If you want to use www.veplopenhab.ga
, you need to go back to Freenom, and add another A record, just like you did for veplopenhab.ga
.
No… I want to access my server in port 8443 without below error,
I have deleted veplopenhab.ga.conf and veplopenhab.ga.8443.conf.
I run the command “sudo certbot --cert-name veplopenhab.ga”, and a new veplopenhab.ga files has created with 0 KB
You don’t need to get a new certificate to put your server on port 8443.
You just need to change your port 8443 VirtualHost to use the SSLCertificateFile
and SSLCertificateKeyFile
from your port 443 VirtualHost.
You mean I need to create .conf file and put the code for virtual host 443. Inside, I need to mention the location of certificatefile and certificatekey file.
You need to mention the location of the certificate and private key in the port 8443 Virtual Host.
These are, respectively:
SSLCertificateFile /etc/letsencrypt/live/veplopenhab.ga/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/veplopenhab.ga/privkey.pem
I am going to create https.conf file in /etc/apache2/sites-available location.
I will put the below code there,
listen 443
*<VirtualHost :443>
SSLCertificateFile /etc/letsencrypt/live/veplopenhab.ga/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/veplopenhab.ga/privkey.pem
/VirtualHost>
Please suggest me the correct way to implement this.
You said you want to fix https://veplopenhab.ga:8443/.
What server is running on it?
Where and how is it configured?
Are you doing some sort of port forwarding?
Don’t you have an Apache virtual host for port 8443?
What server is running on it?
Server version: Apache/2.4.18 (Ubuntu)
Server built: 2018-06-07T19:43:03
Where and how is it configured?
I have installed Apache2. I have not configured anything.
Are you doing some sort of port forwarding?
I am not sure.
Don’t you have an Apache virtual host for port 8443 ?
I am not sure. In /etc/apache2/site-enabled/https.conf file, I am not seeing any code virtual host 8443.
I am very new this topic. Sorry,I am unable to give you accurate answer…
Please guide me.
You want me to create .conf file and add code like this,
Listen 443
<VirtualHost *:443>
ServerName example.com
SSLEngine On
SSLCertificateFile "C:\Program Files\Atlassian\JIRA\jre\server.crt"
SSLCertificateKeyFile "C:\Program Files\Atlassian\JIRA\jre\server.key"
SSLProxyEngine Off
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://example.com:8080/
ProxyPassReverse / http://example.com:8080/
</VirtualHost>
I am not able to solve this issue, still debugging is in progress.
Can you please provide me the solution to fix this issue ?.
Are you using port 443 or port 8443?
I am using 8443.
LIke this https://my_machine_ip:8443
This may require a symbolic link in the the /etc/apache2/sites-enabled directory.
As that is the usual directory included into the apache configuration.
Maybe you could help us help you by showing a brief of your config highlighting all the key settings:
try:
grep -Eri 'listen|virtualhost|servername|serveralias|sslcert' /etc/apache2/
I am getting these output,
/etc/apache2/sites-available/default-ssl.conf: <VirtualHost _default_:443>
/etc/apache2/sites-available/default-ssl.conf: # SSLCertificateFile directive is needed.
/etc/apache2/sites-available/default-ssl.conf: SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
/etc/apache2/sites-available/default-ssl.conf: SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
/etc/apache2/sites-available/default-ssl.conf: # Point SSLCertificateChainFile at a file containing the
/etc/apache2/sites-available/default-ssl.conf: # the referenced file can be the same as SSLCertificateFile
/etc/apache2/sites-available/default-ssl.conf: #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
/etc/apache2/sites-available/default-ssl.conf: </VirtualHost>
/etc/apache2/sites-available/000-default-le-ssl.conf:<VirtualHost *:443>
/etc/apache2/sites-available/000-default-le-ssl.conf: # The ServerName directive sets the request scheme, hostname and port that
/etc/apache2/sites-available/000-default-le-ssl.conf: # redirection URLs. In the context of virtual hosts, the ServerName
/etc/apache2/sites-available/000-default-le-ssl.conf: #ServerName www.example.com
/etc/apache2/sites-available/000-default-le-ssl.conf:ServerName veplopenhab.ga
/etc/apache2/sites-available/000-default-le-ssl.conf:SSLCertificateFile /etc/letsencrypt/live/veplopenhab.ga-0001/fullchain.pem
/etc/apache2/sites-available/000-default-le-ssl.conf:SSLCertificateKeyFile /etc/letsencrypt/live/veplopenhab.ga-0001/privkey.pem
/etc/apache2/sites-available/000-default-le-ssl.conf:</VirtualHost>
/etc/apache2/sites-available/000-default.conf:<VirtualHost *:80>
/etc/apache2/sites-available/000-default.conf: # The ServerName directive sets the request scheme, hostname and port that
/etc/apache2/sites-available/000-default.conf: # redirection URLs. In the context of virtual hosts, the ServerName
/etc/apache2/sites-available/000-default.conf: #ServerName www.example.com
/etc/apache2/sites-available/000-default.conf:</VirtualHost>
/etc/apache2/mods-available/info.conf: # http://servername/server-info (requires that mod_info.c be loaded).
