LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > CentOS
User Name
Password
CentOS This forum is for the discussion of CentOS Linux. Note: This forum does not have any official participation.

Notices


Reply
  Search this Thread
Old 03-09-2018, 04:45 PM   #1
Basher52
Member
 
Registered: Mar 2004
Location: .SE
Distribution: Arch
Posts: 410

Rep: Reputation: 22
Question Httpd too many redirects


I'm stuck

OS: CentOS 7:
Quote:
Linux xxxxxxxxx 3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25 20:13:58 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Whenever I set a webserver up I always redirect the ... to
Quote:
yada.wutever
... thus without the 'www'. Just because I think those letters are totally useless.

Now I'm trying to install a webserver with SSL added using http://letsencrypt.org (see, no www )
It works 'locally' thus on the server itself using 'curl';

Code:
curl http://sitename
curl http://www.sitename
curl https://sitename
but with
Code:
https://www.sitename
I get this error:
Quote:
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
I also get some errors in external browsers like Firefox in windows with them all, some tells me it ain't a secure connection others tells me 'the page isn't redirecting properly'.

and YES, I've used google, I might even overloaded it at some point

PS, making an update as I post this to get the latest, just in case, but I doubt it.

What have I missed?


UPDATE: You need to ask what you need to see 'cos I have no idea it can be

Last edited by Basher52; 03-09-2018 at 04:59 PM.
 
Old 03-09-2018, 10:42 PM   #2
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.9.2009
Posts: 5,776

Rep: Reputation: 2226Reputation: 2226Reputation: 2226Reputation: 2226Reputation: 2226Reputation: 2226Reputation: 2226Reputation: 2226Reputation: 2226Reputation: 2226Reputation: 2226
Does the cert not cover www.sitename?

Have you redirected https://www.sitename to https://sitename?
The redirect should kick in before the cert is checked. (I think)

If you drill down (click on the padlock) in Firefox you should be able to see the specifics of the mis-match.
 
1 members found this post helpful.
Old 03-09-2018, 11:10 PM   #3
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,286
Blog Entries: 24

Rep: Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238
Your cert will have to include both forms, www and non-www.

You can include both in a LetsEncrypt cert by something like this in the CSR (signing request):

Code:
DNS:sitename.com, subjectAltName=DNS:www.sitename.com
It doesn't matter that there is a redirect, the https://www.whatever request itself must be secure in itself, and obviously it is not.

If you still have problems after getting the dual named cert, it would be helpful if you could post the server directive that you are using to perform the redirect, and tell us where you do that (i.e. in the vhost config, in the main server config, or in a .htaccess).

Last edited by astrogeek; 03-09-2018 at 11:11 PM. Reason: typ0, defang url
 
2 members found this post helpful.
Old 03-10-2018, 11:53 AM   #4
scasey
LQ Veteran
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.9.2009
Posts: 5,776

Rep: Reputation: 2226Reputation: 2226Reputation: 2226Reputation: 2226Reputation: 2226Reputation: 2226Reputation: 2226Reputation: 2226Reputation: 2226Reputation: 2226Reputation: 2226
My mis-understanding. I am redirecting example.net to https://example.com successfully, but an attempt to go to https://example.net results in a cert warning, even when coding a redirect for example.net in the ssl.conf. So, I was mistaken, and as astrogeek points out, an https call requires that the domain being called have its own cert.

So, #2 was wrong. Sorry...but fun to learn

Last edited by scasey; 03-10-2018 at 11:54 AM.
 
2 members found this post helpful.
Old 03-10-2018, 01:57 PM   #5
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,286
Blog Entries: 24

Rep: Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238Reputation: 4238
Easy mistake to make.

Think of it this way: The redirect is the response to the https://www.whatever request. The request was via secure protocol, so the response, be it redrect, error or data, must be via secure protocol as well. If for any reason that is not possible, then the user must be made aware that it is not secure - any other behavior would make the protocol untrustworthy!
 
1 members found this post helpful.
Old 03-14-2018, 04:47 PM   #6
Basher52
Member
 
Registered: Mar 2004
Location: .SE
Distribution: Arch
Posts: 410

Original Poster
Rep: Reputation: 22
Yep, that worked, had to cert both www and @
thx guys
 
  


Reply

Tags
httpd, letsencrypt.org, redirects, ssl, www or no www


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
errors when install httpd (libtool: link: cannot find the library /httpd-2) rookie5 Linux - Server 7 08-16-2015 12:41 PM
httpd 2.4 "Error too many redirects" when accessing web page Altiris Linux - Software 1 08-02-2015 08:03 AM
Can not restart httpd”File size limit exceeded(core dumped) $HTTPD -DSSL” sreejithedl Linux - Server 2 10-12-2009 11:24 AM
Starting httpd: httpd: Syntax error on line 209 of /etc/httpd/conf/httpd.conf: Syntax sethukpathi Linux - Networking 6 04-12-2008 11:26 AM
service httpd status, results in httpd dead but subsys locked squadja Red Hat 2 09-11-2004 10:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > CentOS

All times are GMT -5. The time now is 08:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration