SSL not working

Hi,

SSL does not work on any of my domains. I had one of theese very bad days indeed and hapend to delete the full home directory. Luckely I had backups of most of my material. What I had backups on is now up running but I cannot connect to any of the sites over https.

I use home made / created by webmin, certificates as earlier but I can't conect to the server over https. Chrome gives me this message "ERR_SSL_PROTOCOL_ERROR" , Edge simply says it can't reach the page and Opera says it couldn't fullfill a secure transaction.

Please help as I can't connect to the Admin on any of my sites as they are forced to HTTPS.

Hans

Comments

Howdy -- sorry to hear you're having a problem with SSL!

If you look in Edit Virtual Server -> Enabled Features, is the SSL Website feature enabled?

Yes, SSL is enabled on all sites. This worked fine until I had to reinstall the sites. I've tried SSL on pure HTML pages as well and it is the same problem there.

As a small comment, I remeber that while I worked with restoring the sites I was proposed to upgrade to Virtualmin 5.05 and so I did so I can't be sure if it is me doing something worng or if you have manged to make a bug in the 5.05.

There shouldn't be anything in the latest Virtualmin that would cause a problem with SSL, though we'll certainly help troubleshoot what's going on so we can get to the bottom of it.

Do you have an example of a website that's experiencing a problem?

That would help us understand what's going on a bit better.

Hmm, it's not sending any SSL certificate at all when connecting on the SSL port.

Here's where I think I'd start --

If you look in the Apache access log for the domain, located in $HOME/logs/access_log, are you seeing an access attempt when trying to load the SSL page for this domain?

It's possible that the requests are incorrectly being directed elsewhere.

Mostafa's picture
Submitted by Mostafa on Wed, 01/11/2017 - 11:32

You should first check if apache is listening on port 443:

netstat -plan | grep 443

and then check if virtual servers exist:

grep -R "443" /etc/apache2 | grep -i "virtualhost\|listen"

This is the log I have taken the info from

/var/log/virtualmin/armoire-ignifuge.fr_access_log

Theese lines comes from an access I made on http. When I tried on https it gave nothing in the log.

88.166.231.21 - - [11/Jan/2017:18:28:45 +0100] "GET /images/secura/sv/sv-serien.jpg HTTP/1.1" 200 26807 "http://www.armoire-ignifuge.fr/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" 88.166.231.21 - - [11/Jan/2017:18:28:45 +0100] "GET /images/secura/sa/210/armoire-ignifuge-papier-sa-210-hauteur.jpg HTTP/1.1" 200 30430 "http://www.armoire-ignifuge.fr/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" 88.166.231.21 - - [11/Jan/2017:18:28:46 +0100] "GET /images/secura/sa/460/armoire-ignifuge-papier-sa-460-hauteur.jpg HTTP/1.1" 200 12355 "http://www.armoire-ignifuge.fr/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" 88.166.231.21 - - [11/Jan/2017:18:28:46 +0100] "GET /images/secura/sa/580/armoire-ignifuge-papier-sa-580-hauteur.jpg HTTP/1.1" 200 13275 "http://www.armoire-ignifuge.fr/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" 88.166.231.21 - - [11/Jan/2017:18:28:46 +0100] "GET /images/secura/archive_compact/archive_compact_ignifuge_bjarstal_01_195x150.jpg HTTP/1.1" 200 11132 "http://www.armoire-ignifuge.fr/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" 88.166.231.21 - - [11/Jan/2017:18:28:46 +0100] "GET /images/secura/sa/390/armoire-ignifuge-sa-390-hauteur.jpg HTTP/1.1" 200 11006 "http://www.armoire-ignifuge.fr/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" 88.166.231.21 - - [11/Jan/2017:18:28:46 +0100] "GET /images/secura/sa/330/armoire-ignifuge-papier-sa-330-hauteur.jpg HTTP/1.1" 200 11474 "http://www.armoire-ignifuge.fr/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" 88.166.231.21 - - [11/Jan/2017:18:28:46 +0100] "GET /images/kaso/pkpapier/pk-410-closed-rel490-500.jpg HTTP/1.1" 200 20377 "http://www.armoire-ignifuge.fr/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"

