Can we have a look at this file?:
Voici le fichier :
ServerRoot "/etc/httpd"
Listen 80
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule mime_module modules/mod_mime.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
User http
Group http
ServerAdmin admin
ServerName *:80
<Directory />
Options FollowSymLinks
AllowOverride All
RewriteEngine on
RewriteCond %{HTTP:Transfer-Encoding} chunked
RewriteRule ^(.*)$ http://localhost:412/$1 [P]
</Directory>
<Directory "/var/services/web">
Options MultiViews FollowSymLinks ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<Directory "/usr/syno/synoman/phpsrc/web">
Options MultiViews FollowSymLinks ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/usr/syno/synoman/empty/web">
Options MultiViews FollowSymLinks ExecCGI
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Alias /.well-known/acme-challenge /var/lib/letsencrypt/.well-known/acme-challenge
<Directory /var/lib/letsencrypt/.well-known/acme-challenge>
Order allow,deny
Allow from all
</Directory>
<IfModule dir_module>
DirectoryIndex index.html index.htm index.cgi index.php index.php5
</IfModule>
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
ErrorLog /var/log/httpd/user-error_log
#ErrorLog /dev/null
TraceEnable off
LogLevel error
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog /dev/null combined
#CustomLog /var/log/httpd/user-access_log combined
</IfModule>
<IfModule alias_module>
Alias /webman/pingpong.php /usr/syno/synoman/phpsrc/pingpong.php
</IfModule>
ScriptSock /run/httpd/user-cgisock
DefaultType text/plain
<IfModule mime_module>
TypesConfig conf/mime.types
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType image/x-icon .ico
AddHandler cgi-script .cgi
</IfModule>
MIMEMagicFile conf/magic
<IfDefine HAVE_PHP>
Alias /webdefault/ "/usr/syno/synoman/phpsrc/web/"
</IfDefine>
<IfDefine !HAVE_PHP>
Alias /webdefault/ "/usr/syno/synoman/empty/web/"
</IfDefine>
<IfDefine HAVE_PHP>
ErrorDocument 403 /webdefault/error.html
ErrorDocument 404 /webdefault/error.html
ErrorDocument 500 /webdefault/error.html
Include conf/extra/mod_fastcgi.conf
</IfDefine>
EnableMMAP off
Include conf/extra/httpd-mpm.conf-user
Include conf/extra/httpd-autoindex.conf-user
Include conf/extra/httpd-languages.conf-user
Include conf/extra/httpd-default.conf-user
<IfDefine SSL>
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
</IfDefine>
<IfModule deflate_module>
DeflateCompressionLevel 2
AddOutputFilterByType DEFLATE text/html text/plain text/xml
AddOutputFilter DEFLATE js css
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.[0678] no-gzip
BrowserMatch \bMSIE\s7 !no-gzip !gzip-only-text/html
</IfModule>
<Files *.js>
Header unset Etag
</Files>
<Files *.css>
Header unset Etag
</Files>
# For CVS-2001-1446
<Files ~ "^\.([Hh][Tt]|[Dd][Ss]_[Ss])">
Order allow,deny
Deny from all
Satisfy All
</Files>
# For @eaDir
<DirectoryMatch "@eaDir">
Order allow,deny
Deny from all
Satisfy All
</DirectoryMatch>
# For CVE-2003-1418
FileETag MTime Size
<VirtualHost *:80>
Include sites-enabled-user/*.conf
</VirtualHost>
include conf/extra/mod_xsendfile.conf-user
Include conf/extra/httpd-reqtimeout.conf
Include conf/extra/httpd-proxy-autoconf.conf-user
Include /etc/httpd/sites-enabled-user/httpd-vhost.conf-user
DocumentRoot "/var/services/web"
OK I think we need to look at the included files:
Please show:
ls -l /etc/httpd/sites-enabled/*.conf
and then the contents of the very few files that should be there.
