The server unexpectedly closed the connection

davetown · January 12, 2019, 10:27pm

OK, thanks. How do I fix that?

JuergenAuer · January 12, 2019, 10:30pm

If you have a

<VirtualHost *:80>

that works with every ip address. Same with *:443. So you have some restrictions, remove these.

davetown · January 12, 2019, 10:46pm

I think the only difference between the two files apart from the SSL key info at the bottom is that the 443 file begins with and ends with:

Include /etc/letsencrypt/options-ssl-apache.conf

davetown · January 12, 2019, 10:53pm

Sorry that should have read:

begins with <IfModule mod_ssl.c>

and ends with:

Include /etc/letsencrypt/options-ssl-apache.conf``

rg305 · January 13, 2019, 2:25am

I'm not 100% certain this is correct analysis.
Please try:
curl 127.0.0.1:443
does it return the same as:
curl [::1]:443

davetown · January 13, 2019, 5:44am

Both responses are the same:

400 Bad Request

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Apache/2.4.18 (Ubuntu) Server at blackboxstaff.co.uk Port 443

rg305 · January 13, 2019, 5:46am

Ok then to confirm my suspicions please compare:
curl https://127.0.0.1:443
with
curl https://[::1]:443

rg305 · January 13, 2019, 5:47am

[Even though it is kind of already there indirectly]

davetown · January 13, 2019, 5:49am

Both give same response :

curl: (51) SSL: certificate subject name (www.blackboxstaff.co.uk) does not match target host name '127.0.0.1'

curl: (51) SSL: certificate subject name (www.blackboxstaff.co.uk) does not match target host name '::1'

rg305 · January 13, 2019, 5:51am

Well enough.
Apache is listening on IPv4 and IPv6.
And both return the same content (response).

davetown · January 13, 2019, 5:52am

So I wonder where that leaves me. Firewall? I have checked that the router is forwarding 443 and it seems to be.

rg305 · January 13, 2019, 5:53am

Also forward 80 as well.

davetown · January 13, 2019, 5:54am

Yes, sorry it is doing

rg305 · January 13, 2019, 5:55am

OK yes I see 80 connects.
443 seems to fail.

Do you have a firewall?
Is it allowing 443 and also forwarding it?

davetown · January 13, 2019, 6:00am

not sure UFW status is inactive but maybe the router is the issue although surely if the port is forwarded in the router it would not be firewalled?

I should probably use ufw too though should I not?

rg305 · January 13, 2019, 6:03am

That depends largely on your network and how "trusted" the other local devices are.
[typically] The main firewall would only protect you from those outside your internal network.
The local firewall is there to also protect you from those inside that perimeter.

davetown · January 13, 2019, 6:06am

Very small office. No issues with trust within the local area network at this stage. Maybe that would change if the company was bigger in the future.

rg305 · January 13, 2019, 6:08am

OK then can you confirm the firewall is allowing 443 and to which IP, and port, it is forwarding to?

davetown · January 13, 2019, 6:10am

It’s located about half a mile away but I checked it yesterday and the port forwarding was forwarding 80 and 443 to the LAMP server’s IP. I’m less sure about the Firewall as I don’t know enough about it to know what I’m looking at.

rg305 · January 13, 2019, 6:12am

Well, it is kind of a stopping point.
That must be verified.
Before I would continue.

Are you familiar with the Apache logs?
Can you see if there are any port 443 accesses in the logs?