Re: My site has become unreachable when I've implemented SSL
Thank you for your fast answer!
root@Casa-mia-1:~# lsof -i :443
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 879 root 6u IPv6 20270 0t0 TCP *:https (LISTEN)
apache2 948 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN)
apache2 949 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN)
apache2 950 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN)
apache2 951 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN)
apache2 952 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN)
apache2 1385 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN)
apache2 1386 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN)
apache2 3386 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN)
As for ufw, indeed port 443 was not enabled and I had problems in doing
it (bad port!!!!), at the end I wrote:
ufw allow https
Rule added
Rule added (v6)
now I have:
root@Casa-mia-1:~# ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
CUPS ALLOW Anywhere
......
Telnet ALLOW Anywhere
VNC ALLOW Anywhere
WWW ALLOW Anywhere
Anywhere ALLOW 192.168.3.100
Anywhere ALLOW 192.168.3.0/24
2222/tcp ALLOW Anywhere
5900:5910/tcp ALLOW Anywhere
2049 ALLOW 192.168.3.100
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
CUPS (v6) ALLOW Anywhere (v6)
.......
WWW (v6) ALLOW Anywhere (v6)
2222/tcp (v6) ALLOW Anywhere (v6)
5900:5910/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
root@Casa-mia-1:~# systemctl restart apache2
but ... no avail, still "connection refused"
What else could be the culprit!!!! :-D
Thanks for your time!
Aldo :-)
P.S. Furthermore in ..../apache2/error.log I find:
PHP Warning: PHP Startup: Unable to load dynamic library
'/usr/lib/php/20151012/apc.so' - /usr/lib/php/20151012/apc.so: cannot
open shared object file: No such file or directory in Unknown on line 0
Il giorno Mon, 19 Feb 2018 12:48:25 -0500
Greg Wooledge <wooledg@eeg.ccf.org> ha scritto:
> On Mon, Feb 19, 2018 at 06:36:01PM +0100, Aldo Maggi wrote:
> > Anyway, now if I browse writing my IP I get the Apache default page
> > (the browser tells me, anyway, that the site is unsecure), if I
> > write the name of the site I get (traslated from Italian):
> > Unable to reach the site
> > Connection denied by mysite.com
>
> "Connection refused" (the correct English translation) means that
> either the service is not listening to that port, or the packets
> were rejected by a firewall.
>
> You will need to examine both of those possibilities.
>
> Making sure the service is listening on :443 should be fairly easy.
> You can use "lsof -i :443" for example, or some ss or netstat command.
>
> Checking whether you have a firewall blocking incoming 443 will be
> a bit harder.
>
Reply to: