Wednesday, February 17, 2016

Cannot acess SSL version of mysite [Apache2][SSL][Certbot]



So i just installed let's encrypt ssl certificate via certbot with command



sudo certbot --apache -d mysite.org -d mysite.org


However after succesfull intallation the site simply cant be accessed, i've used a few recommendation from the internet like adding port 443 to ports.conf



Listen 443


NameVirtualHost *:443
Listen 443



Adding VirtualHost *:443 block to 000-default (even tho i'm sure i'm not using that conf)




DocumentRoot /var/www/html/mysite

ServerName mysite.org
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/mysite.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mysite.org/privkey.pem



I've also enabled mod_ssl with a2enmod ssl in my apache, disabled my firewall, and restarting apache everytime i make a change, but nothing happened, my site still can't be accessed via ssl the browser simply said my site is unreachable.



This is how mysite.org.conf looks like (i commented the https redirect) :





ServerName mysite.org
ServerAlias www.mysite.org localhost
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/mysite


Options Indexes FollowSymLinks MultiViews
AllowOverride All

Require all granted


ErrorLog ${APACHE_LOG_DIR}/mysite.org-error.log
CustomLog ${APACHE_LOG_DIR}/mysite.org-acces.log combined
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =www.mysite.org [OR]
#RewriteCond %{SERVER_NAME} =localhost [OR]
#RewriteCond %{SERVER_NAME} =mysite.org
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]




And this is how mysite.org-le-ssl.conf looks like





ServerAdmin admin@mysite.org
ServerName mysite.org
ServerAlias www.mysite.org

DocumentRoot /var/www/html/mysite
SSLCertificateFile /etc/letsencrypt/live/mysite.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mysite.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf




I really have no idea how to solve this problem, could you guys please help me ?




here is the result of




sudo netstat -nlp |grep :443




tcp6       0      0 :::443                  :::*                    LISTEN      16258/apache2   
tcp6 0 0 :::443 :::* LISTEN 16258/apache2
tcp6 0 0 :::443 :::* LISTEN 16258/apache2
tcp6 0 0 :::443 :::* LISTEN 16258/apache2

tcp6 0 0 :::443 :::* LISTEN 16258/apache2
tcp6 0 0 :::443 :::* LISTEN 16258/apache2
tcp6 0 0 :::443 :::* LISTEN 16258/apache2


the result of wget command :



Connecting to mysite.org (mysite.org)|my.public.ip.address|:443... failed: Connection refused.



the result of curl command (my ubuntu somehow cant locate package curl so i did it in windows)



curl: (56) Recv failure: Connection was reset


and yes i can access my site via http and my public ip.


Answer



well i somehow solved it, so my router is configurated to ip forward any person who accessing my ip public to the server ip port 80, and there is no configuration to ip forward to port 443, after added that configuration now i can finally access the site via https.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...