Submitted by hasse_basse on Wed, 01/11/2017 - 09:57 Pro Licensee
Hi,
SSL does not work on any of my domains. I had one of theese very bad days indeed and hapend to delete the full home directory. Luckely I had backups of most of my material. What I had backups on is now up running but I cannot connect to any of the sites over https.
I use home made / created by webmin, certificates as earlier but I can't conect to the server over https. Chrome gives me this message "ERR_SSL_PROTOCOL_ERROR" , Edge simply says it can't reach the page and Opera says it couldn't fullfill a secure transaction.
Please help as I can't connect to the Admin on any of my sites as they are forced to HTTPS.
Hans
Status:
Closed (fixed)
Comments
Submitted by andreychek on Wed, 01/11/2017 - 10:09 Comment #1
Howdy -- sorry to hear you're having a problem with SSL!
If you look in Edit Virtual Server -> Enabled Features, is the SSL Website feature enabled?
Submitted by hasse_basse on Wed, 01/11/2017 - 10:21 Pro Licensee Comment #2
Yes, SSL is enabled on all sites. This worked fine until I had to reinstall the sites. I've tried SSL on pure HTML pages as well and it is the same problem there.
Submitted by hasse_basse on Wed, 01/11/2017 - 10:25 Pro Licensee Comment #3
As a small comment, I remeber that while I worked with restoring the sites I was proposed to upgrade to Virtualmin 5.05 and so I did so I can't be sure if it is me doing something worng or if you have manged to make a bug in the 5.05.
Submitted by andreychek on Wed, 01/11/2017 - 10:35 Comment #4
There shouldn't be anything in the latest Virtualmin that would cause a problem with SSL, though we'll certainly help troubleshoot what's going on so we can get to the bottom of it.
Do you have an example of a website that's experiencing a problem?
That would help us understand what's going on a bit better.
Submitted by hasse_basse on Wed, 01/11/2017 - 10:43 Pro Licensee Comment #5
This a pure html with some home brewed php, so it is not a CMS.
https://www.armoire-ignifuge.fr
Works fine in http but not at all in https
Submitted by andreychek on Wed, 01/11/2017 - 11:08 Comment #6
Hmm, it's not sending any SSL certificate at all when connecting on the SSL port.
Here's where I think I'd start --
If you look in the Apache access log for the domain, located in $HOME/logs/access_log, are you seeing an access attempt when trying to load the SSL page for this domain?
It's possible that the requests are incorrectly being directed elsewhere.
You should first check if apache is listening on port 443:
netstat -plan | grep 443and then check if virtual servers exist:
Submitted by hasse_basse on Wed, 01/11/2017 - 11:34 Pro Licensee Comment #8
This is the log I have taken the info from
/var/log/virtualmin/armoire-ignifuge.fr_access_log
Theese lines comes from an access I made on http. When I tried on https it gave nothing in the log.
88.166.231.21 - - [11/Jan/2017:18:28:45 +0100] "GET /images/secura/sv/sv-serien.jpg HTTP/1.1" 200 26807 "http://www.armoire-ignifuge.fr/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" 88.166.231.21 - - [11/Jan/2017:18:28:45 +0100] "GET /images/secura/sa/210/armoire-ignifuge-papier-sa-210-hauteur.jpg HTTP/1.1" 200 30430 "http://www.armoire-ignifuge.fr/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" 88.166.231.21 - - [11/Jan/2017:18:28:46 +0100] "GET /images/secura/sa/460/armoire-ignifuge-papier-sa-460-hauteur.jpg HTTP/1.1" 200 12355 "http://www.armoire-ignifuge.fr/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" 88.166.231.21 - - [11/Jan/2017:18:28:46 +0100] "GET /images/secura/sa/580/armoire-ignifuge-papier-sa-580-hauteur.jpg HTTP/1.1" 200 13275 "http://www.armoire-ignifuge.fr/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" 88.166.231.21 - - [11/Jan/2017:18:28:46 +0100] "GET /images/secura/archive_compact/archive_compact_ignifuge_bjarstal_01_195x150.jpg HTTP/1.1" 200 11132 "http://www.armoire-ignifuge.fr/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" 88.166.231.21 - - [11/Jan/2017:18:28:46 +0100] "GET /images/secura/sa/390/armoire-ignifuge-sa-390-hauteur.jpg HTTP/1.1" 200 11006 "http://www.armoire-ignifuge.fr/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" 88.166.231.21 - - [11/Jan/2017:18:28:46 +0100] "GET /images/secura/sa/330/armoire-ignifuge-papier-sa-330-hauteur.jpg HTTP/1.1" 200 11474 "http://www.armoire-ignifuge.fr/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" 88.166.231.21 - - [11/Jan/2017:18:28:46 +0100] "GET /images/kaso/pkpapier/pk-410-closed-rel490-500.jpg HTTP/1.1" 200 20377 "http://www.armoire-ignifuge.fr/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
Submitted by hasse_basse on Wed, 01/11/2017 - 11:36 Pro Licensee Comment #9
Mustafa
netstat -plan | grep 443 tcp6 0 0 :::443 :::* LISTEN 6232/apache2
grep -R "443" /etc/apache2 | grep -i "virtualhost|listen" /etc/apache2/ports.conf: Listen 443 /etc/apache2/ports.conf: Listen 443 /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/tillf/sites-available_ORG/prorok.se.conf: /etc/apache2/tillf/sites-available_ORG/protectionantivol.fr.conf: /etc/apache2/tillf/sites-available_ORG/default-ssl.conf: /etc/apache2/tillf/sites-available_ORG/armoire-ignifuge.fr.conf: /etc/apache2/tillf/sites-available_ORG/bjarstal.fr.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf:
Submitted by andreychek on Wed, 01/11/2017 - 11:47 Comment #10
The tests I performed earlier showed that Apache is indeed listening on port 443.
However, if you aren't seeing an entry in the access_log when accessing the site, you might be seeing an issue similar to what's described here in the "The wrong website shows up" section:
https://www.virtualmin.com/documentation/web/faq#
That is, you'd want to ensure that the IP addresses listed in the Apache config for each of those SSL VirtualHost configs are correct.
Also, if you see a default-ssl.conf file in /etc/apache2/sites-enabled, you may want to try removing that as well.
Well,
First I see your apache is only accepting ipv6 connections, this is strange as I see
Listen 443exists in your/etc/apache2/ports.conffile, try changing that line toListen 0.0.0.0:443instead and then restart apache and see ifnetstat -plan | grep 443returnsSecond, the correct command to search for virtualhosts is:
if it's still not showing virtualhosts listening on ips, you can run the following instead:
Submitted by hasse_basse on Wed, 01/11/2017 - 12:28 Pro Licensee Comment #12
Andrey and Mostafa
Thanks for your help. I stumbled on this in the apache2.conf
ServerName armoires-ignifuges.fr ServerAlias www.armoires-ignifuges.fr RedirectPermanent / http://www.armoire-ignifuge.fr/
It is a redicect that was taken away in Virtualmin but it remaind in apache2.conf. When I deleted it all sites started to work as they should. Will go home for the night, but I'll be back tomorrow if there is something else.
Thanks
Hans
RedirectPermanent /This might be from the cache of your browser since RedirectPermanent / does a permanent redirection and your browser caches ithttp://www.armoires-ignifuges.fr/ is showing Up running !!! for me
Submitted by hasse_basse on Thu, 01/12/2017 - 03:30 Pro Licensee Comment #14
Hi Mostafa
It was not the cache of the browser. The lines actually were there and when I took them away everything started to work. I then deleted all domaines in Virtualmin, lokked in apache2.conf to see if there were any more nasty things left and reinstalled everything and now it is all just great. Note that I have 2 domaines with similiar names: http://www.armoires-ignifuges.fr and http://www.armoire-ignifuge.fr. (The first in pluriel and the second in singulier). I had used the Redirection to transfer the first one to the second one.
I have also taken away some old folders I had kept as a backup in the etc/apache2 folder. About this with the IPv6 connections, could it be connected with the fact that my IP provider FREE had big troubles with his DNS the last days? (I work from my office and have the server in a cloud somewere else)
Below you can see the todays outcome of the commands you gave me:
netstat -plan | grep 443 tcp6 0 0 :::443 :::* LISTEN 6232/apache2
and
grep -R "443" /etc/apache2 | grep -i "virtualhost|listen" /etc/apache2/ports.conf: Listen 443 /etc/apache2/ports.conf: Listen 443 /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf:
and
grep -R "443" /etc/apache2 /etc/apache2/ports.conf: Listen 443 /etc/apache2/ports.conf: Listen 443 /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf:
Thanks again for your help Mostafa.
All the best
Hans
Submitted by hasse_basse on Tue, 11/07/2017 - 03:59 Pro Licensee Comment #15
Fixed as mentionned in my post dated January 11, 2017
Submitted by hasse_basse on Tue, 11/14/2017 - 11:46 Pro Licensee Comment #16
-