SSL problem with only the domain

That's the correct result. Two certificates provided: your leaf certificate and R3 signed by ISRG Root X1.

4 Likes

So sometimes the redirect doesn't happen?

3 Likes

The address works half the time, but always redirects to https://

https:// work always

1 Like

Please show:
ps -ef | grep -i apache | grep -v grep

4 Likes

I concur with @rg305's direction here. You might have old apache processes floating.

2 Likes

root@Concretise:/etc/letsencrypt/live/concretise.ca# ps -ef | grep -i apache | grep -v grep
root 22617 1 0 19:09 ? 00:00:03 /usr/sbin/apache2 -k start
www-data 49903 22617 1 19:49 ? 00:00:06 /usr/sbin/apache2 -k start
www-data 49908 22617 2 19:49 ? 00:00:08 /usr/sbin/apache2 -k start
www-data 49912 22617 2 19:49 ? 00:00:10 /usr/sbin/apache2 -k start
www-data 49914 22617 0 19:49 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 49917 22617 1 19:49 ? 00:00:05 /usr/sbin/apache2 -k start
www-data 49923 22617 1 19:50 ? 00:00:03 /usr/sbin/apache2 -k start
www-data 49927 22617 1 19:50 ? 00:00:03 /usr/sbin/apache2 -k start
www-data 49934 22617 3 19:52 ? 00:00:06 /usr/sbin/apache2 -k start
www-data 49939 22617 1 19:52 ? 00:00:03 /usr/sbin/apache2 -k start

1 Like

mmmm.... normal?

1 Like

Yes, that looks normal.

Please show:
apachectl -t -D DUMP_VHOSTS

4 Likes
VirtualHost configuration:
*:443 is a NameVirtualHost
 default server 168.235.68.182 (/etc/apache2/sites-enabled/concretise-le-ssl.conf:2)
 port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/concretise-le-ssl.conf:2)
 alias www.concretise.ca
 alias concretise.ca
 port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/concretise-le-ssl.conf:22)
 alias concretise.ca
 port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/discord-le-ssl.conf:2)
 alias discord.concretise.ca
 port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/intensy-le-ssl.conf:2)
 alias www.intensy.org
 port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/jeconcretise-le-ssl.conf:2)
 alias je.concretise.ca
 port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/mokatkreation-le-ssl.conf:2)
 alias mokatkreation.tk
 port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/mokatkreation-le-ssl.conf:28)
 alias www.mokatkreation.tk
 port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/mokatkreation-le-ssl.conf:77)
 alias www.mokatkreation.tk
 port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/pixabay-le-ssl.conf:2)
 alias pixabay.concretise.ca
 port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/webmail-le-ssl.conf:2)
 alias webmail.concretise.ca
*:80 is a NameVirtualHost
 default server 168.235.68.182 (/etc/apache2/sites-enabled/concretise-le-ssl.conf:41)
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/concretise-le-ssl.conf:41)
 alias concretise.ca
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/concretise.conf:1)
 alias www.concretise.ca
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/concretise.conf:18)
 alias concretise.ca
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/discord-le-ssl.conf:26)
 alias discord.concretise.ca
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/discord.conf:1)
 alias discord.concretise.ca
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/intensy-le-ssl.conf:27)
 alias www.intensy.org
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/intensy.conf:1)
 alias www.intensy.org
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/jeconcretise-le-ssl.conf:20)
 alias je.concretise.ca
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/jeconcretise.conf:1)
 alias je.concretise.ca
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/mokatkreation-le-ssl.conf:54)
 alias mokatkreation.tk
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/mokatkreation.conf:1)
 alias www.mokatkreation.tk
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/mokatkreation.conf:18)
 alias mokatkreation.tk
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/pixabay-le-ssl.conf:26)
 alias pixabay.concretise.ca
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/pixabay.conf:1)
 alias pixabay.concretise.ca
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/webmail-le-ssl.conf:26)
 alias webmail.concretise.ca
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/webmail.conf:1)
 alias webmail.concretise.ca

ok I understand why..

