[SOLVED]Re: My site has become unreachable when I've implemented SSL
I've edited /etc/hosts adding a line where I put the IP address of the
server and the name of site.
Now everything works with SSL :-)
Thank you to all,
Aldo
Il giorno Tue, 20 Feb 2018 21:23:52 +0100
Aldo Maggi <sentiniate@virgilio.it> ha scritto:
> Thank you for answering!
> I'm really sorry but it seems not to be a SSL or Apache problem,
> today, while I was away from home and I was using my laptop, I tried
> to open my site and I was successful!
> So I can open "mysite. com" from outside my Lan but if I try to
> connect to "mysite. com" from a Lan computer, the connection is
> refused.
> I think it is a "ufw" problem but I do not know what to check.
>
> Thank you anyway,
>
> Aldo :-)
>
> Il giorno Mon, 19 Feb 2018 21:08:34 -0500
> Bob Weber <bobrweber@gmail.com> ha scritto:
>
> > On 2/19/18 2:54 PM, Aldo Maggi wrote:
> > > Thank you for your fast answer!
> > >
> > > root@Casa-mia-1:~# lsof -i :443
> > > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
> > > apache2 879 root 6u IPv6 20270 0t0 TCP *:https
> > > (LISTEN) apache2 948 www-data 6u IPv6 20270 0t0 TCP
> > > *:https (LISTEN) apache2 949 www-data 6u IPv6 20270 0t0
> > > TCP *:https (LISTEN) apache2 950 www-data 6u IPv6 20270
> > > 0t0 TCP *:https (LISTEN) apache2 951 www-data 6u IPv6
> > > 20270 0t0 TCP *:https (LISTEN) apache2 952 www-data 6u
> > > IPv6 20270 0t0 TCP *:https (LISTEN) apache2 1385 www-data
> > > 6u IPv6 20270 0t0 TCP *:https (LISTEN) apache2 1386
> > > www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN) apache2
> > > 3386 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN)
> > >
> > > As for ufw, indeed port 443 was not enabled and I had problems in
> > > doing it (bad port!!!!), at the end I wrote:
> > > ufw allow https
> > > Rule added
> > > Rule added (v6)
> > >
> > > now I have:
> > >
> > > root@Casa-mia-1:~# ufw status
> > > Status: active
> > >
> > > To Action From
> > > -- ------ ----
> > > 22/tcp ALLOW Anywhere
> > > CUPS ALLOW Anywhere
> > > ......
> > > Telnet ALLOW Anywhere
> > > VNC ALLOW Anywhere
> > > WWW ALLOW Anywhere
> > > Anywhere ALLOW 192.168.3.100
> > > Anywhere ALLOW 192.168.3.0/24
> > > 2222/tcp ALLOW Anywhere
> > > 5900:5910/tcp ALLOW Anywhere
> > > 2049 ALLOW 192.168.3.100
> > > 80/tcp ALLOW Anywhere
> > > 443/tcp ALLOW Anywhere
> > > 22/tcp (v6) ALLOW Anywhere (v6)
> > > CUPS (v6) ALLOW Anywhere (v6)
> > > .......
> > > WWW (v6) ALLOW Anywhere (v6)
> > > 2222/tcp (v6) ALLOW Anywhere (v6)
> > > 5900:5910/tcp (v6) ALLOW Anywhere (v6)
> > > 80/tcp (v6) ALLOW Anywhere (v6)
> > > 443/tcp (v6) ALLOW Anywhere (v6)
> > >
> > > root@Casa-mia-1:~# systemctl restart apache2
> > >
> > > but ... no avail, still "connection refused"
> > >
> > > What else could be the culprit!!!! :-D
> > >
> > > Thanks for your time!
> > >
> > > Aldo :-)
> > >
> > > P.S. Furthermore in ..../apache2/error.log I find:
> > > PHP Warning: PHP Startup: Unable to load dynamic library
> > > '/usr/lib/php/20151012/apc.so' - /usr/lib/php/20151012/apc.so:
> > > cannot open shared object file: No such file or directory in
> > > Unknown on line 0
> > >
> > > Il giorno Mon, 19 Feb 2018 12:48:25 -0500
> > > Greg Wooledge <wooledg@eeg.ccf.org> ha scritto:
> > >
> > >> On Mon, Feb 19, 2018 at 06:36:01PM +0100, Aldo Maggi wrote:
> > >>> Anyway, now if I browse writing my IP I get the Apache default
> > >>> page (the browser tells me, anyway, that the site is unsecure),
> > >>> if I write the name of the site I get (traslated from Italian):
> > >>> Unable to reach the site
> > >>> Connection denied by mysite.com
> > >> "Connection refused" (the correct English translation) means that
> > >> either the service is not listening to that port, or the packets
> > >> were rejected by a firewall.
> > >>
> > >> You will need to examine both of those possibilities.
> > >>
> > >> Making sure the service is listening on :443 should be fairly
> > >> easy. You can use "lsof -i :443" for example, or some ss or
> > >> netstat command.
> > >>
> > >> Checking whether you have a firewall blocking incoming 443 will
> > >> be a bit harder.
> > >>
> > >
> > Looks like apache is only listening to IPV6 (see above lsof output).
> > So if the domain that you used in the command:
> >
> > letsencrypt --apache -d mysite.com
> >
> > resolves to an IPV4 address you need to tell apache to listen to
> > your IPV4 address. Your firewall looks like it has opened IPV4 and
> > IPV6. I also assume that you try to access the site with that
> > domain name in the url in your browser. Check the
> > file /etc/apache2/ports.conf. It might be useful to run the command
> > "ip a" to see what addresses are assigned to your ethernet ports so
> > you can properly set up the ports.conf file.
> >
>
Reply to: