404 with SSL on Raspberry Pi

I have had SSL problems in the past with my configurations, but they never seem to go away as I use different operating systems and such…I have been applying my past mistakes and resolutions to my problems and for the most part they get resolved, but one that has eluded me since the beginning is getting this to work on my Pi. I did a weird patch job to get secure connections before. I had a wordpress site and then I linked it to my Nextcloud, but for personal security reasons and me not actually hosting content on my page, I just want this Pi to be a simple Nextcloud server. So, my original config had nextcloud in the /var/www/html/wordpress/nextcloud directory and now all the content is just in /var/www/html/. I can access everything fine via http, but not so via https. I lumped my port 80 and 443 stuff into one config file, and here it is:

ServerName mydomain.com #ServerAdmin webmaster@localhost DocumentRoot "/var/www/html"
            # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
            # error, crit, alert, emerg.
            # It is also possible to configure the loglevel for particular
            # modules, e.g.
            #LogLevel info ssl:warn

    #       ReWriteEngine on
    #       ReWriteCond %{SERVER_PORT} !^443$
    #       ReWriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]

           Redirect permanent / https://mydomain.com

    #       ErrorLog ${APACHE_LOG_DIR}/error.log
    #       CustomLog ${APACHE_LOG_DIR}/access.log combined

    </VirtualHost>

    <VirtualHost *:443>
            ServerAdmin webmaster@localhost
            DocumentRoot "/var/www/html"
            ServerName mydomain.com

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined


    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf



    <Directory /var/www/html/>
      Options +FollowSymlinks
      AllowOverride All

      <IfModule mod_dav.c>
            Dav off
      </IfModule>

      SetEnv HOME /var/www/html
      SetEnv HTTP_HOME /var/www/html

    </Directory>


    <IfModule mod_headers.c>
      Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
    </IfModule>


    </VirtualHost>

I have also tried adding:
‘overwrite.cli.url’ => ‘https://mydomain.com:443’,
‘overwriteprotocol’ => ‘https’,

to my nextcloud config.php file with no success. What was interesting, was when I left an alias in my apache configs and visited the alias I could get a secure connection, but nothing else otherwise. Is there a configuration I’m missing since I changed this?

Do you have any other apache sites enabled? You can see this with ls -l /etc/apache2/sites-enabled on Ubuntu, I can’t remember if it’s the same for Debian (raspian).

Or have you installed nginx as well? check which process is listening on ports 80 and 443:
sudo netstat -tulepn

Hi, yes the site is enabled. I have port 80 and 443 lumped into one config file for the same website, and I can get it to connect via port 80 if I disable a forced redirect to https in apache.

tflidd, I just have apache installed. I had Nextcloud working before on the very same computer, all I did was move the nextcloud directory contents that I had before to /var/www/html/ and changed my apache configs to make /var/www/html/ my new webroot

It looks like ports 80 and 443 are being listened on, but with tcp6…which leads me to believe that is only via IPv6 connections, right? Not sure what setting to change if it isn’t listening for IPv4 connections, I just assumed that’s default

For some reason, only the ipv6 is shown (even though it’s open for ipv4 as well).

Can you connect from a terminal on the client (or a first step from the server itself):
openssl s_client -connect example.org:443

Is there your router in between which does port forwarding. Or a public server?

I will have to reenable port forwarding for my device when I get home (currently disabled it while its down), but what I have going on right now is I have a home router forwarding ports 80 and 443 for my internal ip address that my server has

I assume getting:
Verify return code: 0 (ok)

is what I want when running that openssl command right? Because that’s what I get

I tried connecting to the server with Konquerer and got this line that both Firefox and Chrome wouldn’t display:
“The requested URL /index.php/login was not found on this server.”

Ah. Found my problem:
from error.log - “server certificate does NOT include an ID which matches the server name”

I swear I’ve tried everything though. I’ve tried “localhost” my Pi hostname “raspberrypi” and my domain name but no luck

EDIT: fixed this error, doesn’t solve my problem. Is there an error in my apache configs, or something I might be missing in the nextcloud configs that would prevent me from finding all my content through an https connection?

Yes that’s good, and you should also see your certificate.

How did you install Nextcloud. It is in /var/www/html? And it is readable by www-data? And you didn’t forget the .htaccess-file?

Yes I can see my certificate when I do that command also

So I set up the LAMP server with the proper php dependencies (as I said, I had it working on this before). The files are all stored in /var/www/html/ but the data directory is stored at /media/www-data/nc_data. The www-data user has user and group ownership over both of those directories and its subdirs “chown -R www-data:www-data /var/www/html” and "chown -R “/media/www-data/nc_data”. Should the .htaccess be owned by www-data? I’ve seen some people give the ownership of root:www-data. I’ve tried both www-data:www-data and root:www-data ownership. For ownership I ran these commands on the /var/www/html directory:

find /var/www/html/ -type f -print0 | xargs -0 chmod 0640
find /var/www/html/ -type d -print0 | xargs -0 chmod 0750

And I was even adventurous for a minute and made the permissions for everything 777 to see if it was a permissions issue (still no luck) so I switched my permissions back from 777. For SQL, I have a database with a user who was granted all permissions over the nextcloud database.

And to more clearly answer your .htaccess question, I didn’t forget it when setting ownership and permissions. I really wonder if this is an Apache configuration thing, just because nextcloud is entirely functional over HTTP. What would cause a 404 error if I tried to do a connection over port 443? We already see that I can connect via terminal…

The openssl-command to test the ssl connection, did you try this only from your server or also from a client over the network?

Can you place a test.php with content <?php phpinfo(); ?> in your DocumentRoot, and try to open it via https://yourserver/test.php. Does it work?

Can you run the code integrity check from command line:
sudo -u www-data php /var/www/html/occ integrity:check-core
(it should complain about the additional file test.php we just created.

I tried on the server and a client over the network for the openssl command. Both worked. I cannot open the test.php file and the integrity check is okay except the test.php file that is in place

Then you haven’t properly installed and activated php. Check if there is a php module in /etc/apache2/mods-available and that they are linked in /etc/apache2/mods-enabled as well. If not, enable them (a2enmod modulename).

I honestly just gave up and reinstalled the entire OS :stuck_out_tongue: I was wanting to try to solve the issue this way but I needed the server back up. OS reinstall ended up solving my issue