Website connection insecure on mobile unless you manually prefix with https

On desktop, when I go to benrothman.org or https://benrothman.org the site loads, on mobile when I go to https://benrothman.org the site loads correctly. On mobile, if I go to benrothman.org (without manually typing https://) the browser shows me a warning page saying that the connection to my website is not secure, Does anyone know the reason for this?

My domain is:
benrothman.org

I ran this command:
certbot renew

The operating system my web server runs on is (include version):
Ubuntu 20.04.03

I can login to a root shell on my machine (yes or no, or I don't know):
yes

Probably because you redirect them to an IP address and not your domain name. The client then makes a request to the IP and the cert only has the domain name in it so is a mis-match. My test http request:

curl -I http://benrothman.org

HTTP/1.1 301 Moved Permanently
Server: Apache/2.4.41 (Ubuntu)
Location: https://192.241.135.115/

The Location should be: https://benrothman.org/

3 Likes

@MikeMcQ
so just to see if I am understanding what you are saying, you think the issue is an incorrect DNS record or an incorrect WordPress database value?

No. Your server is redirecting HTTP requests to the wrong name.

Did you configure your Apache server yourself?

3 Likes

@MikeMcQ some of it. Why, where is the incorrect redirect? it is not in the database

it's probably in the .htaccess file on the root directory.

2 Likes

Can you show the output of this command:

apachectl -t -D DUMP_VHOSTS
3 Likes

@jvanasco as in add something to htaccess?

@MikeMcQ

# apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443                  192.241.135.115 (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
*:80                   192.241.135.115 (/etc/apache2/sites-enabled/000-default.conf:4)

Can you show the contents of this file? Please put 3 backticks before and after the output like this:
```
contents of file
```

3 Likes

@MikeMcQ

# Added to mitigate CVE-2017-8295 vulnerability
UseCanonicalName On

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        
        ServerName 192.241.135.115
        ServerAlias www.192.241.135.115
        
        DocumentRoot /var/www/html

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =benrothman.org [OR]
RewriteCond %{SERVER_NAME} =www.192.241.135.115 [OR]
RewriteCond %{SERVER_NAME} =192.241.135.115
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

can you see the issue?

Yes:

where

3 Likes

This is NOT a valid FQDN.
[not one that can be resolved via global DNS]

3 Likes

@rg305

Thank you, but I am unclear on how to fix this,

  1. Delete the line: RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
  2. Change this line ServerAlias www.192.241.135.115 to what?

I'd replace all occurrences of "192.241.135.115" with "benrothman.org".
Then remove the unnecessary duplicate RewriteCond line:

3 Likes

@rg305 yes thank you, that fixed it!

2 Likes

You probably should make similar changes of the domain name in your SSL config as Rudy described for your HTTP VirtualHost.

If you show the contents of this ssl.conf file we can describe the best options.

3 Likes

@MikeMcQ Why is it good to change the ssl conf? What will those changes do?

Probably nothing now. But, just remember if you ever add another domain name to your server it probably won't work. You are relying on Apache's default server name selection and not using SNI as intended (probably, won't know for sure until we see ssl conf).

3 Likes

@MikeMcQ

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        
        ServerName 192.241.135.115
        ServerAlias www.192.241.135.115
        
        DocumentRoot /var/www/html

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

ServerAlias benrothman.org
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias www.benrothman.org
SSLCertificateFile /etc/letsencrypt/live/benrothman.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/benrothman.org/privkey.pem
</VirtualHost>
</IfModule>
1 Like