this other user

You'll need to find the firewall and change the firewall policy. It could be a firewall on your server itself, like ufw, or in your hosting environment, like a policy group.

Hi Schoen,

Thanks for your prompt reply. I have run iptables command and found as screenshot.

Can you please suggest me further step.

regards

hafiz

If apachectl -S doesn't work, use

httpd -S

CentOS - specific :wink:

Hi JuergenAuer,

apachectl and httpd both working fine. But I found that site is showing timeout error.

Based on Mr. schoen feedback he suspect it is occurring due to FIREWAL. Then I checked with iptables command found attached.

please suggest further instructions.

REGARDS,

hafiz

I know. Change your firewall. Simple: Stop it.

The idea of the test was: Checking, if it works internal. Now we know it works internal.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.