Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have just set up a SSL Certificate and it was successfully installed.
On testing at the ssllab.com site, I got this message Assessment failed: Unable to connect to the server
I have set it so it redirects http to https and as checked that I have allowed 80 and 443 through ufw.
When I use the address say, mysite.com or http://mysite.com or https://mysite they all resolve at my router.
They don't go through it to the site via 443 or 80.
It worked fine before I told it to redirect to the https:// address so.
Any ideas please to get it working.
EDIT: I just checked port forward on the router and 80 is okay but 443 wasn't.
I tried to use it but got message can't use it as..
Port is used by router for HTTPS
How do I get around this. It is a Netcomm NF18 MESH.
EDIT: Did a sudo netstat -ntupl | grep :443 and got the following but not sure what it means.
Quote:
tcp6 0 0 :::443 :::* LISTEN 615/apache2
Should my virtual host .conf file have 443 in it as well as *80 ?
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,800
Rep:
Quote:
Originally Posted by ozstar
EDIT: I just checked port forward on the router and 80 is okay but 443 wasn't.
Perhaps you need to configure port 443 on your router? I'm not familiar with that router; hopefully another reader is.
Ensure that your ISP is not doing any blocking of the ports you'll need. From personal experience, a non-business account that include a static IP address is no guarantee that the ISP isn't blocking ports. (Just what one would do with a static IP with port blocking is a little beyond me (garden-variety web servers only, maybe?) but I found out the hard way at least one major ISP offers such a configuration.)
Quote:
EDIT: Did a sudo netstat -ntupl | grep :443 and got the following but not sure what it means.
Hmm... looks like only IPv6 packets for port 443 are being listened for. This looks like an Apache configuration file problem.
Quote:
Should my virtual host .conf file have 443 in it as well as *80 ?
How is SSL being handling inside your network? On my setup, I have anything headed to port 443 directly to a (Nginx) proxy server which has an "upstream" block defined to forward HTTP traffic to a proxy_pass definition for the web server listening on 8080. As such, I do not have Apache set up up to be listening on 443. Much will depend on your LAN configuration (firewall, proxy server (if any), web server, etc.)
Since you're using Apache for your web server, there is good information in the its manual. (Probably at "localhost/manual/ssl/" if you enabled the "/manual" location in the Apache configuration but definitely at "http://httpd.apache.org/docs/2.4/" if you didn't.) I'd start doing some leisure reading there.
HTH...
Last edited by rnturn; 12-03-2022 at 02:47 PM.
Reason: Added comment about the IPv6 listener on port 443.
I am guessing your router is using https for remote management. If you are the one configuring the router, then you should turn this option off because anyone knowing the login/password can reconfigure your router. Then you probably can port forward.
Wekk I took a look in the NF18Nettcomm MESH and found this reference to 443, the only one in the admin. Not sure what it means and if it is related to my trouble.
Can you connect to your site from the Ubuntu PC itself and other PCs on the LAN using https?
Does redirecting work on the Ubuntu PC as well as other LAN PCs?
The router access control page is not port forwarding. I assume the problem lies from trying to access the website from inside the LAN. Try accessing your website from an external IP address. Try Turning the WiFi off on your mobile phone and connecting to your Public IP or URL.
It all worked fine with http until I got the certificate and tried to port forward 443. The router refused to allow it and that's when it all went south :-)
These are the trying to connect via browsers scenarios..
From inside the Zorin16.2 (ubuntu20.04) VirtualBox where I have the server, in the FF browser with https I get to the front door of my IP (192.168.20.1) the gateway where it shows the admin login of my router
but with just http I get a 'Unable to connect page.
From the browser of the host Linux which is also the same os as VB, for both http and https I get from Firefox, Unable to connect.
From the browser of that same host with 127.0.0.1, I get the apache index.html (Then again this was not given a certificate)
From a Windows PC on the LAN the Brave browser says 'ERR_CONNECTION_REFUSED' with both http and https and also 127.0.0.1
I am currently looking at my apache config which I assume is now no good since the certificate site added code to the conf files etc for the 443.
It's a mess and I'd like to be able to undo the certificate and get back to normal the n start again, but so far the Let's Encrypt form doesn't respond to that request.
Yes I tried inside network but still no go.
I checked apache and looks like you're right..
This is the message I get form a status command. How can I correct this please?
root@zorin162-VirtualBox:~# systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2022-12-06 20:22:24 AEDT; 11h ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 585 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
Dec 06 20:22:20 zorin162-VirtualBox systemd[1]: Starting The Apache HTTP Server...
Dec 06 20:22:24 zorin162-VirtualBox apachectl[610]: AH00526: Syntax error on line 12 of /etc/apache2/sites-enabled/mysitemc-ssl.conf:
Dec 06 20:22:24 zorin162-VirtualBox apachectl[610]: <Directory> directive requires additional arguments
Dec 06 20:22:24 zorin162-VirtualBox apachectl[585]: Action 'start' failed.
Dec 06 20:22:24 zorin162-VirtualBox apachectl[585]: The Apache error log may have more information.
Dec 06 20:22:24 zorin162-VirtualBox systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Dec 06 20:22:24 zorin162-VirtualBox systemd[1]: apache2.service: Failed with result 'exit-code'.
Dec 06 20:22:24 zorin162-VirtualBox systemd[1]: Failed to start The Apache HTTP Server.
root@zorin162-VirtualBox:~#
Dec 06 20:22:24 zorin162-VirtualBox apachectl[610]: AH00526: Syntax error on line 12 of /etc/apache2/sites-enabled/mysitemc-ssl.conf:
Dec 06 20:22:24 zorin162-VirtualBox apachectl[610]: <Directory> directive requires additional arguments
I'd recommend looking at those errors and figuring out the soln, otherwise you'll likely make the same mistake again.
To provide "closure" for this thread, would you please add just one more post detailing what the problem turned out to be, and how you resolved it?
It's frustrating when you find a thread which seems to describe the same problem you're dealing with, and it just ends with "I fixed it!"
---
When you get a new router, always change the admin password to something non-trivial, and run a "software update." If your router provides for "automatic software updates," turn that option on. If it provides a firewall, turn that on and configure it appropriately. If it provides "easy configuration" for client computers, or "remote configuration," turn that off. You never know how long that piece of equipment has been sitting in a warehouse – I once bought a "new" unit whose software was three years old. This is the computer that is "sitting on the front porch of your house," and like any computer it can have vulnerabilities.
Last edited by sundialsvcs; 12-08-2022 at 10:27 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.