tuanhmt
September 10, 2018, 5:48pm
1
Hi everyone,
I got stuck while installing and config https with my domain.
1.I use this command to install ssl with existing apache virtualhost:
./letsencrypt-auto --apache -d mysite.com -d www.mysite.com
2. This is my configuration files:
mysite.com-le-ssl.conf
NameVirtualHost *:443
<VirtualHost *:443>
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /var/www/html/mysite.com/public_html/
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mysite.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mysite.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/mysite.com/chain.pem
This result httpd -S:
*:80 mysite.com (/etc/httpd/sites-enabled/mysite.com.conf:1)
*:443 is a NameVirtualHost
default server mysite.com (/etc/httpd/conf.d/ssl.conf:74)
port 443 namevhost mysite.com (/etc/httpd/conf.d/ssl.conf:74)
port 443 namevhost mysite.com (/etc/httpd/sites-available/thsp.edu.vn-le-ssl.conf:3)
alias www.mysite.com
But i can not run my site with https:
# This site can’t be reached
**mysite** took too long to respond.
Thanks all.
Hi
Please check if your firewall has allowed 443 access…
P.S. we really need your real domain name in order to help you analyize this matter.
Thank you
1 Like
tuanhmt
September 10, 2018, 6:02pm
3
thanks your reply, this my netstat result:
tcp 0 0 :::443 :::* LISTEN 22753/httpd
Hi,
That's only listening from your server.... It does not tell us anything except that httpd/apache is running
However, you are providing us minimum information that are insufficient to help.
Can you check if iptable are enabled?
Where do you host this site?
and more importantly, what's your domain name?
Thank you
1 Like
tuanhmt
September 10, 2018, 6:10pm
5
oh, i'm sory, i don't know this.
Actually, im using a small vps.
My domain is thsp.edu.vn
This result of service iptables status
command:
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW,ESTABLISHED
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306
8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:3306
9 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Thanks you.
Hi @tuanhmt
your http - version works. You have created a lot of certificates
https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:thsp.edu.vn&lu=cert_search
so this part works.
What does this mean? Do you have a home server? Is there a second firewall? Or blocks your provider port 443?
1 Like
rmgomes
September 10, 2018, 7:13pm
7
I have a similar issue, but on NGINX.
gestaourbana.prefeitura.sp.gov.br
It seems the cert was succesfully generated, but the site doesnt open on https request.
https://transparencyreport.google.com/https/certificates/WucglXkkfEWsCsZCVYfrKXPGuWBbn2tfpfV4FS6HrCE%3D
How can I check the cause of the problem?
1 Like
tuanhmt
September 10, 2018, 7:23pm
8
JuergenAuer:
certificates
Thanks your response.
I dont know why my 443 is closed (checked on some onlin port checker).
my ifconfig
:
Link encap:Ethernet HWaddr 00:50:56:BF:7E:B5
inet addr:192.168.100.177 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:febf:7eb5/64 Scope:Link
...
while external ip is 113.161.116.183. i'm using vps of my school.
thanks.
1 Like
Hi @tuanhmt ,
It’s suggested to contact your school’s technical support team, since they might close the port 443 for some IPs or it’s not forwarding correctly.
Thank you
1 Like
Hi @rmgomes ,
Please open a new thread…
@moderators can someone please spilt this out?
Thank you
tuanhmt
September 10, 2018, 7:30pm
11
Oh, ok i will.
Another question ? i have a lot of certifications, how to remove it properply ?
Thanks so much.
rmgomes
September 10, 2018, 7:30pm
12
Thank you for the instruction. I’m opening a new thread.
It's not required. The Certificate Transparency Logs
are public and read-only, so you can't remove public certificates there.
If you have used certbot to create them: Use
certbot certificates
to find one of the certificates with two names. Then use this certificate.
You can (local) delete the others with
certbot delete --cert-name example.com
so they are not renewed.
tuanhmt
September 10, 2018, 7:37pm
14
Thats great !!! thank you so much, JuergenAuer.
1 Like
system
Closed
October 10, 2018, 7:37pm
15
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.