"This site can’t be reached", HTTP Centos 6, Apache 2.2, Let Encrypt


#1

Hi everyone,

I got stuck while installing and config https with my domain.
1.I use this command to install ssl with existing apache virtualhost:
./letsencrypt-auto --apache -d mysite.com -d www.mysite.com
2. This is my configuration files:

  • mysite.com-le-ssl.conf

    NameVirtualHost *:443
    <VirtualHost *:443>
    ServerName mysite.com
    ServerAlias www.mysite.com
    DocumentRoot /var/www/html/mysite.com/public_html/
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/mysite.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/mysite.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/mysite.com/chain.pem


    This result httpd -S:
    *:80 mysite.com (/etc/httpd/sites-enabled/mysite.com.conf:1)
    *:443 is a NameVirtualHost
    default server mysite.com (/etc/httpd/conf.d/ssl.conf:74)
    port 443 namevhost mysite.com (/etc/httpd/conf.d/ssl.conf:74)
    port 443 namevhost mysite.com (/etc/httpd/sites-available/thsp.edu.vn-le-ssl.conf:3)
    alias www.mysite.com

But i can not run my site with https:

# This site can’t be reached

**mysite**  took too long to respond.

Thanks all.


#2

Hi

Please check if your firewall has allowed 443 access…

P.S. we really need your real domain name in order to help you analyize this matter.

Thank you


#3

thanks your reply, this my netstat result:
tcp 0 0 :::443 :::* LISTEN 22753/httpd


#4

Hi,

That’s only listening from your server… It does not tell us anything except that httpd/apache is running

However, you are providing us minimum information that are insufficient to help.

Can you check if iptable are enabled?

Where do you host this site?

and more importantly, what’s your domain name?

Thank you


#5

oh, i’m sory, i don’t know this.
Actually, im using a small vps.
My domain is thsp.edu.vn
This result of service iptables status command:

Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW,ESTABLISHED
2 ACCEPT all – 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3 ACCEPT icmp – 0.0.0.0/0 0.0.0.0/0
4 ACCEPT all – 0.0.0.0/0 0.0.0.0/0
5 ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
6 ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
7 ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306
8 ACCEPT udp – 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:3306
9 REJECT all – 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
10 ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:443

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all – 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Thanks you.


#6

Hi @tuanhmt

your http - version works. You have created a lot of certificates

https://transparencyreport.google.com/https/certificates?cert_search_auth=&cert_search_cert=&cert_search=include_expired:false;include_subdomains:false;domain:thsp.edu.vn&lu=cert_search

so this part works.

What does this mean? Do you have a home server? Is there a second firewall? Or blocks your provider port 443?


#7

I have a similar issue, but on NGINX.

gestaourbana.prefeitura.sp.gov.br

It seems the cert was succesfully generated, but the site doesnt open on https request.
https://transparencyreport.google.com/https/certificates/WucglXkkfEWsCsZCVYfrKXPGuWBbn2tfpfV4FS6HrCE%3D

How can I check the cause of the problem?


#8

Thanks your response.

I dont know why my 443 is closed (checked on some onlin port checker).

my ifconfig:

Link encap:Ethernet HWaddr 00:50:56:BF:7E:B5
inet addr:192.168.100.177 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:febf:7eb5/64 Scope:Link

while external ip is 113.161.116.183. i’m using vps of my school.

thanks.


#9

Hi @tuanhmt ,

It’s suggested to contact your school’s technical support team, since they might close the port 443 for some IPs or it’s not forwarding correctly.

Thank you


#10

Hi @rmgomes,

Please open a new thread…

@moderators can someone please spilt this out?

Thank you


#11

Oh, ok i will.
Another question ? i have a lot of certifications, how to remove it properply ?

Thanks so much.


#12

Thank you for the instruction. I’m opening a new thread.


#13

It’s not required. The Certificate Transparency Logs

are public and read-only, so you can’t remove public certificates there.

If you have used certbot to create them: Use

certbot certificates

to find one of the certificates with two names. Then use this certificate.

You can (local) delete the others with

certbot delete --cert-name example.com

so they are not renewed.


#14

Thats great !!! thank you so much, JuergenAuer.


#15

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.