On 2/19/18 2:54 PM, Aldo Maggi wrote:
Thank you for your fast answer! root@Casa-mia-1:~# lsof -i :443 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME apache2 879 root 6u IPv6 20270 0t0 TCP *:https (LISTEN) apache2 948 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN) apache2 949 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN) apache2 950 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN) apache2 951 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN) apache2 952 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN) apache2 1385 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN) apache2 1386 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN) apache2 3386 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN) As for ufw, indeed port 443 was not enabled and I had problems in doing it (bad port!!!!), at the end I wrote: ufw allow https Rule added Rule added (v6) now I have: root@Casa-mia-1:~# ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere CUPS ALLOW Anywhere ...... Telnet ALLOW Anywhere VNC ALLOW Anywhere WWW ALLOW Anywhere Anywhere ALLOW 192.168.3.100 Anywhere ALLOW 192.168.3.0/24 2222/tcp ALLOW Anywhere 5900:5910/tcp ALLOW Anywhere 2049 ALLOW 192.168.3.100 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere 22/tcp (v6) ALLOW Anywhere (v6) CUPS (v6) ALLOW Anywhere (v6) ....... WWW (v6) ALLOW Anywhere (v6) 2222/tcp (v6) ALLOW Anywhere (v6) 5900:5910/tcp (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 443/tcp (v6) ALLOW Anywhere (v6) root@Casa-mia-1:~# systemctl restart apache2 but ... no avail, still "connection refused" What else could be the culprit!!!! :-D Thanks for your time! Aldo :-) P.S. Furthermore in ..../apache2/error.log I find: PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php/20151012/apc.so' - /usr/lib/php/20151012/apc.so: cannot open shared object file: No such file or directory in Unknown on line 0 Il giorno Mon, 19 Feb 2018 12:48:25 -0500 Greg Wooledge <wooledg@eeg.ccf.org> ha scritto:On Mon, Feb 19, 2018 at 06:36:01PM +0100, Aldo Maggi wrote:Anyway, now if I browse writing my IP I get the Apache default page (the browser tells me, anyway, that the site is unsecure), if I write the name of the site I get (traslated from Italian): Unable to reach the site Connection denied by mysite.com"Connection refused" (the correct English translation) means that either the service is not listening to that port, or the packets were rejected by a firewall. You will need to examine both of those possibilities. Making sure the service is listening on :443 should be fairly easy. You can use "lsof -i :443" for example, or some ss or netstat command. Checking whether you have a firewall blocking incoming 443 will be a bit harder. Looks like apache is only listening to IPV6 (see above lsof
output). So if the domain that you used in the command:
letsencrypt --apache -d mysite.com resolves to an IPV4 address you need to tell apache to listen to
your IPV4 address. Your firewall looks like it has opened IPV4
and IPV6. I also assume that you try to access the site with that
domain name in the url in your browser. Check the file
/etc/apache2/ports.conf. It might be useful to run the command
"ip a" to see what addresses are assigned to your ethernet ports
so you can properly set up the ports.conf file. --
...Bob |