cURL and SMTP error after SSL and clodflare - ssl

I have a wordpress site.Everything was running fine but after I activated SSL sertificate and Cloudflare things got messed up.
I am trying to send emails via mailgun smtp. but I got this error.
smtp error
I googled for this one and I tried to change from google DNS to openDNS but no success
Also when I want to install a plugin these errors shows up
install error
However I can upload plugins manually so it should not be a permission issue.
I am running Nginx and here are my iptables
iptables
And to check ports Listening
Listen
Since this is curl error I tried to run:
curl -v https://mydomain.info
In a perfect world it should return html but I got this instead:
curl: (6) Could not resolve host: mydomain.info
If anyone has any idea where to look for answers I would really appreciate that.

Related

GitLab SSL certificate error: No account exists

I am trying to setup a self-hosted GitLab instance, everything works except when I try to create a https connection using Let's encrypt. I get the following error when trying to reconfigure the GitLab instance:
There was an error running gitlab-ctl reconfigure:
letsencrypt_certificate[gitlab.***.org] (letsencrypt::http_authorization line 6) had an error: Acme::Client::Error::AccountDoesNotExist: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 41) had an error: Acme::Client::Error::AccountDoesNotExist: No account exists with the provided key
My external_url=https://gitlab.***.org, and on my network I have set port forwarding for both port :80 and :443. I also set the DNS to my IP, this works as the site is reachable when not secured.
Hope someone recognizes the error, I looked all over and didn't see it pop up anywhere.
Best Regards
I had the same problem while I tried to change the url of my GitLab.
I solved this issue thanks to : https://gbe0.com/posts/linux/server/gitlab-acme-account-does-not-exist/, by desactiving the old Acme private key then reloading GitLab config
sudo mv /etc/acme/account_private_key.pem /etc/acme/account_private_key.pem.backup
sudo gitlab-ctl reconfigure

Why can't I see https webpage after using sudo certbot --apache

I've just done a fresh install of Ubuntu 20.04 and followed the Digital Ocean instructions to get my apache server up and running:
https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-20-04
Which worked fine for HTTP traffic, then I used the Digital Ocean instructions (which I knew, but followed them anyway) to set up for SSL (https) access:
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-20-04
I selected the option to redirect all traffic to https. I opened my firewall using sudo ufw allow 'Apache Full'.
But I am unable to see my sites - the browsers just timeout. I have tried disabling ufw just to see, and nope, nothing.
SSL Labs just gives me an "Assessment failed: Unable to connect to the server" error.
I also ran https://check-your-website.server-daten.de/?q=juglugs.com
and it timed out:
I have deleted the letsencrypt stuff and ran through it again three times with the same result, and now I'm stuck...
Everything I've searched points to a firewall error, but as I've said, I've disabled that and have the same result. The router settings have not been changed since I did my fresh Ubuntu install.
Any help gratefully received.
Thanks in advance.
on8tom answered this one for me - In setting up the new build of Ubuntu, my local IP address for the apache server had changed, and my Virgin Media Hub only had port 443 open to the old IP address.
Many thanks for pointing me at that (but I should have checked that before posting this - kicking myself!)

Firefox can find certificate, but curl cannot (while tunneling https through ssh)

Background:
I have a running app at ports 8080 in the remote server and a https ingress proxy at 443 on the same server, which redirects everything to 8080 app after handling the SSL.
What I want to do:
I want to communicate with the app through SSL remotely, while not having access directly to this domain (it is on a local network, I can access the server remotely via a different domain).
What I did:
I tunneled 443 port from my remote server ssh -L 3001:0.0.0.0:443 user#example.com. I then added 127.0.0.1 example.com to my /etc/hosts to make sure that the domain on my system is resolved properly.
Now, what I can do is enter https://example.com:3001/some/thing/ in firefox and it gets me a proper response from the server, while everything is ran through ssl without any problems. I also am able to use curl without checking the certificate: curl --insecure https://example.com:3001/some/thing works fine.
At the same time secure curl call fails: curl https://example.com:3001/some/thing with the error:
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
Just to make sure both are using the same certificates, I actually used this tool: https://curl.haxx.se/docs/mk-ca-bundle.html to create a ca-bundle.crt from the most recent firefox certificates and passed it to curl with --cacert ca-bundle.crt. No luck - the same error. (I also tried following other curl tutorial on getting the local installation of firefox's certs, also no luck).
Question
What is going on? Why is curl's output different from firefox's even if I seem to use the same certificates? How can I debug this?
Side note
The real reason I am concerned about it is that with a normal (local) access to the server, I observed the same behaviour: I could connect to the server through chrome on https, but my react native app could not. I suspect the app to use libcurl under the hood or something similar and I believe debugging this problem could help me understand what's the problem with the app.

Yaws SSL: Decode Error

I've tried running my yaws Web-server (on digital-ocean) by changing my webpage from http://XXX.XX.XX to https://XXX.XX.XX
on the Erlang shell, i get
SSL accept failed: {tls_alert, "decode error"}
the yaws.conf seems to come with a default key and certificate and i haven't made any modifications to that.
could i check what needs to be done to enable SSL? thanks much.
Following the suggestion of Amiramix to check the trace via
curl -v --trace-time --trace-ascii server1.log https://XXX.XX.XX
solved the question.

Does cURL to https URLs require SSL certificate installed on the server?

I am trying to test a cURL command from my server. The command is requesting a JSON response from a URL that is https.
The cURL seems to be stuck, with no response and it doesn't time out.
However, I have tested it from my local machine and the cURL command works fine.
Do I need an SSL certificate installed on the server for it be able to send cURL commands to an https URL?
No you don't need an SSL cert to send a command like curl via https (unless your server uses two way ssl).
You DO need one at the other end for the https server that receives the command from curl.
However if it's a self signed cert then it may not be recognised by curl and you may get an error instead of a successful connection.
The fact the process is hanging suggests a network/connectivity issue rather than an SSL issue. Can you telnet to the machine using port 443 or does that hang too?
telnet www.example.com 443
Should respond.