It sure sounds like I'm doing it correctly. Juicy steak?
3 Likes
I keep the begin & end lines for the two certs in cabundle.crt right? (ie: There are two sets of begin & end)
2 Likes
Cajun shrimp. 
Yep, keep the header and footer. They're required. The end of the previous certificate and beginning of the next certificate should be on separate lines.
Try getting rid of the SSLCertificateChainFile directive in your port 443 VirtualHost and just putting the fullchain file (as described above) for SSLCertificateFile. That means you'll only have an SSLCertificateKeyFile and an SSLCertificateFile with three certificates inside, not an SSLCertificateChainFile.
4 Likes
Maybe that's where it's messed up, the private key, that goes into /etc/ssl/private . What should it's file name be? I have it as privatekey.pem, and changed the default-ssl-conf with that as well.
2 Likes
...I'm recreating the files again as you suggested...
2 Likes
Same result.... no https. SSH in?
2 Likes
I might be able to take a look around if you private message me the SSH credentials. Just click on my user name and you should see a Message button.
By the way, I'm not sure how https can work for you with your port 443 being closed.
6 Likes
Not seeing a private msg link anywhere around your name/profile, sorry. I can email you back: fredair3@ gmail.com.
And 443 is opened on my router if that's what you mean?! Is it not on the box?
2 Likes
I thought I disabled the UFW... I'll have to look into opening that up, sorry. EM me and I'll send deets.
3 Likes
It is:
login as: fred
fred@192.168.0.55's password:
Last login: Wed May 12 16:01:34 2021 from 192.168.0.34
fred@Fred-DME:~$
fred@Fred-DME:~$ sudo ufw status verbose
[sudo] password for fred:
Status: inactive
fred@Fred-DME:~$ ^C
fred@Fred-DME:~$
2 Likes
I do see that 443 is not open. Grrrrrr. So my port forwarding on my router isn't working. Strange, it forwards 80, but not 443...same entries.
2 Likes
your port answers - with a blocking answer, see fredcolclough.com - Make your website better - DNS, redirects, mixed content, certificates
Answer after 1,5 seconds, not a timeout after 10 seconds.
Looks like a blocking firewall, failban or another thing.
So your port forwarding isn't the problem.
3 Likes
It's a base Linux Mint 19.1 system...pure. Installed LAMP via Wordpress instructions.
If not UFW, where else can I look?
1 Like
And SSL still isn't working since I can't get https from INSIDE my lan, unless it's on the box itself blocking. I've never seen 443 blocked in Ubuntu other than UFW.
1 Like
If it doesn't work internal, it can't work external. That's expected.
1 Like
Hmmm. I'm at a loss then... email me?
1 Like
Well, I've tried adding the rule for UFW anyway, even activating it, deactivating, etc. Still can't seem to open 443 on the box.
1 Like
What is the output of this command?
sudo apachectl -S
4 Likes
login as: fred
fred@192.168.0.55's password:
Last login: Thu May 13 13:56:35 2021 from 192.168.0.34
fred@Fred-DME:~$ sudo apachectl -S
[sudo] password for fred:
VirtualHost configuration:
*:80 127.0.0.1 (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
fred@Fred-DME:~$
2 Likes