Why is https activated with other domains without certs

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: http://

It produced this output: https://

My web server is (include version): apache 2.4
The operating system my web server runs on is (include version): ubuntu 20.04 Zorin 16.2

My hosting provider, if applicable, is: self

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I have a certificate for one domain say mysite.com which has a mysite-ssl.conf file for 443.
When I enter mysite.com in the browser it redirects the http:// to https:// which it is supposed to do but instead of going through my router to the apache server, it stops at the router admin login page.
Router says 443 is set aside for it's http:/. Remote I guess.

That is one problem I have to fix but the other is when I put another domain say mysite2.com into the browser it too redirects http:// to https:// although there is no certificate and no mysite2-ssl-conf file.

do see a 000-defaukt-ssl.conf file though which is maybe doing it.

As this is other domain uses the http:// it also ended up at the router admin login.

How can I only get the correct one to use the http:// redirect ?

Thank you

You are the hoster
You run the server [the web service]

But you are also using Apache so I suspect that you may not be a pro at this.
So, I'll treat you more as a novice.

You need to review the Apache configuration.
I'd start with the output of:
apachectl -t -D DUMP_VHOSTS

The "short" answer is:
Because you only have one HTTP vhost and it catches all names and redirects them all to HTTPS.

Yes a novice for sure but getting there..albeit slowly

So how do I stop that redirect from the non cert doms happening please?

apachectl -t -D DUMP_VHOSTS
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:443 is a NameVirtualHost
default server celebritymc.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost celebritymc.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost celebritymc.com (/etc/apache2/sites-enabled/celebritymc-ssl.conf:1)
alias www.celebritymc.com
port 443 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/default-ssl.conf:2)
*:80 is a NameVirtualHost
default server 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/celebritymc-ssl.conf:7)
port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/celebritymc.conf:1)
port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/johnnyokeefe.conf:1)
port 80 namevhost 127.0.1.1 (/etc/apache2/sites-enabled/ozstar.conf:1)

Let's have a look at this file:

Also, using an IP address in the VirtualHost definition is not recommended.

GNU nano 4.8 000-default.conf

<VirtualHost *:80>
        Redirect permanent / http://celebritymc.com/

        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

So that we can see the whole file, try using:
cat /etc/apache2/sites-enabled/000-default.conf

Until then, you should see the redirect there:

Which will redirect ALL requests to that HTTP site.
And since this is the only HTTP server block, then it gets ALL the HTTP requests.

So..., we should have a look at the files:

I also noticed some name:IP overlapping:

Two vhost configs [in two different files] are serving the same name on port 443 (OR trying to).

>   GNU nano 4.8                           celebritymc-ssl.conf                                     
> <VirtualHost *:443>
> ServerName celebritymc.com
> ServerAlias www.celebritymc.com
> 
> </VirtualHost>
> 
> <VirtualHost *:80>
> 
> ServerAdmin webmaster@sydneybiz.com
> DocumentRoot /var/www/celebritymc
> 
> <Directory />
>    Options FollowSymLinks
>    AllowOverride None
>    Require all denied
> </Directory>
> 
> <Directory /usr/share>
>    AllowOverride None
>    Require all granted
> </Directory>
> 
> <Directory /var/www/celebritymc>
>      Options Indexes FollowSymLinks
>      AllowOverride None
>  Require all granted
> </Directory>
> </VirtualHost>
> 
> ErrorLog  ${APACHE_LOG_DIR}/error-celebritymc.log
> CustomLog ${APACHE_LOG_DIR}/access-celebritymc.log combined
------------------

>  GNU nano 4.8                             celebritymc.conf                                       
> <VirtualHost *:80>
> ServerAdmin webmaster@sydneybiz.com
> DocumentRoot /var/www/celebritymc
> </VirtualHost>
> 
> <Directory />
>    Options FollowSymLinks
>    AllowOverride None
>    Require all denied
> </Directory>
> 
> <Directory /usr/share>
>    AllowOverride None
>    Require all granted
> </Directory>
> 
> <Directory /var/www/celebritymc>
>      Options Indexes FollowSymLinks
>      AllowOverride None
>      Require all granted
> </Directory>
> 
> ErrorLog  ${APACHE_LOG_DIR}/error-celebritymc.log
> CustomLog ${APACHE_LOG_DIR}/access-celebritymc.log combined

This section needs to be deleted:

This section has no servername nor alias:

This section has no servername nor alias nor does it end the VirtualHost block:

Oh dear Many thanks for finding these stupid errors. Fixing asap.

I corrected the mistakes but not sure how to test.

Many thanks again

Restart Apache and reshow:
apachectl -t -D DUMP_VHOSTS

nano index.html
root@zorin162-VirtualBox:/var/www/html/ozstar# apachectl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443 is a NameVirtualHost
default server celebritymc.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost celebritymc.com (/etc/apache2/sites-enabled/000-default-le-ssl.conf:2)
port 443 namevhost localhost (/etc/apache2/sites-enabled/default-ssl.conf:2)
*:80 is a NameVirtualHost
default server localhost (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost localhost (/etc/apache2/sites-enabled/000-default.conf:1)
port 80 namevhost celebritymc.com (/etc/apache2/sites-enabled/celebritymc-ssl.conf:1)
alias www.celebritymc.com
port 80 namevhost celebritymc.com (/etc/apache2/sites-enabled/celebritymc.conf:1)
alias www.celebritymc.com
port 80 namevhost localhost (/etc/apache2/sites-enabled/johnnyokeefe.conf:1)
port 80 namevhost ozstar.com (/etc/apache2/sites-enabled/ozstar.conf:1)
alias www.ozstar.com

I am also checking the A zone and name servers of ozstar.com at the registry

It does on line 4 already.

Yes thank you. Apache is working fine as I had already corrected this and all seems to be fine.
The non cert domains are not redirecting to https:// and the cert domain is, although still stopping at the router.
My next challenge is to somehow use another port instead of 443 yet still have it all working as it should.

Have had wonderful help here, thanks again.

OR
Maybe... you could tell the router to use some other port instead of 443.

Yes I guess this is my answer once I know if it is safe to do so. I am waiting on the router manufacturer to advise me if it is possible and how to do it if it is. Not sure just what it is using 443 for, maybe even to see the router admin in a browser Just have to be sure there are no holes for baddies to enter.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.