Problem after Lets Encrypt cert and router refuses 443 port fwd- Now a mess

Started by ozstar, December 06, 2022, 09:39:10 PM

Previous topic - Next topic

ozstar

Hello,

I and quite new to all this but have installed apache in VirtualBox on ubuntu 20.04 and it has been working fine with a domain name delegated to my home IP address. All went well nd can't complain here until..

decided I need to change it to https.

Create the certificate and all went well until https would not resolve at the site like it did before with http. I couldn't change it as it auto took http to https.

I tried to port fwd 443 to make it all work but found the router Netcomm NF18 MESH said 443 was used by it and it couldn't be changed.

By this time I'm in a mess and tried many things suggested at forums, youtube and on web but nothing worked.

Now apache will not start and I'm in a mess.

Let's Encrypt let me download the pm for my certificate in case I needed it but the problem is I can't use 443.

I feel like deleting the whole shibang and starting again. New apache, new .conf files, htmls, everything.

Is that my best bet or is there a quicker way for me to get this back on the rails ?

Thank you in anticipation.

oz

This is the apache2 status..

root@zorin162-VirtualBox:~# systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor prese>
Active: failed (Result: exit-code) since Mon 2022-12-05 14:04:57 AEDT; 24h>
Docs: https://httpd.apache.org/docs/2.4/
Process: 595 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAI>

Dec 05 14:04:54 zorin162-VirtualBox systemd[1]: Starting The Apache HTTP Server>
Dec 05 14:04:57 zorin162-VirtualBox apachectl[611]: AH00526: Syntax error on li>
Dec 05 14:04:57 zorin162-VirtualBox apachectl[611]: <Directory> directive requi>
Dec 05 14:04:57 zorin162-VirtualBox apachectl[595]: Action 'start' failed.
Dec 05 14:04:57 zorin162-VirtualBox apachectl[595]: The Apache error log may ha>
Dec 05 14:04:57 zorin162-VirtualBox systemd[1]: apache2.service: Control proces>
Dec 05 14:04:57 zorin162-VirtualBox systemd[1]: apache2.service: Failed with re>
Dec 05 14:04:57 zorin162-VirtualBox systemd[1]: Failed to start The Apache HTTP>
lines 1-14/14 (END)

ozstar

I tried to edit the above post as I saw the lower text was cut off.  Here is the correct terminal text..

Quoteroot@zorin162-VirtualBox:~# systemctl status apache2
● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Tue 2022-12-06 20:22:24 AEDT; 11h ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 585 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)

Dec 06 20:22:20 zorin162-VirtualBox systemd[1]: Starting The Apache HTTP Server...
Dec 06 20:22:24 zorin162-VirtualBox apachectl[610]: AH00526: Syntax error on line 12 of /etc/apache2/sites-enabled/mysitemc-ssl.conf:
Dec 06 20:22:24 zorin162-VirtualBox apachectl[610]: <Directory> directive requires additional arguments
Dec 06 20:22:24 zorin162-VirtualBox apachectl[585]: Action 'start' failed.
Dec 06 20:22:24 zorin162-VirtualBox apachectl[585]: The Apache error log may have more information.
Dec 06 20:22:24 zorin162-VirtualBox systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Dec 06 20:22:24 zorin162-VirtualBox systemd[1]: apache2.service: Failed with result 'exit-code'.
Dec 06 20:22:24 zorin162-VirtualBox systemd[1]: Failed to start The Apache HTTP Server.
root@zorin162-VirtualBox:~#

as I see it says line 12 of the -ssl.conf, here is that file.  Line 12 on my editor is the first line of <Directory>

<VirtualHost *:443>
ServerName mysitemc.com
ServerAlias www.mysitemc.com

</VirtualHost>

<VirtualHost *:80>

ServerAdmin [email protected]
DocumentRoot /var/www/mysitemc

<Directory>
   Options FollowSymLinks
   AllowOverride None
   Require all denied
</Directory>

<Directory /usr/share>
   AllowOverride None
   Require all granted
</Directory>

<Directory /var/www/mysitemc>
     Options Indexes FollowSymLinks
     AllowOverride None
     Require all granted
</Directory>
</VirtualHost>


Gregg

It says your missing something. Look at your other <Directory> containers, can you spot what the first one's missing?


<Directory argument>

Giving some argument (path of a directory) will fix that error.

A single / is sufficient.

This is a good place to start with in the docs when it comes to directives. https://httpd.apache.org/docs/2.4/mod/quickreference.html
I would suggest you should digest this one as well. https://httpd.apache.org/docs/2.4/sections.html

My guess is you will run into other problems not related to the current but the service will start.



mario

You may check the syntax after changes



source /etc/apache2/envvars
/usr/sbin/apachectl -S

The envvars file is an ubuntu thing...

ozstar

Many thanks guys. I appreciate the help.

Working through the results of those commands now and checking out the links :-)

ozstar

Well with thanks at last, with lots of help from the web I guess message shows apache is working Smile

Now just have to work out why all the sites change from http to https and why it lands at the front door of the router instead of going through to the site. Maybe I should start a new thread for this?



Quoteroot@zorin162-VirtualBox:/etc/apache2/sites-available# systemctl status apache2
* apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2022-12-08 14:00:06 AEDT; 28s ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 16767 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
   Main PID: 16771 (apache2)
      Tasks: 55 (limit: 10660)
     Memory: 5.6M
     CGroup: /system.slice/apache2.service
             |-16771 /usr/sbin/apache2 -k start
             |-16773 /usr/sbin/apache2 -k start
             `-16774 /usr/sbin/apache2 -k start

Dec 08 14:00:06 zorin162-VirtualBox systemd[1]: Starting The Apache HTTP Server...
Dec 08 14:00:06 zorin162-VirtualBox apachectl[16770]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.>
Dec 08 14:00:06 zorin162-VirtualBox systemd[1]: Started The Apache HTTP Server.

mario

The last error message can be solved by setting a Name in the glocal config
like

ServerName localhost
IIRC it is in /etc/apache2/apache2.conf on ubuntu

mario

> Now just have to work out why all the sites change from HTTP to HTTPS
Do you have any rewrite rules or is it the browsers that want to use HTTPS. For example Chrome and Firefox try https first before thinking of plan HTTP.

> why it lands at the front door of the router instead of going through to the site.
That seems more like a port forwarding issue or a provider issue (blocking the 443 port)

ozstar

Thank you. I added that to the conf file and I think it looks good.  As you say, now to the 443 headache :-)

Quoteroot@zorin162-VirtualBox:/etc/apache2/sites-enabled# /etc/init.d/apache2 restart
Restarting apache2 (via systemctl): apache2.service.
root@zorin162-VirtualBox:/etc/apache2/sites-enabled# systemctl status apache2
* apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2022-12-10 18:34:57 AEDT; 18s ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 13643 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
   Main PID: 13647 (apache2)
      Tasks: 55 (limit: 10660)
     Memory: 5.7M
     CGroup: /system.slice/apache2.service
             |-13647 /usr/sbin/apache2 -k start
             |-13649 /usr/sbin/apache2 -k start
             `-13650 /usr/sbin/apache2 -k start

Dec 10 18:34:57 zorin162-VirtualBox systemd[1]: Starting The Apache HTTP Server...
Dec 10 18:34:57 zorin162-VirtualBox systemd[1]: Started The Apache HTTP Server.
root@zorin162-VirtualBox:/etc/apache2/sites-enabled#

I was directed to this but I'm not sure if it apples to my problem.

Redirect 443 to another port