'Server not responding after LetsEncrypt SSL install
I am pushing my website to AWS Lightsail instance on Ubuntu 18.04 and I have had trouble accessing it since I installed LetsEncrypt (everything was fine beforehand).
Basically, I am getting no response, although it looks like everything is fine, at least to me. My website is called kolibri.ba, and I installed 2 SSL's for both www.kolibri.ba and kolibri.ba. I tried different UFW settings, turning it off totally and so on.
My Virtual Host (kolibri.conf)
<VirtualHost *:80>
ServerName kolibri.ba
ServerAlias www.kolibri.ba
ServerAdmin [email protected]
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error_mysite.log
CustomLog ${APACHE_LOG_DIR}/error_access_mysite.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =kolibri.ba [OR]
RewriteCond %{SERVER_NAME} =www.kolibri.ba
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Searching "kolibri" everywhere inside /etc/apache2 looks like this
ack "kolibri" /etc/apache2
/etc/apache2/kolibri.conf
4: ServerAdmin [email protected]
5: ServerName kolibri.ba
6: ServerAlias www.kolibri.ba
16: ErrorLog /var/log/apache2/error-kolibri.ba.log
17: CustomLog /var/log/apache2/access-kolibri.ba.log combined
/etc/apache2/sites-available/kolibri.conf
2: ServerName kolibri.ba
3: ServerAlias www.kolibri.ba
5: ServerAdmin [email protected]
12:RewriteCond %{SERVER_NAME} =kolibri.ba [OR]
13:RewriteCond %{SERVER_NAME} =www.kolibri.ba
/etc/apache2/sites-available/kolibri-2-le-ssl.conf
3: ServerAdmin [email protected]
4: ServerName kolibri.ba
5: ServerAlias www.kolibri.ba
11:#SSLCertificateFile /etc/letsencrypt/live/www.kolibri.ba/fullchain.pem
12:#SSLCertificateKeyFile /etc/letsencrypt/live/www.kolibri.ba/privkey.pem
/etc/apache2/sites-available/kolibri-le-ssl.conf
3: ServerName www.kolibri.ba
4: ServerAlias kolibri.ba
6: ServerAdmin [email protected]
14:SSLCertificateFile /etc/letsencrypt/live/kolibri.ba/fullchain.pem
15:SSLCertificateKeyFile /etc/letsencrypt/live/kolibri.ba/privkey.pem
20: ServerName kolibri.ba
21: ServerAlias www.kolibri.ba
23: ServerAdmin [email protected]
33:# RewriteCond %{SERVER_NAME} =kolibri.ba [OR]
34:# RewriteCond %{SERVER_NAME} =www.kolibri.ba```
I added these lines to my wp-config.php as well
define( 'WP_HOME', 'https://kolibri.ba' ); define( 'WP_SITEURL', 'https://kolibri.ba' ); define( 'FORCE_SSL_ADMIN', true)```
Firewall settings looks like this
sudo ufw status
Status: active
To Action From
-- ------ ----
Apache Full ALLOW Anywhere
30000:31000/tcp ALLOW Anywhere
20:21/tcp ALLOW Anywhere
OpenSSH ALLOW Anywhere
Apache ALLOW Anywhere
20/tcp ALLOW Anywhere
21/tcp ALLOW Anywhere
40000:50000/tcp ALLOW Anywhere
990/tcp ALLOW Anywhere
443 ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
Apache Full (v6) ALLOW Anywhere (v6)
30000:31000/tcp (v6) ALLOW Anywhere (v6)
20:21/tcp (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
Apache (v6) ALLOW Anywhere (v6)
20/tcp (v6) ALLOW Anywhere (v6)
21/tcp (v6) ALLOW Anywhere (v6)
40000:50000/tcp (v6) ALLOW Anywhere (v6)
990/tcp (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
If I do nmap 443 and 80 ports locally to my domain, it gives this
PORT STATE SERVICE
80/tcp open http
443/tcp filtered https
Not sure if 443 filtered state could be causing the issue or what?
And as last, I am putting here my apache health stats:
ubuntu@ip-172-26-0-121:~$ sudo systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: active (running) since Wed 2022-04-20 20:56:26 CEST; 11min ago
Process: 5339 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
Process: 5300 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
Process: 5344 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 5358 (apache2)
Tasks: 9 (limit: 2362)
CGroup: /system.slice/apache2.service
├─5358 /usr/sbin/apache2 -k start
├─5363 /usr/sbin/apache2 -k start
├─5364 /usr/sbin/apache2 -k start
├─5365 /usr/sbin/apache2 -k start
├─5366 /usr/sbin/apache2 -k start
├─5367 /usr/sbin/apache2 -k start
├─5382 /usr/sbin/apache2 -k start
├─5385 /usr/sbin/apache2 -k start
└─5386 /usr/sbin/apache2 -k start
Apr 20 20:56:26 ip-172-26-0-121 systemd[1]: Stopped The Apache HTTP Server.
Apr 20 20:56:26 ip-172-26-0-121 systemd[1]: Starting The Apache HTTP Server...
Apr 20 20:56:26 ip-172-26-0-121 systemd[1]: Started The Apache HTTP Server.
I spent 2 days debugging this, and I would kill my instance 15 times so far if WordPress wasn't such a pain to import properly. Please help and thanks a lot!
Solution 1:[1]
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/certificate/apache-certificate.crt
SSLCertificateKeyFile /etc/apache2/certificate/apache.key
</VirtualHost>
Configure things correctly and this should work you don't need all the virtualhosts just one. When complete restart the services but if the SSL is wrong it will fail.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | BGPHiJACK |