Mustafa

netstat -plan | grep 443 tcp6 0 0 :::443 :::* LISTEN 6232/apache2

grep -R "443" /etc/apache2 | grep -i "virtualhost|listen" /etc/apache2/ports.conf: Listen 443 /etc/apache2/ports.conf: Listen 443 /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/apache2.conf_1545: /etc/apache2/tillf/sites-available_ORG/prorok.se.conf: /etc/apache2/tillf/sites-available_ORG/protectionantivol.fr.conf: /etc/apache2/tillf/sites-available_ORG/default-ssl.conf: /etc/apache2/tillf/sites-available_ORG/armoire-ignifuge.fr.conf: /etc/apache2/tillf/sites-available_ORG/bjarstal.fr.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf:

The tests I performed earlier showed that Apache is indeed listening on port 443.

However, if you aren't seeing an entry in the access_log when accessing the site, you might be seeing an issue similar to what's described here in the "The wrong website shows up" section:

https://www.virtualmin.com/documentation/web/faq#

That is, you'd want to ensure that the IP addresses listed in the Apache config for each of those SSL VirtualHost configs are correct.

Also, if you see a default-ssl.conf file in /etc/apache2/sites-enabled, you may want to try removing that as well.

Mostafa's picture
Submitted by Mostafa on Wed, 01/11/2017 - 11:49

Well,

First I see your apache is only accepting ipv6 connections, this is strange as I see Listen 443 exists in your /etc/apache2/ports.conf file, try changing that line to Listen 0.0.0.0:443 instead and then restart apache and see if netstat -plan | grep 443 returns

0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1234/apache2

Second, the correct command to search for virtualhosts is:

grep -R "443" /etc/apache2 | grep -i "virtualhost\|listen"

if it's still not showing virtualhosts listening on ips, you can run the following instead:

grep -R "443" /etc/apache2

Andrey and Mostafa

Thanks for your help. I stumbled on this in the apache2.conf

ServerName armoires-ignifuges.fr ServerAlias www.armoires-ignifuges.fr RedirectPermanent / http://www.armoire-ignifuge.fr/

It is a redicect that was taken away in Virtualmin but it remaind in apache2.conf. When I deleted it all sites started to work as they should. Will go home for the night, but I'll be back tomorrow if there is something else.

Thanks

Hans

Mostafa's picture
Submitted by Mostafa on Wed, 01/11/2017 - 12:52

RedirectPermanent / This might be from the cache of your browser since RedirectPermanent / does a permanent redirection and your browser caches it

http://www.armoires-ignifuges.fr/ is showing Up running !!! for me

Hi Mostafa

It was not the cache of the browser. The lines actually were there and when I took them away everything started to work. I then deleted all domaines in Virtualmin, lokked in apache2.conf to see if there were any more nasty things left and reinstalled everything and now it is all just great. Note that I have 2 domaines with similiar names: http://www.armoires-ignifuges.fr and http://www.armoire-ignifuge.fr. (The first in pluriel and the second in singulier). I had used the Redirection to transfer the first one to the second one.

I have also taken away some old folders I had kept as a backup in the etc/apache2 folder. About this with the IPv6 connections, could it be connected with the fact that my IP provider FREE had big troubles with his DNS the last days? (I work from my office and have the server in a cloud somewere else)

Below you can see the todays outcome of the commands you gave me:

netstat -plan | grep 443 tcp6 0 0 :::443 :::* LISTEN 6232/apache2

and

grep -R "443" /etc/apache2 | grep -i "virtualhost|listen" /etc/apache2/ports.conf: Listen 443 /etc/apache2/ports.conf: Listen 443 /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf:

and

grep -R "443" /etc/apache2 /etc/apache2/ports.conf: Listen 443 /etc/apache2/ports.conf: Listen 443 /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf: /etc/apache2/apache2.conf:

Thanks again for your help Mostafa.

All the best

Hans