Ssl not working with any configuration

Help
1

I have a very similar situation to this:

My domain is:

13.41.152.31

sudo apache2ctl -S

outputs

VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server ip-172-26-10-245.eu-west-2.compute.internal (/etc/apache2/sites-enabled/default-ssl.conf:2)
         port 443 namevhost ip-172-26-10-245.eu-west-2.compute.internal (/etc/apache2/sites-enabled/default-ssl.conf:2)
         port 443 namevhost modahairsalon.co.uk (/etc/apache2/sites-enabled/moda-hair-le-ssl.conf:2)
                 alias www.modahairsalon.co.uk
*:80                   modahairsalon.co.uk (/etc/apache2/sites-enabled/moda-hair.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default 
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

certbot 1.27.0
on
apache2
Running on:
Ubuntu 20.04 LTS
Connected to serv via SSH

certbot 1.27.0

not only that but my apache2 is not respecting my server name or server alias. I have connected via telnet to 13.41.152.31 on both port 80 and port 443 and both are open, so I believe it is not a firewall issue. When I navigate directly to 13.41.152.31 the website loads perfectly so apache2 is doing some sort of job.

I have been racking my brains for days to no avail.

1 Like
2

I can connect on port 80 but not on port 443.

Port 443 does look like a firewall is blocking it.

4 Likes
3 
sudo  nmap -sA -p 22,80,443 modahairsalon.co.uk
Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-03 18:04 PDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn

Something/Someone/Somehow is blocking connection to your server

sudo  nmap -sA -Pn -p 22,80,443 modahairsalon.co.uk
Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-03 18:04 PDT
Nmap scan report for modahairsalon.co.uk (13.41.152.31)
Host is up.
rDNS record for 13.41.152.31: ec2-13-41-152-31.eu-west-2.compute.amazonaws.com

PORT    STATE    SERVICE
22/tcp  filtered ssh
80/tcp  filtered http
443/tcp filtered https

And traceroute breaks before arriving at your server
Screenshot_2022-06-03_18-08-52

9 Likes
4

I like those wavey lines.

5 Likes
5

I'm hiding.

9 Likes
6

Hi @yenmangu, and welcome to the LE community forum :slight_smile:

Connected from where?
The Internet can't connect via HTTPS.
See: SSL Server Test: modahairsalon.co.uk (Powered by Qualys SSL Labs)

9 Likes
7

I apologise for not being able to provide more info atm, as I am getting ready to go to work.
this is from ufw

ubuntu@ip-172-26-10-245:~$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere                  
Apache Full                ALLOW       Anywhere                  
OpenSSH                    ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
Apache                     ALLOW       Anywhere                  
22 (v6)                    ALLOW       Anywhere (v6)             
Apache Full (v6)           ALLOW       Anywhere (v6)             
OpenSSH (v6)               ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)             
Apache (v6)                ALLOW       Anywhere (v6)             

ubuntu@ip-172-26-10-245:~$
1 Like
8 
telnet> telnet 13.41.152.31 80
Trying 13.41.152.31...
Connected to ec2-13-41-152-31.eu-west-2.compute.amazonaws.com.
Escape character is '^]'.
1 Like
9 
telnet> telnet 13.41.152.31 443
Trying 13.41.152.31...
Connected to ec2-13-41-152-31.eu-west-2.compute.amazonaws.com.
Escape character is '^]'.
1 Like
10

Thankyou all for your quick replies, I will have a look again in a few hours.

2 Likes
11

Check this as well: Control traffic to your AWS resources using security groups - Amazon Virtual Private Cloud

2 Likes
12

image
image1125×678 102 KB

I’m assuming this is the key part here?

Edit

So how am I able to connect via external IP, and telnet?

1 Like
13

Again, where are you making these connections from?

From the public internet, only these ports are open:

PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http

Test result:

curl -I http://modahairsalon.co.uk
HTTP/1.1 301 Moved Permanently
Date: Sat, 04 Jun 2022 15:26:04 GMT
Server: Apache/2.4.41 (Ubuntu)
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Location: https://modahairsalon.co.uk/
Content-Type: text/html; charset=iso-8859-1

curl -I https://modahairsalon.co.uk
curl: (28) Failed to connect to modahairsalon.co.uk port 443 after 129529 ms: Connection timed out
10 Likes
14

Because someone made a rule to allow it from your IP?

10 Likes
15

Okay I apologise for not providing the entire context. It’s running on a single lightsail instance, which I set up. As far as I can see it’s not on a VPC, and the only firewall rules I’ve added are for openSSH, and Apache, and that’s on the server itself. I can’t see anywhere that says AWS starts a VPC for single lightsail instances.

2 Likes
16

From my external client, which is using a mobile tethered data connection.

17

Have you reviewed your Lightsail firewall rules?

https://lightsail.aws.amazon.com/ls/docs/en_us/articles/understanding-firewall-and-port-mappings-in-amazon-lightsail

11 Likes
18

Erm..

:man_facepalming: turns out only ports 22 and 80 were allowed…thank you! Silly question, but I have a rewrite engine rule in place that directs all http to https, I’m guessing this is why it’s ONLY been accessible by direct IP?

2 Likes
19

:+1:
And in the first reply. :wink:

9 Likes
20

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.