DiskStation> ls -l /etc/httpd/sites-enabled/*.conf
-rw-r--r-- 1 root root 336 Mar 20 2014 /etc/httpd/sites-enabled/SYNO.SDS.App.FileStation3.Instance.alt_port.conf
-rw-r--r-- 1 root root 515 Mar 20 2014 /etc/httpd/sites-enabled/SYNO.SDS.App.FileStation3.Instance.alt_port_ssl.conf
-rw-r--r-- 1 root root 337 Oct 26 2013 /etc/httpd/sites-enabled/SYNO.SDS.AudioStation.Application.alias.conf
lrwxrwxrwx 1 root root 79 Jun 4 02:15 /etc/httpd/sites-enabled/ssliveview.alias.conf -> /var/packages/SurveillanceStation/target/ui/apache_module/ssliveview.alias.conf
lrwxrwxrwx 1 root root 75 Jun 4 02:15 /etc/httpd/sites-enabled/ssrtsp.alias.conf -> /var/packages/SurveillanceStation/target/ui/apache_module/ssrtsp.alias.conf
SYNO.SDS.App.FileStation3.Instance.alt_port.conf
Listen 7000
NameVirtualHost *:7000
<VirtualHost *:7000>
SetEnv REWRITE_APP SYNO.SDS.App.FileStation3.Instance
RewriteEngine on
RewriteOptions Inherit
Include conf/extra/httpd-alt-port-rewrite-default.conf
</VirtualHost>
SYNO.SDS.App.FileStation3.Instance.alt_port_ssl.conf
Listen 7001
NameVirtualHost *:7001
<VirtualHost *:7001>
SetEnv REWRITE_APP SYNO.SDS.App.FileStation3.Instance
SSLCipherSuite HIGH:MEDIUM
SSLProtocol all -SSLv2
SSLCertificateFile /usr/syno/etc/ssl/ssl.crt/server.crt
SSLCertificateKeyFile /usr/syno/etc/ssl/ssl.key/server.key
SSLEngine on
RewriteEngine on
RewriteOptions Inherit
Include conf/extra/httpd-alt-port-rewrite-default.conf
</VirtualHost>
SYNO.SDS.AudioStation.Application.alias.conf
RewriteEngine on
RewriteRule ^/audio$ /usr/syno/synoman/webman [L,E=REWRITE_APP:SYNO.SDS.AudioStation.Application]
RewriteRule ^/audio/(.*) /usr/syno/synoman/webman/$1 [L,E=REWRITE_APP:SYNO.SDS.AudioStation.Application]
ssliveview.alias.conf
RewriteEngine on
RewriteRule ^/audio$ /usr/syno/synoman/webman [L,E=REWRITE_APP:SYNO.SDS.AudioStation.Application]
RewriteRule ^/audio/(.*) /usr/syno/synoman/webman/$1 [L,E=REWRITE_APP:SYNO.SDS.AudioStation.Application]
/etc/httpd/sites-enabled/ssliveview.alias.conf
<IfModule !ssliveview_module>
LoadModule ssliveview_module modules/mod_ssliveview.so
</IfModule>
<Directory "/usr/syno/synoman/webman/3rdparty/SurveillanceStation/cgi/">
<Files liveview_src.cgi>
SetHandler ssliveview_handler
</Files>
</Directory>
<Directory "/usr/syno/synoman/webman/3rdparty/SurveillanceStation/cgi/">
<Files get_camstatus.cgi>
SetHandler ssliveview_handler
</Files>
</Directory>
<Directory "/usr/syno/synoman/webman/3rdparty/SurveillanceStation/cgi/">
<Files cmsRedirect.cgi>
SetHandler ssliveview_handler
</Files>
</Directory>
ssrtsp.alias.conf
<IfModule !ssrtsp_module>
LoadModule ssrtsp_module modules/mod_ssrtsp.so
</IfModule>
<Directory "/usr/syno/synoman/webman/3rdparty/SurveillanceStation/cgi/">
<Files rtsp.cgi>
SetHandler ssrtsp_handler
</Files>
</Directory>
Let's have a look at this file - not sure if that is where the secure site operates at.
