[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SOLVED]Re: My site has become unreachable when I've implemented SSL

I've edited /etc/hosts adding a line where I put the IP address of the
server and the name of site.
Now everything works with SSL :-)

Thank you to all,

Aldo 

Il giorno Tue, 20 Feb 2018 21:23:52 +0100
Aldo Maggi <sentiniate@virgilio.it> ha scritto:

> Thank you for answering!
> I'm really sorry but it seems not to be a SSL or Apache problem,
> today, while I was away from home and I was using my laptop, I tried
> to open my site and I was successful!  
> So I can open "mysite. com" from outside my Lan but if I try to
> connect to "mysite. com" from a Lan computer, the connection is
> refused.  
> I think it is a "ufw" problem but I do not know what to check.
> 
> Thank you anyway, 
> 
> Aldo :-)
> 
> Il giorno Mon, 19 Feb 2018 21:08:34 -0500
> Bob Weber <bobrweber@gmail.com> ha scritto:
> 
> > On 2/19/18 2:54 PM, Aldo Maggi wrote:  
> > > Thank you for your fast answer!
> > >
> > > root@Casa-mia-1:~# lsof -i :443
> > > COMMAND  PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
> > > apache2  879     root    6u  IPv6  20270      0t0  TCP *:https
> > > (LISTEN) apache2  948 www-data    6u  IPv6  20270      0t0  TCP
> > > *:https (LISTEN) apache2  949 www-data    6u  IPv6  20270      0t0
> > > TCP *:https (LISTEN) apache2  950 www-data    6u  IPv6  20270
> > > 0t0  TCP *:https (LISTEN) apache2  951 www-data    6u  IPv6
> > > 20270      0t0  TCP *:https (LISTEN) apache2  952 www-data    6u
> > > IPv6  20270      0t0  TCP *:https (LISTEN) apache2 1385 www-data
> > > 6u  IPv6  20270      0t0  TCP *:https (LISTEN) apache2 1386
> > > www-data    6u  IPv6  20270      0t0  TCP *:https (LISTEN) apache2
> > > 3386 www-data    6u  IPv6  20270      0t0  TCP *:https (LISTEN)
> > >
> > > As for ufw, indeed port 443 was not enabled and I had problems in
> > > doing it (bad port!!!!), at the end I wrote:
> > > ufw allow https
> > > Rule added
> > > Rule added (v6)
> > >
> > > now I have:
> > >
> > > root@Casa-mia-1:~# ufw status
> > > Status: active
> > >
> > > To                         Action      From
> > > --                         ------      ----
> > > 22/tcp                     ALLOW       Anywhere
> > > CUPS                       ALLOW       Anywhere
> > > ......
> > > Telnet                     ALLOW       Anywhere
> > > VNC                        ALLOW       Anywhere
> > > WWW                        ALLOW       Anywhere
> > > Anywhere                   ALLOW       192.168.3.100
> > > Anywhere                   ALLOW       192.168.3.0/24
> > > 2222/tcp                   ALLOW       Anywhere
> > > 5900:5910/tcp              ALLOW       Anywhere
> > > 2049                       ALLOW       192.168.3.100
> > > 80/tcp                     ALLOW       Anywhere
> > > 443/tcp                    ALLOW       Anywhere
> > > 22/tcp (v6)                ALLOW       Anywhere (v6)
> > > CUPS (v6)                  ALLOW       Anywhere (v6)
> > > .......
> > > WWW (v6)                   ALLOW       Anywhere (v6)
> > > 2222/tcp (v6)              ALLOW       Anywhere (v6)
> > > 5900:5910/tcp (v6)         ALLOW       Anywhere (v6)
> > > 80/tcp (v6)                ALLOW       Anywhere (v6)
> > > 443/tcp (v6)               ALLOW       Anywhere (v6)
> > >
> > > root@Casa-mia-1:~# systemctl restart apache2
> > >
> > > but ... no avail, still "connection refused"
> > >
> > > What else could be the culprit!!!! :-D
> > >
> > > Thanks for your time!
> > >
> > > Aldo :-)
> > >
> > > P.S. Furthermore in ..../apache2/error.log I find:
> > > PHP Warning:  PHP Startup: Unable to load dynamic library
> > > '/usr/lib/php/20151012/apc.so' - /usr/lib/php/20151012/apc.so:
> > > cannot open shared object file: No such file or directory in
> > > Unknown on line 0
> > >
> > > Il giorno Mon, 19 Feb 2018 12:48:25 -0500
> > > Greg Wooledge <wooledg@eeg.ccf.org> ha scritto:
> > >  
> > >> On Mon, Feb 19, 2018 at 06:36:01PM +0100, Aldo Maggi wrote:  
> > >>> Anyway, now if I browse writing my IP I get the Apache default
> > >>> page (the browser tells me, anyway, that the site is unsecure),
> > >>> if I write the name of the site I get (traslated from Italian):
> > >>> Unable to reach the site
> > >>> Connection denied by mysite.com  
> > >> "Connection refused" (the correct English translation) means that
> > >> either the service is not listening to that port, or the packets
> > >> were rejected by a firewall.
> > >>
> > >> You will need to examine both of those possibilities.
> > >>
> > >> Making sure the service is listening on :443 should be fairly
> > >> easy. You can use "lsof -i :443" for example, or some ss or
> > >> netstat command.
> > >>
> > >> Checking whether you have a firewall blocking incoming 443 will
> > >> be a bit harder.
> > >>  
> > >  
> > Looks like apache is only listening to IPV6 (see above lsof output).
> > So if the domain that you used in the command:
> > 
> > letsencrypt --apache -d mysite.com
> > 
> > resolves to an IPV4 address you need to tell apache to listen to
> > your IPV4 address.  Your firewall looks like it has opened IPV4 and
> > IPV6. I also assume that you try to access the site with that
> > domain name in the url in your browser.  Check the
> > file /etc/apache2/ports.conf. It might be useful to run the command
> > "ip a" to see what addresses are assigned to your ethernet ports so
> > you can properly set up the ports.conf file.
> >   
>
Reply to: