This site can’t provide a secure connection

My domain is:
https://www.formazionefarmacovigilanza.it

My web server is (include version):
Apache/2.4.18 (Ubuntu)
The operating system my web server runs on is (include version):
Ubuntu 16.04
My hosting provider, if applicable, is:
Aruba
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
certbot 0.39.0

I ran this commands:

sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Attempting to parse the version 0.39.0 renewal configuration file found at /etc/letsencrypt/renewal/formazionefarmacovigilanza.it.conf with version 0.23.0 of Certbot. This might not work.

Found the following certs:
Certificate Name: formazionefarmacovigilanza.it
Domains: formazionefarmacovigilanza.it www.formazionefarmacovigilanza.it
Expiry Date: 2020-01-16 07:08:41+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/formazionefarmacovigilanza.it/fullchain.pem
Private Key Path: /etc/letsencrypt/live/formazionefarmacovigilanza.it/privkey.pem

grep -Eri ‘servername|serveralias’ /etc/apache2

/etc/apache2/mods-available/info.conf: # http:// servername /server-info (requires that mod_info.c be loaded).

/etc/apache2/mods-available/status.conf: # with the URL of http:// servername /server-status

/etc/apache2/sites-available/000-default.conf: # The ServerName directive sets the request scheme, hostname and port that

/etc/apache2/sites-available/000-default.conf: # redirection URLs. In the context of virtual hosts, the ServerName

/etc/apache2/sites-available/000-default.conf: # ServerName www.example.com

/etc/apache2/sites-available/formazionefarmacovigilanza.it.conf: ServerName www.formazionefarmacovigilanza.it

/etc/apache2/sites-available/formazionefarmacovigilanza.it.conf: # ServerAlias www.example2.com #If using alternate names for a host

grep -Eri ‘SSLProtocol|SSLCipherSuite’ /etc/apache2

/etc/apache2/mods-available/ssl.conf: SSLCipherSuite HIGH:!aNULL

/etc/apache2/mods-available/ssl.conf: # the CPU cost, and did not override SSLCipherSuite in a way that puts

/etc/apache2/mods-available/ssl.conf: SSLProtocol all -SSLv3

netstat -pant | grep -i listen
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 31704/sshd
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 5456/mysqld
tcp6 0 0 :::22 :::* LISTEN 31704/sshd
tcp6 0 0 :::443 :::* LISTEN 36128/apache2
tcp6 0 0 :::80 :::* LISTEN 36128/apache2

Still I get no secure connection… what am I doing wrong here?
Thanks to anyone who can help!

Hi @giuliogatto

checking your domain there are some errors - https://check-your-website.server-daten.de/?q=formazionefarmacovigilanza.it

The output is too long to copy.

First, you have a lot of ip addresses. But there are different answers, some don't answer (timeout), some have an answer.

Critical

http://formazionefarmacovigilanza.it:443/
80.211.3.161

sends a http status 303, a redirect to http://www.formazionefarmacovigilanza.it.

So port 443 isn't a https-port, it's a http port.

http://www.formazionefarmacovigilanza.it:443/
80.211.3.161

is also a http port.

There is no certificate created, not old, not new.

Ah, Google sees one new certificate, created today. So you have one certificate, but it's not installed. So it's only an installation problem.

What says

apachectl -S

Perhaps try

certbot -d formazionefarmacovigilanza.it -d www.formazionefarmacovigilanza.it --reinstall

Certbot should find the certificate and should try to reinstall it.

If that doesn't work, remove all of your wrong port 443 vHosts (disable these hosts), then try it again.

Hi JuergenAuer, first of all thank you for your very quick reply!

apachectl -S
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 80.211.3.161. Set the ‘ServerName’ directive globally to suppress this message
VirtualHost configuration:
*:80 80.211.3.161 (/etc/apache2/sites-enabled/000-default.conf:1)
ServerRoot: “/etc/apache2”
Main DocumentRoot: “/var/www/html”
Main ErrorLog: “/var/log/apache2/error.log”
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: “/var/run/apache2/apache2.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name=“www-data” id=33
Group: name=“www-data” id=33

certbot -d formazionefarmacovigilanza.it -d www.formazionefarmacovigilanza.it --reinstall

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certbot doesn’t know how to automatically configure the web server on this system. However, it can still get a certificate for you. Please run “certbot certonly” to do so. You’ll need to manually configure your web server to use the resulting certificate.

Do you think the problem is in my apache2 conf, then? I am not an expert so I configured both default-ssl.conf and formazionefarmacovigilanza.it.conf inside sites-available/…

That's

part of the problem.

Show the content of that file.

Perhaps there is a missing

ServerName formazionefarmacovigilanza.it
ServerAlias www.formazionefarmacovigilanza.it

Then

apachectl -S

again.

The error says exact that: Your configuration is incomplete.

Thank you JuergenAuer!
running sudo a2ensite * in /sites-available/ fixed my problem.
I had indeed an incomplete apache2 conf

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.