I am facing a problem of certificate SSL.
I have a dedicated host, and I cannot get what I am missing to receive the error by navigator:
Chrome:
NET::ERR_CERT_COMMON_NAME_INVALID
Mozilla:
SSL_ERROR_BAD_CERT_DOMAIN
Messages in browser are quite similar:
Impossible to verify from server that it is truly domain: site2.com, because its certif of security come from *.sub.site1.com. It may come from a bad config or connection getting catch by pirate. (translated message)
So it seems that the certificate is not taken while it goes threw vitrual box:
<VirtualHost *:80>
ServerName www.site2.com
ServerAlias site2.com
Redirect permanent / https://site2.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.site2.com
ServerAlias site2.com
DocumentRoot /var/www/site2
Protocols h2 http:/1.1
<If "%{HTTP_HOST} == 'www.site2.com'">
Redirect permanent / https://site2.com/
</If>
ErrorLog ${APACHE_LOG_DIR}/site2-error.log
CustomLog ${APACHE_LOG_DIR}/site2-access.log combined
SSLEngine On
SSLCertificateFile /home/certifs/site2.crt
SSLCertificateKeyFile /home/certifs/site2.key
SSLCertificateChainFile /home/certifs/site2.pem
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCompression off
SSLUseStapling on
<Directory /var/www/site2/>
Options FollowSymlinks
AllowOverride All
Require all granted
</Directory>
<Directory /var/www/site2/>
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*) index.php [PT,L]
</Directory>
</VirtualHost>
FInaly, if I choose to go anyway to the website it is arriving to a sign in gitlab page like:
site2.com/users/sign_in
For information server works with apache2 and debian, and we have gitlab install.
Thank you in advance for your help.
The problem was that in apache2, I was creating well the conf file into the site-available folder. But I was never adding it to site-enabling folder.
Executing the command "a2ensite site2.conf" Fix this problem.
To check if you a enable well your site, I advice you to execute this command: apachectl -S. Please check this subject to because it may change depending your server config: How to debug an apache virtual host configuration?
Related
I'm using certbot to set up an ssl certificate on a domain (mydigitalbalance.com). I am changing the domain from a previous staging domain that I was using in order to do testing. In order to make sure there were no conflicts, I followed certbot's apache2 instructions and completely deleted all previous certificates that were on the server as well as certbot itself.
I re-installed certbot following the instructions, added two certificates for the naked domain and for www, and re-started apache.
However as you can see if you go to the URL, it is still showing as an insecure website.
I wanted to take a closer look at the certificate so in chrome I clicked on "Not Secure" in the url bar, and clicked on Certificate.
It says on the first dropdown that the certificate is invalid:
However when you click into the certificate itself, it correctly says it's a valid cert and that it is not expired and was issued by Lets Encrypt:
What is happening here? how do I fix it?
I completely commented out all the default .conf information on my setup, and the only conf is for mydigitalbalance.com, here is my mydigitalbalance.conf:
# Added to mitigate CVE-2017-8295 vulnerability
UseCanonicalName On
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName mydigitalbalance.com
ServerAlias www.mydigitalbalance.com
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mydigitalbalance.com [OR]
RewriteCond %{SERVER_NAME} =mydigitalbalance.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
and here is the mydigitalbalance-le-ssl.conf that was automatically generated when i restarted apache:
GNU nano 4.8 mydigitalbalance-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName mydigitalbalance.com
ServerAlias www.mydigitalbalance.com
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.mydigitalbalance.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.mydigitalbalance.com/privkey.pem
</VirtualHost>
</IfModule>
Is this a propagation issue?
I have a server which maintains multiple domains using VirtualHost and I'm trying to setup GitWeb according to Gitweb - ArchWiki.
According to the wiki, I have to append the lines below to an Apache config file.
Alias /gitweb "/usr/share/gitweb"
<Directory "/usr/share/gitweb">
DirectoryIndex gitweb.cgi
Options ExecCGI
Require all granted
<Files gitweb.cgi>
SetHandler cgi-script
</Files>
SetEnv GITWEB_CONFIG /etc/gitweb.conf
</Directory>
After this, Alias works and I can access the service by accessing one of
192.168.10.102/gitweb/ (local IP)
https://my_domain_1.com/gitweb/
https://my_domain_2.com/gitweb/
...
So far, everything's okay.
Now I'd like to limit the effect of the Alias to one domain: my_domain_1.com. So I moved the lines above inside its existing VirtualHost settings.
<VirtualHost *:80>
DocumentRoot "/var/www/html1"
ServerName my_domain_1.com
# The lines are pasted here.
RewriteEngine on
RewriteCond %{SERVER_NAME} =my_domain_1.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} END,NE,R=permanent]
</VirtualHost>
However, when I access https://my_domain_1.com/gitweb/, 404 error occurs. The error log says nothing and I have no .htaccess for the domain.
How can I make it work?
I found the solution.
Since I requested that all of http requests should be redirected to the https versions, I should have written the gitweb settings not in <VirtualHost *:80> (http) but in <VirtualHost *:443> (https). The result should be
<VirtualHost *:443>
DocumentRoot "/var/www/html1"
ServerName my_domain_1.com
# The lines are pasted here.
SSLCertificateFile /etc/letsencrypt/live/my_domain_1.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my_domain_1.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Now it works perfectly.
