Virtualmin servers not working after adding LetsEncrypt certificate

ShillongServer · 2019-02-04 11:49:14 UTC

Server Information:

OS: Ubuntu 14.04
Web Server: Apache 2.4.7
Webmin: 1.900
Virtualmin: 6.04

What I have tried/done so far:

Initial attempt: Used certbot instead of the Virtualmin feature to add LetsEncrypt certificate. More info here: https://askubuntu.com/questions/1115202/internal-server-error-after-installing-letsencrypt-ssl-certificate-and-uninstall

Second Attempt: Manually remove /etc/letsencrypt folder and deleting all -le-ssl.conf files then retrying certbot. More info here: https://askubuntu.com/questions/1115487/403-forbidden-error-on-all-sites-after-adding-ssl-certificate

Third Attempt: Following the guide here: How to Use Let’s Encrypt SSL Certificate Automatically in Virtualmin / Webmin, I have managed to overwrite the certbot certificate that I initally tried adding with the Virtualmin generated certificate and also successfully redirected my site from http to https automatically. But now the error has changed from 403 to Internal Server Error 500 for this particular site. The other non-sll sites all redirects to the above site instead. Please help me.

rg305 · 2019-02-04 20:07:51 UTC

What is the site name/URL?
Can you show the vhost config for that site?

ShillongServer · 2019-02-04 20:35:19 UTC

I end up deleting the SSL site just to see if it works but it didn’t. Now I only have two virtual servers with a WordPress site on each and one virtual server which has a static site loaded from an index.html file. One of the wordpress sites return an Internal Server error and the other just load the files of the static site from the other virtual server instead.

Internal server error site
Site that loads html file from the static files server instead
Site with static html

rg305 · 2019-02-04 20:38:16 UTC

I also see what you see…
Can you show the configuration file for the wyrta site?

ShillongServer · 2019-02-04 21:09:58 UTC

The conf file for wyrta.com has the following:

<VirtualHost 104.223.117.136:80>
SuexecUserGroup "#1007" "#1006"
ServerName wyrta.com
ServerAlias www.wyrta.com
ServerAlias webmail.wyrta.com
ServerAlias admin.wyrta.com
ServerAlias wyrta.shillongserver.com
ServerAlias www.wyrta.shillongserver.com
DocumentRoot /home/wyrta/public_html
ErrorLog /var/log/virtualmin/wyrta.com_error_log
CustomLog /var/log/virtualmin/wyrta.com_access_log combined
ScriptAlias /cgi-bin/ /home/wyrta/cgi-bin/
ScriptAlias /awstats/ /home/wyrta/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/wyrta/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/wyrta/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/wyrta/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/wyrta/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine off
RewriteCond %{HTTP_HOST} =webmail.wyrta.com
RewriteRule ^(.*) https://wyrta.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.wyrta.com
RewriteRule ^(.*) https://wyrta.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
IPCCommTimeout 31
FcgidMaxRequestLen 1073741824
<Files awstats.pl>
AuthName "wyrta.com statistics"
AuthType Basic
AuthUserFile /home/wyrta/.awstats-htpasswd
require valid-user
</Files>
</VirtualHost>

rg305 · 2019-02-04 21:26:06 UTC

Perhaps adding something like this may fix it:

ShillongServer · 2019-02-05 06:17:42 UTC

@rg305 I have added that to the vhost conf but the problem persists. What could be the problem?

rg305 · 2019-02-05 12:36:15 UTC

I don’t completely understand your config file, so I can’t say with any certainty.
But it seems to mishandle the challenge requests.

You could try temporarily disabling the handlers…

ShillongServer · 2019-02-05 12:39:49 UTC

@rg305 How do I do that? And if possible, can you guide me on completely removing the certificate(s) so I could re-initiate the installation using the virtualmin LetsEncrypt feature. I think the certbot approach is conflicting with virtualmin or something.

rg305 · 2019-02-05 12:42:45 UTC

That makes sense.

Please show:
ls -l /etc/apahce2/sites-enabled/

ShillongServer · 2019-02-05 12:47:13 UTC

lrwxrwxrwx 1 root root 35 Aug 23  2015 000-default.conf -> ../sites-available/000-default.conf
lrwxrwxrwx 1 root root 42 Aug 23  2015 raiot.in.conf -> /etc/apache2/sites-available/raiot.in.conf
lrwxrwxrwx 1 root root 43 Dec  2  2015 sacsaa.in.conf -> /etc/apache2/sites-available/sacsaa.in.conf
lrwxrwxrwx 1 root root 47 Feb  3 17:30 shillong.work.conf -> /etc/apache2/sites-available/shillong.work.conf
lrwxrwxrwx 1 root root 52 Aug 29  2015 shillongserver.com.conf -> /etc/apache2/sites-available/shillongserver.com.conf
lrwxrwxrwx 1 root root 43 Sep  1  2015 wyrta.com.conf -> /etc/apache2/sites-available/wyrta.com.conf

I have manually deleted all -le-ssl files as well as the /etc/letsencrypt folder earlier hoping it’ll fix this but it didn’t.

rg305 · 2019-02-05 12:53:14 UTC

At this point there doesn’t seem to be any certs in use (all files are gone).
After restarting the web server, try the virtualmin approach.

ShillongServer · 2019-02-05 12:55:32 UTC

I did that. Now one of the virtual server returns an Internal Server Error and the other returns

(sitename) redirected you too many times

rg305 · 2019-02-05 12:58:03 UTC

OK. You need to comment out the redirects.
[they have nowhere to go to (yet)]