That section seems to be missing a lot.
Plus I don't see where it ends...
Try using 3 back ticks before and after your add text.
Like:
```
your text
```
I have edited my posts for insert 3 back ticks. I hope is helpfull
I fail to find this location anywhere in your post:
I do see that is the cert path, no need to show the file.
Found it:
I guess you could put a test file in that location and see if it is accessible from the Internet.
echo "test" >> /var/lib/letsencrypt/.well-known/acme-challenge/test-file
http://your.domain/.well-known/acme-challenge/test-file
I test a file, on local network I access to them without problem.
From the internet I’ve a timeout, my NAS is very slowly. So i reboot it but after from internet i always a timeout.
Which internal IP does your router port forward ports 80 and 443 to?
Is that the same IP as the NAS?
[be sure your ISP is not blocking port 80]
I get this for port 80 from outside:
curl -Iki http://home.rolland.net/
curl: (7) Failed to connect to home.rolland.net port 80: No route to host
and these for port 443:
curl -Iki https://home.rolland.net/
curl: (7) Failed to connect to home.rolland.net port 443: Connection refused
curl -Iki https://home.rolland.net/
HTTP/1.1 403 Forbidden
Date: Thu, 04 Jun 2020 08:17:01 GMT
Server: Apache
Last-Modified: Tue, 26 Apr 2016 09:33:13 GMT
ETag: "1e5-5315ffb666840"
Accept-Ranges: bytes
Content-Length: 485
Vary: Accept-Encoding
Content-Type: text/html
I checked le nat configuration, internet port 80 is translate to a wrong IP on my local network
I changed the config and execute again the renew of the certificate
Now HTTP access changed but is still unable to find the test file:
curl -Iki http://home.rolland.net/.well-known/acme-challenge/test-file
HTTP/1.1 404 Not Found
Date: Thu, 04 Jun 2020 08:24:07 GMT
Server: Apache
Last-Modified: Tue, 26 Apr 2016 09:33:13 GMT
ETag: "1e5-5315ffb666840"
Accept-Ranges: bytes
Content-Length: 485
Vary: Accept-Encoding
Content-Type: text/html
The file name is : testMR.html
Don’t end it with .html
That doesn’t match the file type that will be used.
ok, the acme.sh script is in progress and I passed sucessfuly the check
Then the problem has been fixed.
You’re welcome.
Yes :
[Thr Jun 4 10:25:13 CEST 2020] Cert success.
[Thr Jun 4 10:25:13 CEST 2020] Your cert is in /volume1/homes/admin/acme/home.rolland.net/home.rolland.net.cer
[Thr Jun 4 10:25:13 CEST 2020] Your cert key is in /volume1/homes/admin/acme/home.rolland.net/home.rolland.net.key
[Thr Jun 4 10:25:13 CEST 2020] APP
[Thr Jun 4 10:25:13 CEST 2020] Your cert is in /volume1/homes/admin/acme/home.rolland.net/home.rolland.net.cer
[Thr Jun 4 10:25:13 CEST 2020] Your cert key is in /volume1/homes/admin/acme/home.rolland.net/home.rolland.net.key
[Thr Jun 4 10:26:04 CEST 2020] Run reload cmd: /usr/syno/sbin/synoservicecfg --reload httpd-sys
[Thr Jun 4 10:26:07 CEST 2020] Reload success
To resume :
- my server wasn’t served the HTTP 80 requests => I launch webserver on port 80
- The NAT on my Freebox haven’t translation port on 80 => I add it on Freebox admin console
- I upgraded the acme.sh by command :
./acme.sh --upgrade
- I copied my domain directory to the new directory of acme :
cp -p -R home.rolland.net/ /volume1/homes/admin/acme
- I renew my certificate with this command :
./acme.sh --renew -d home.rolland.net
Thank you very much for your time and attention
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.