Strange behaviour in Firefox

My domains are: https://www.shufflemix.de https://www.shufflemix.nl https://www.shufflemix.com
I ran this command:
After a first setup, using: sudo certbot --apache
I did not get the result needed i needed. Since i am not so experienced with the —apache command, I than decided to start all over by deleting the /etc/letsencrypt/ folder and also removed the created apache2 vhosts in sites-enabled and sites-available.
Than I used the more method I have been using before:

certbot certonly --webroot -w /var/www/shufflemix.com/www -d shufflemix.com -d shufflemix.de -d shufflemix.nl -d www.shufflemix.com -d www.shufflemix.de -d www.shufflemix.nl

Which went ok. After editing the vhosts to use the new certs it all seemed to work fine. But the strange thing is happening in Firefox. Both the domain.nl and .de are fine. But when selecting the domain.com version (language flag or by clicking home. It is redirecting towards a sub.domain. server.shufflemix.nl including an error for using a wrong certificate. Strange thing is that this is not happening in chrome or safari browser. In these browser it all works as expected!

Before deleting the previous created certs as mentioned above. I also included one for the server.shufflemix.nl but also deleted that before building the new certificates. Are there still parts remaining of this vhost - cert? How to solve this so it also works in firefox?

It produced this output:
My vhosts are like this:

<VirtualHost *:80>
DocumentRoot “/var/www/shufflemix.com/www”
ServerName shufflemix.com
ServerAlias shufflemix.com www.shufflemix.com http://www.shufflemix.com http://shufflemix.com
<Directory “/var/www/shufflemix.com/www”>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride all

Redirect permanent / https://www.shufflemix.com/

<VirtualHost *:443>
DocumentRoot “/var/www/shufflemix.com/www”
ServerName shufflemix.com
ServerAlias shufflemix.com www.shufflemix.com
<Directory “/var/www/shufflemix.com/www”>
Options -Indexes
AllowOverride all

SSLCertificateFile /etc/letsencrypt/live/shufflemix.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/shufflemix.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/shufflemix.com/fullchain.pem
SSLCertificateChainFile /etc/letsencrypt/live/shufflemix.com/chain.pem

Would an redirect in this vhost help here? Redirect permanent / https://www.shufflemix.com/

Found the following certs:
Certificate Name: shufflemix.com
Domains: shufflemix.com shufflemix.de shufflemix.nl www.shufflemix.com www.shufflemix.de www.shufflemix.nl
Expiry Date: 2020-04-12 22:07:04+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/shufflemix.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/shufflemix.com/privkey.pem

This are all the vhosts on the server:
sudo ls /etc/apache2/sites-enabled
000-default.conf dev.shufflemix.de.conf server.shufflemix.nl.conf shufflemix.com-ssl.conf shufflemix.de-ssl.conf shufflemix.nl-ssl.conf
dev.shufflemix.com.conf dev.shufflemix.nl.conf shufflemix.com.conf shufflemix.de.conf shufflemix.nl.conf

My web server is (include version):
Apache2 webserver
The operating system my web server runs on is (include version):
Debian 10

I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

1 Like

Hi @mr_certbot

I don’t see that error with my FireFox.

Looks like you have an old cache. Clean it.

PS: Or use a private window to test that.

2 Likes

Without any logic around that directive, it probably would cause a redirect loop, as you have the Redirect inside the same virtualhost as the destination.

Also, no strange redirects here in Firefox. Works nicely.

PS: Curious that you have created a certificate. Your configuration is buggy, critical buggy - https://check-your-website.server-daten.de/?q=shufflemix.de

Checking that domain there are ipv4- and ipv6 addresses.

But your ipv6 has only timeouts. Normally, that means: Creating a Letsencrypt certificate via http validation (your webroot) can’t work. Letsencrypt prefers ipv6 -> your .de domain doesn’t answer.

1 Like

Thanks you where right. I thought a Ctrl - R normally would be enough for clearing the cache but apparrantly it needs to be through clearing history. :sweat_smile: So its working fine now.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.