HTTPS set up problem 20.04

Hi,

I have just set up a SSL Certificate and it was successfully installed.

On testing at the ssllab.com site, I got this message Assessment failed: Unable to connect to the server

I have set it so it redirects http to https and as checked that I have allowed 80 and 443 through ufw.

When I use the address say, mysite.com or http://mysite.com or https://mysite they all resolve at my router.
They don't go through it to the site via 443 or 80.

It worked fine before I told it to redirect to the https:// address so.

Any ideas please to get it working.

EDIT: I just checked port forward on the router and 80 is okay but 443 wasn't.

I tried to use it but got message can't use it as..

Port is used by router for HTTPS

How do I get around this. It is a Netcomm NF18 MESH.

EDIT: Did a sudo netstat -ntupl | grep :443 and got the following but not sure what it means.
Should my virtual host .conf file have 443 in it as well as *80 ?

Perhaps you need to configure port 443 on your router? I'm not familiar with that router; hopefully another reader is.

Ensure that your ISP is not doing any blocking of the ports you'll need. From personal experience, a non-business account that include a static IP address is no guarantee that the ISP isn't blocking ports. (Just what one would do with a static IP with port blocking is a little beyond me (garden-variety web servers only, maybe?) but I found out the hard way at least one major ISP offers such a configuration.)

Hmm... looks like only IPv6 packets for port 443 are being listened for. This looks like an Apache configuration file problem.

How is SSL being handling inside your network? On my setup, I have anything headed to port 443 directly to a (Nginx) proxy server which has an "upstream" block defined to forward HTTP traffic to a proxy_pass definition for the web server listening on 8080. As such, I do not have Apache set up up to be listening on 443. Much will depend on your LAN configuration (firewall, proxy server (if any), web server, etc.)

Since you're using Apache for your web server, there is good information in the its manual. (Probably at "localhost/manual/ssl/" if you enabled the "/manual" location in the Apache configuration but definitely at "http://httpd.apache.org/docs/2.4/" if you didn't.) I'd start doing some leisure reading there.

HTH...

I am guessing your router is using https for remote management. If you are the one configuring the router, then you should turn this option off because anyone knowing the login/password can reconfigure your router. Then you probably can port forward.

Yes elgrandeperro I am the only one other than the ISP when needed. I didn't think of ythat and will take a look to see if that can be done.

rnturn yes I will look into that too. Was going fine until I decided to get the certificate, then whammo.


Thank you both.

Wekk I took a look in the NF18Nettcomm MESH and found this reference to 443, the only one in the admin. Not sure what it means and if it is related to my trouble.

Attached Thumbnails

 

Can you connect to your site from the Ubuntu PC itself and other PCs on the LAN using https?
Does redirecting work on the Ubuntu PC as well as other LAN PCs?

The router access control page is not port forwarding. I assume the problem lies from trying to access the website from inside the LAN. Try accessing your website from an external IP address. Try Turning the WiFi off on your mobile phone and connecting to your Public IP or URL.

Thank you

It all worked fine with http until I got the certificate and tried to port forward 443. The router refused to allow it and that's when it all went south :-)

These are the trying to connect via browsers scenarios..

From inside the Zorin16.2 (ubuntu20.04) VirtualBox where I have the server, in the FF browser with https I get to the front door of my IP (192.168.20.1) the gateway where it shows the admin login of my router
but with just http I get a 'Unable to connect page.

From the browser of the host Linux which is also the same os as VB, for both http and https I get from Firefox, Unable to connect.
From the browser of that same host with 127.0.0.1, I get the apache index.html (Then again this was not given a certificate)

From a Windows PC on the LAN the Brave browser says 'ERR_CONNECTION_REFUSED' with both http and https and also 127.0.0.1

I am currently looking at my apache config which I assume is now no good since the certificate site added code to the conf files etc for the 443.

It's a mess and I'd like to be able to undo the certificate and get back to normal the n start again, but so far the Let's Encrypt form doesn't respond to that request.

Sorry to present such a mess guys !!

Are you using IPv4 to connect to your https site or IPv6 ?

Did you try connecting to your https site from inside the network as michaelk suggested ?

Looks like a apache misconfiguration issue again to me.

you are supposed to connect to the website ip from the lan , not 127.0.0.1.

Yes I tried inside network but still no go.
I checked apache and looks like you're right..

This is the message I get form a status command. How can I correct this please?


root@zorin162-VirtualBox:~# systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2022-12-06 20:22:24 AEDT; 11h ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 585 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)

Dec 06 20:22:20 zorin162-VirtualBox systemd[1]: Starting The Apache HTTP Server...
Dec 06 20:22:24 zorin162-VirtualBox apachectl[610]: AH00526: Syntax error on line 12 of /etc/apache2/sites-enabled/mysitemc-ssl.conf:
Dec 06 20:22:24 zorin162-VirtualBox apachectl[610]: <Directory> directive requires additional arguments
Dec 06 20:22:24 zorin162-VirtualBox apachectl[585]: Action 'start' failed.
Dec 06 20:22:24 zorin162-VirtualBox apachectl[585]: The Apache error log may have more information.
Dec 06 20:22:24 zorin162-VirtualBox systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Dec 06 20:22:24 zorin162-VirtualBox systemd[1]: apache2.service: Failed with result 'exit-code'.
Dec 06 20:22:24 zorin162-VirtualBox systemd[1]: Failed to start The Apache HTTP Server.
root@zorin162-VirtualBox:~#

Attached Thumbnails

 

Is it best I uninstall apache and delete all the 'sites-*' folders and conf files and start again, then re setup the certificate?

I'd recommend looking at those errors and figuring out the soln, otherwise you'll likely make the same mistake again.

Thank you. Yes I did and found the mistakes. Now moving on hopefully to a happy ending :-)

To provide "closure" for this thread, would you please add just one more post detailing what the problem turned out to be, and how you resolved it?

It's frustrating when you find a thread which seems to describe the same problem you're dealing with, and it just ends with "I fixed it!"

---

When you get a new router, always change the admin password to something non-trivial, and run a "software update." If your router provides for "automatic software updates," turn that option on. If it provides a firewall, turn that on and configure it appropriately. If it provides "easy configuration" for client computers, or "remote configuration," turn that off. You never know how long that piece of equipment has been sitting in a warehouse – I once bought a "new" unit whose software was three years old. This is the computer that is "sitting on the front porch of your house," and like any computer it can have vulnerabilities.