Website is still http

My domain is: nextcloud.onelk-server.de

I ran this command:
certbot --apache -m admin@mail.de -d
nextcloud.onelk-server.de

My web server is (include version): apache2.4.41

The operating system my web server runs on is (include version):
Ubuntu Server 20.04.1 LTS

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Not sure (I am using Nextcloud)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot0.40.0

I am running a Nextcloud server in my home network.
I used a ddns address from no-ip.com to run this server.
With the ddns address, https worked fine.

Today I rent a domain which directs via CNAME to the ddns address (due to IP change).

I entered the command above to create the certificate for the new URL but it still says „insecure“.

What can I do now?

I hope that my explanation is clear.

2 Likes

Welcome to the Let's Encrypt Community, Leon :slightly_smiling_face:

Is nextcloud.onelk-server.de the domain name you rented? If not, you need to include that domain name in your certbot command to acquire a certificate for it.

1 Like

Also, there is a missing http to https redirect for nextcloud.onelk-server.de.

1 Like

The explanation is clear, but for some reason you've removed the "It produced this output:" question from the questionnaire.

As @griffin already said, there is a missing HTTP to HTTPS redirect. Your HTTPS is working fine, but you don't notice it, unless you type https:// manually due to the missing redirect.

Certbot with --apache should have asked you if you'd like such a redirect. Maybe you've entered "Yes" there and something went wrong, but without the actual output, it's hard to say. You can reread your output in the log file in /var/log/letsencrypt/.

Also notice that you've already managed to issue four certificates yesterday! Do realise that if there is an issue with the installation of a certificate or something else not certificate issuance related that it's unnecessary to reissue the certificate time after time again. This could lead to rate limits and in my opinion is plainly abusing the free Let's Encrypt service by using precious resources for no good reason.

Please find the issue for the missing redirect without issuing any more certificates: you've got plenty, the certificate is working fine, just a missing redirect.

2 Likes

Hi @griffin,

thanks for your response.

I have rent onelk-server.de as my domain and nextcloud.onelk-server.de is my subdomain.

How can I ensure that it is being redirected via https?

The time I created the certificate I selected option 2 which should redirect all traffic.

@Osiris,

thanks for your reply too!

I will upload the log as soon I am able to.

Yes, I created multiple certificates.
Sorry for that!

Have a nice day to all of you! :slight_smile:

Alright.
It does not seem to work on every device.
On my Edge browser it says secure but on Safari for iOS it still says not secure.

So the problem is not solved and I still need help.
If you see my next post saying that everything is working, it is not!

It seems like that Safari take HTTP automatically.
When I type HTTPS in the address bar, I can see the little lock symbol which means secure.

2 Likes

What's the output of apachectl -S ?

1 Like

It does not seem to be formatted well, cause I had to do it on my phone with a terminal app.

1 Like

I tried it like a minute ago and now it automatically redirects to https

1 Like

Nope.

Using redirect-checker.org ...

http://nextcloud.onelk-server.de
302 Found
http://nextcloud.onelk-server.de/login
200 OK
https://nextcloud.onelk-server.de
302 Found
https://nextcloud.onelk-server.de/login
200 OK
1 Like

Please show the contents of these two files:

/etc/apache2/sites-enabled/nextcloud.conf
/etc/apache2/sites-enabled/nextcloud-le-ssl.conf
1 Like

Nextcloud sets the Strict-Transport-Security HTTP header, so once your browser loads the site through HTTPS, the HSTS info is saved. Therefore it will look like there is a redirect in place for @leon47331, which actually is just the browser defaulting to HTTPS due to HSTS. No redirect in place indeed.

@leon47331 Please use webbased checkers such as the one used by @griffin and not your browser.

3 Likes

That's a good observation! :astonished:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.