/etc/apache2/mods-available/status.conf: # with the URL of http://servername/server-status
/etc/apache2/apache2.conf:# supposed to determine listening ports for incoming connections which can be
/etc/apache2/apache2.conf:# If you do not specify an ErrorLog directive within a <VirtualHost>
/etc/apache2/apache2.conf:# logged here. If you *do* define an error logfile for a <VirtualHost>
/etc/apache2/apache2.conf:# Include list of ports to listen on
/etc/apache2/conf-available/servername.conf:ServerName 10.1.68.206
/etc/apache2/conf-available/localized-error-pages.conf:# even on a per-VirtualHost basis. If you include the Alias in the global server
/etc/apache2/conf-available/other-vhosts-access-log.conf:# Define an access log for VirtualHosts that don't define their own logfile
/etc/apache2/ports.conf:# have to change the VirtualHost statement in
/etc/apache2/ports.conf:Listen 80
/etc/apache2/ports.conf: Listen 443
/etc/apache2/ports.conf: Listen 443
There are 3 files of concern in the /etc/apache2/sites-available/
folder.
/etc/apache2/sites-available/default-ssl.conf
/etc/apache2/sites-available/000-default-le-ssl.conf
/etc/apache2/sites-available/000-default.conf
Please show which are actually being used in the config:
Try:
ls -l /etc/apache2/sites-enabled/
grep -Ri 'sites-available' /etc/apache2/
And also which ports are in use:
netstat -pant | grep -i listen
For this command ls -l /etc/apache2/sites-enabled/, I am getting below output
total 0
lrwxrwxrwx 1 root root 35 Dec 6 2017 000-default.conf -> ../sites-available/000-default.conf
lrwxrwxrwx 1 root root 52 Dec 13 15:45 000-default-le-ssl.conf -> /etc/apache2/sites-available/000-default-le-ssl.conf
lrwxrwxrwx 1 root root 29 Dec 11 17:59 https.conf -> ../sites-available/https.conf
For this command grep -Ri ‘sites-available’ /etc/apache2/, I am seeing below output,
For this command netstat -pant | grep -i listen, I am getting below outuput,
ananth@ananth:~$ sudo netstat -pant | grep -i listen
tcp 0 0 0.0.0.0:46023 0.0.0.0:* LISTEN 1196/rpc.mountd
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 1054/mongod
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 1201/redis-server 1
tcp 0 0 0.0.0.0:35757 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1184/rpcbind
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1371/nginx -g daemo
tcp 0 0 127.0.0.1:5939 0.0.0.0:* LISTEN 1777/teamviewerd
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN 1393/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1210/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 5825/cupsd
tcp 0 0 127.0.0.1:8088 0.0.0.0:* LISTEN 1610/influxd
tcp 0 0 0.0.0.0:42074 0.0.0.0:* LISTEN 1196/rpc.mountd
tcp 0 0 0.0.0.0:41790 0.0.0.0:* LISTEN 1196/rpc.mountd
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp6 0 0 :::43945 :::* LISTEN -
tcp6 0 0 127.0.0.1:40235 :::* LISTEN 1608/java
tcp6 0 0 :::44494 :::* LISTEN 1196/rpc.mountd
tcp6 0 0 :::5007 :::* LISTEN 1608/java
tcp6 0 0 :::111 :::* LISTEN 1184/rpcbind
tcp6 0 0 :::8080 :::* LISTEN 1941/java
tcp6 0 0 :::80 :::* LISTEN 1371/nginx -g daemo
tcp6 0 0 :::8086 :::* LISTEN 1610/influxd
tcp6 0 0 :::22 :::* LISTEN 1210/sshd
tcp6 0 0 ::1:631 :::* LISTEN 5825/cupsd
tcp6 0 0 :::47546 :::* LISTEN 1196/rpc.mountd
tcp6 0 0 :::8443 :::* LISTEN 1608/java
tcp6 0 0 :::2049 :::* LISTEN -
tcp6 0 0 :::51363 :::* LISTEN 1196/rpc.mountd
tcp6 0 0 127.0.0.1:8101 :::* LISTEN 1608/java
This introduces a possible 4th file of interest.
But also seems to rule out (unused) file:
/etc/apache2/sites-available/default-ssl.conf
There are 4 port lines of interest here:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1371/nginx -g daemo tcp6 0 0 :::80 :::* LISTEN 1371/nginx -g daemo tcp6 0 0 :::8080 :::* LISTEN 1941/java tcp6 0 0 :::8443 :::* LISTEN 1608/java
From that we can see that nginx is on port 80 and we can use that for cert authentiocation
Port 8443 is where you want to apply the cert but that is owned/run by java... So. I'm not sure how you would add the cert to that config.
You could always use the nginx to proxy to the java service (nginx is a very good proxy).
Please show the file:
/etc/apache2/sites-available/https.conf
I am working in Openhab project and it is based on Java Eclipse.
OpenHAB will use 8080 for http connection and 8443 for https connection. So It is expected I think.