1 Like

You have nine name:port overlaps.

 port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/concretise-le-ssl.conf:2)
 alias www.concretise.ca
 alias concretise.ca  <<<<<
 port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/concretise-le-ssl.conf:22)
 alias concretise.ca  <<<<<

 port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/mokatkreation-le-ssl.conf:28)
 alias www.mokatkreation.tk  <<<<<
 port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/mokatkreation-le-ssl.conf:77)
 alias www.mokatkreation.tk  <<<<<

 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/concretise-le-ssl.conf:41)
 alias concretise.ca  <<<<<
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/concretise.conf:18)
 alias concretise.ca  <<<<<

 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/discord-le-ssl.conf:26)
 alias discord.concretise.ca  <<<<<
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/discord.conf:1)
 alias discord.concretise.ca  <<<<<

 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/intensy-le-ssl.conf:27)
 alias www.intensy.org  <<<<<
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/intensy.conf:1)
 alias www.intensy.org  <<<<<

 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/jeconcretise-le-ssl.conf:20)
 alias je.concretise.ca  <<<<<
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/jeconcretise.conf:1)
 alias je.concretise.ca  <<<<<

 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/mokatkreation-le-ssl.conf:54)
 alias mokatkreation.tk  <<<<<
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/mokatkreation.conf:18)
 alias mokatkreation.tk  <<<<<

 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/pixabay-le-ssl.conf:26)
 alias pixabay.concretise.ca  <<<<<
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/pixabay.conf:1)
 alias pixabay.concretise.ca  <<<<<

 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/webmail-le-ssl.conf:26)
 alias webmail.concretise.ca  <<<<<
 port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/webmail.conf:1)
 alias webmail.concretise.ca  <<<<<

And you are using the IP as the name on every server block.

3 Likes

I don't know why but letsencrypt have copied a *:80 in ssl.conf of each vhost

I modify and try in 5 minutes..

1 Like

Likely has to do with the use of the name only as an alias.

4 Likes
VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server 168.235.68.182 (/etc/apache2/sites-enabled/concretise-le-ssl.conf:2)
         port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/concretise-le-ssl.conf:2)
                 alias www.concretise.ca
                 alias concretise.ca
         port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/concretise-le-ssl.conf:22)
                 alias concretise.ca
         port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/discord-le-ssl.conf:2)
                 alias discord.concretise.ca
         port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/intensy-le-ssl.conf:2)
                 alias www.intensy.org
         port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/jeconcretise-le-ssl.conf:2)
                 alias je.concretise.ca
         port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/mokatkreation-le-ssl.conf:2)
                 alias mokatkreation.tk
         port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/mokatkreation-le-ssl.conf:28)
                 alias www.mokatkreation.tk
         port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/pixabay-le-ssl.conf:2)
                 alias pixabay.concretise.ca
         port 443 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/webmail-le-ssl.conf:2)
                 alias webmail.concretise.ca
*:80                   is a NameVirtualHost
         default server 168.235.68.182 (/etc/apache2/sites-enabled/concretise.conf:1)
         port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/concretise.conf:1)
                 alias www.concretise.ca
         port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/concretise.conf:18)
                 alias concretise.ca
         port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/discord.conf:1)
                 alias discord.concretise.ca
         port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/intensy.conf:1)
                 alias www.intensy.org
         port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/jeconcretise.conf:1)
                 alias je.concretise.ca
         port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/mokatkreation.conf:1)
                 alias www.mokatkreation.tk
         port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/mokatkreation.conf:18)
                 alias mokatkreation.tk
         port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/pixabay.conf:1)
                 alias pixabay.concretise.ca
         port 80 namevhost 168.235.68.182 (/etc/apache2/sites-enabled/webmail.conf:1)
                 alias webmail.concretise.ca

Look better...

<VirtualHost *:80>
ServerName 168.235.68.182
ServerAlias webmail.concretise.ca

is it wrong?

Yes that's "wrong".
An IP is NOT a name.
And you use that "name" in every server block.

5 Likes

my last config was

<VirtualHost *:80>
ServerName concretise.ca
ServerAlias concretise.ca

but apache service let me know the servername wasn't correct

Why would you alias the same exact name?
[an alias is like a secondary name]

Most people would do something like:

ServerName concretise.ca
ServerAlias www.concretise.ca
5 Likes

Ok it changed on each...

I can "review" it, if you post it.

5 Likes