Due to the fact that this is a sensitive client project, all uses of the domain name I'm talking about have been replaced with "example.com".
I am managing a public website whose Let's Encrypt certificate expired recently. So I followed the DigitalOcean tutorial here and used certbot-auto renew to renew the certificate (yes, I ran sudo service apache2 reload afterwards). It worked, but the problem is that the site now serves both the new certificate and the expired one, and it seems like a random selection happens. Sometimes the site is trusted by the browser because it receives the new one, other times the browser rejects the expired certificate. Even running the site through the SSL Labs analyzer gives an A grade sometimes and a failure other times.
What could possibly be causing both certificates to continue to be used when my configuration explicitly includes only the new one? I'm very confused.
Running certbot-auto renew right now gives this result:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/example.com.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal
The following certs are not due for renewal yet:
/etc/letsencrypt/live/example.com/fullchain.pem (skipped)
No renewals were attempted
Apache's sites-enabled directory looks like this:
000-default.conf 000-default-le-ssl.conf
And the configuration for each are as follows:
000-default.conf
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
000-default-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ServerName example.com
</VirtualHost>
</IfModule>
I was able to solve the issue by calling sudo service apache2 stop to stop apache, and then running ps aux | grep apache. I discovered that there were multiple instances of apache running. So I killed them and started apache up again, and everything is now working.
I am trying to configure my SSL certificate on a Ubuntu 15.10 box. I have installed the certificate files and the private key in the required directory:
SSLCertificateFile /etc/apache2/ssl-certs/pts.crt
SSLCertificateKeyFile /etc/apache2/ssl-certs/msk.key
SSLCertificateChainFile /etc/apache2/ssl-certs/intermediate.crt
When I do sudo service apache2 restart I am then prompted to Enter passphrase for SSL/TLS keys for www.mydomain.com:443 (RSA): ******** and since this process reports back with no errors, I am assuming that I have at least installed the certificates and private key correctly, otherwise I would have expected an error at this stage.
My problem is that I receive ERR_CONNECTION_REFUSED when trying to load the site.
Here is my backup copy of the VirtualHost entry for the SSL site that I am using. Are there any obvious problems with this file?
I should also add that when I use this configuration, not only does the intended site fail to load, but it also causes all other sites for this apache2 box to fail to load also. Any ideas?
`<VirtualHost *:80>
ServerName mydomain.com
ServerAlias www.mydomain.com
ServerAdmin daniel#mydomain.com
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost 172.30.30.21:443>
ServerName www.mydomain.com
ServerAlias mydomain.com
ServerAdmin me#mydomain.com
SSLEngine on
SSLProtocol all
SSLCertificateFile /etc/apache2/ssl-certs/pts.crt
SSLCertificateKeyFile /etc/apache2/ssl-certs/msk.key
SSLCertificateChainFile /etc/apache2/ssl-certs/intermediate.crt
DocumentRoot /home/apts/Dropbox/mydomain.com/
<Directory /home/apts/Dropbox/mydomain.com/>
<IfModule mod_rewrite.c>
<IfModule mod_ssl.c>
# <Location /squirrelmail>
RewriteEngine on
RewriteCond %{HTTPS} !^on$ [NC]
RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [L]
# </Location>
</IfModule>
</IfModule>
SSLOptions +StrictRequire
Options +FollowSymLinks -Indexes +MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
SSLVerifyClient none
SSLProxyEngine off
</VirtualHost>`
I have a rails 3 app running with following stack:
ubuntu lucid lynx, apache2, passenger hosted on Amazon EC2
When accessed over http, the pages load and the site has no problems at all.
Then i installed a valid SSL cert on the webserver. When i try to access the same url over https, and it looks like passenger is not being activated. instead, in the browser, the folder structure of the rails application is rendered.
What configuration changes or modifications do I need to make to Apache and/or Passenger so that the https URL returns the same thing as the corresponding http url?
You need something like this:
<VirtualHost *:80>
ServerName orders.xxx.com
DocumentRoot "/var/www/html/ps-main/current/public"
CustomLog /var/log/apache2/orders common
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://orders.xxx.com%{REQUEST_URI}
NameVirtualHost *:443
RailsEnv production
<Directory /var/www/html/ps-main>
AllowOverride all
Options -MultiViews
</Directory>
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
CustomLog /var/log/apache2/orders common
ServerAdmin webmaster#xxx.com.com
ServerName orders.xxx.com
SSLCertificateFile /etc/ssl/cert.crt
SSLCertificateKeyFile /etc/ssl/server.key
SSLCertificateChainFile /etc/ssl/intermediate.pem
# SSLProtocol all
SSLCipherSuite HIGH:MEDIUM
DocumentRoot /var/www/html/ps-main/current/public
<Directory /var/www/html/ps-main/current/public>
Options -MultiViews
AllowOverride all
</Directory>
</VirtualHost>
This will redirect all http traffic to https. If that's not what you need, remove the redirects.