Website is still http

leon47331 · March 22, 2021, 12:48am

I ran this command:
certbot --apache -m admin@mail.de -d
nextcloud.onelk-server.de

My web server is (include version): apache2.4.41

The operating system my web server runs on is (include version):
Ubuntu Server 20.04.1 LTS

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Not sure (I am using Nextcloud)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot0.40.0

I am running a Nextcloud server in my home network.
I used a ddns address from no-ip.com to run this server.
With the ddns address, https worked fine.

Today I rent a domain which directs via CNAME to the ddns address (due to IP change).

I entered the command above to create the certificate for the new URL but it still says „insecure“.

What can I do now?

I hope that my explanation is clear.

griffin · March 22, 2021, 5:48am

Welcome to the Let's Encrypt Community, Leon

Is nextcloud.onelk-server.de the domain name you rented? If not, you need to include that domain name in your certbot command to acquire a certificate for it.

griffin · March 22, 2021, 5:49am

Also, there is a missing http to https redirect for nextcloud.onelk-server.de.

Osiris · March 22, 2021, 6:48am

The explanation is clear, but for some reason you've removed the "It produced this output:" question from the questionnaire.

As @griffin already said, there is a missing HTTP to HTTPS redirect. Your HTTPS is working fine, but you don't notice it, unless you type https:// manually due to the missing redirect.

Certbot with --apache should have asked you if you'd like such a redirect. Maybe you've entered "Yes" there and something went wrong, but without the actual output, it's hard to say. You can reread your output in the log file in /var/log/letsencrypt/.

Also notice that you've already managed to issue four certificates yesterday! Do realise that if there is an issue with the installation of a certificate or something else not certificate issuance related that it's unnecessary to reissue the certificate time after time again. This could lead to rate limits and in my opinion is plainly abusing the free Let's Encrypt service by using precious resources for no good reason.

Please find the issue for the missing redirect without issuing any more certificates: you've got plenty, the certificate is working fine, just a missing redirect.

leon47331 · March 22, 2021, 9:37am

Hi @griffin,

thanks for your response.

I have rent onelk-server.de as my domain and nextcloud.onelk-server.de is my subdomain.

How can I ensure that it is being redirected via https?

The time I created the certificate I selected option 2 which should redirect all traffic.

@Osiris,

thanks for your reply too!

I will upload the log as soon I am able to.

Yes, I created multiple certificates.
Sorry for that!

Have a nice day to all of you!

Alright.
It does not seem to work on every device.
On my Edge browser it says secure but on Safari for iOS it still says not secure.

So the problem is not solved and I still need help.
If you see my next post saying that everything is working, it is not!

It seems like that Safari take HTTP automatically.
When I type HTTPS in the address bar, I can see the little lock symbol which means secure.

griffin · March 22, 2021, 4:26pm

What's the output of apachectl -S ?

leon47331 · March 23, 2021, 9:11am

It does not seem to be formatted well, cause I had to do it on my phone with a terminal app.

leon47331 · March 23, 2021, 9:15am

I tried it like a minute ago and now it automatically redirects to https

griffin · March 23, 2021, 5:56pm

Nope.

Using redirect-checker.org ...

http://nextcloud.onelk-server.de
302 Found
http://nextcloud.onelk-server.de/login
200 OK

https://nextcloud.onelk-server.de
302 Found
https://nextcloud.onelk-server.de/login
200 OK

griffin · March 23, 2021, 6:31pm

Please show the contents of these two files:

/etc/apache2/sites-enabled/nextcloud.conf
/etc/apache2/sites-enabled/nextcloud-le-ssl.conf

Osiris · March 23, 2021, 6:32pm

Nextcloud sets the Strict-Transport-Security HTTP header, so once your browser loads the site through HTTPS, the HSTS info is saved. Therefore it will look like there is a redirect in place for @leon47331, which actually is just the browser defaulting to HTTPS due to HSTS. No redirect in place indeed.

@leon47331 Please use webbased checkers such as the one used by @griffin and not your browser.

griffin · March 23, 2021, 6:34pm

That's a good observation!

system · April 22, 2021, 6:35pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot --apache error Help	54	187	November 19, 2024
Ssl with ddns, apache2 and nextcloud Help	9	3019	October 10, 2019
Certbot failed to authenticate domain for Nextcloud Help	7	1485	December 27, 2022
Error : The page isn’t redirecting properly Help	11	34	January 7, 2025
Failed authorization procedure. The server could not connect to the client Help	9	1945	April 1, 2018

Website is still http

Related topics