SSL Tomcat https error


#1

Hello to all
I read this guide to configure the SSL certificate on TOMCAT “Configuring Let’s Encrypt with Tomcat 6.x and 7.x” I have done all the steps point by point. Now calling my site https://miosito.cloud:8443 or https://miosito.cloud:443 or https://miosito.cloud I generate the following error: “UNABLE TO REACH THE SITE”. for what reason?
my site is visible only by putting the “http” protocol.
My cloud is in a CENTOS operating system with TOMCAT 8 application server
thanks for your help


#2

I’m getting an ERR_CONNECTION_REFUSED error. I guess nothing is listening on port 443. Or 8443.

Is Tomcat listening on port 8443? Is your firewall and/or portmaps set up correctly?


#3

Hi @gabber3000

I can’t find a certificate:

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:miosito.cloud&lu=cert_search

So your certbot - command didn’t work.

If you test something like

certbot certificates

a certificate should be shown.


#4

I entered the URL of my site receiving three certificates issued by “Let’s Encrypt Authority X3 valid from 20/07/218 until 18/10/218” this means that certbot worked is correct? at this point the problem may be that my iptables is blocking some port?


#5

this is the result of my ports via iptables -L command
target prot opt source destination
ACCEPT all – anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp – anywhere anywhere
ACCEPT all – anywhere anywhere
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:webcache
ACCEPT tcp – anywhere anywhere tcp dpt:http state NEW,ESTABLISHED
ACCEPT tcp – anywhere anywhere state NEW tcp dpt:ssh
REJECT all – anywhere anywhere reject-with icmp-host-prohibited
ACCEPT tcp – anywhere anywhere tcp dpt:pcsync-https
ACCEPT tcp – anywhere anywhere tcp dpt:https
ACCEPT tcp – anywhere anywhere tcp dpt:pcsync-https

    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination

#6

Thanks for helping all of you. I solved my problem by moving the record from iptables
REJECT all - anywhere anywhere reject - with icmp - host - prohibited
at the last position like this:
ACCEPT tcp - anywhere anywhere tcp dpt: https state NEW, ESTABLISHED
ACCEPT tcp - anywhere anywhere tcp dpt: pcsync-https state NEW, ESTABLISHED
REJECT all - anywhere anywhere reject - with icmp - host - prohibited


#8

I also read the guide to configure the SSL certificate on TOMCAT Configuring Let’s Encrypt with Tomcat I also got an error with my blog bloggingbook after completing the process.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.