Allow http traffic again?

Hi there, i

In my hunt to figure out why i cant get my lets encrypt certificate i noticed during my setup i redirected port 80 to 443. which is great, but i need port 80 for the certificate to go through.

So if I remove the ReWriteEngine lines from the nextcloud.conf, I can turn off the forward, but if I try the http address for nextcloud it comes up with:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at admin@webmaster to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.
Apache/2.4.29 (Ubuntu) Server at 192.168.2.7 Port 80

I’m guessing to test Lets Encrypt, via certbot, I need that address to resolve the normal http version of the site?
How would I do this? I’m stumped on where to look

The setup is Ubuntu (18.04.3LTS) on a vmware fusion box, manual next cloud setup (not snap).
I have ufw enabled, and its status is:

sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To Action From
– ------ ----
*80,443/tcp ALLOW IN Anywhere *
80,443/tcp (v6) ALLOW IN Anywhere (v6)

Port forwarding from my router is up for 80/443, and my dyndns is up to date too and dns reporting shows my A record is correct

right.

right. but only the path /.well-known/acme-challenge
so you redirect everything accept this pat to port 443.

so the config for nginx is something like this:

        location ^~ /.well-known/acme-challenge {
		proxy_pass http://127.0.0.1:81;
	}
	location / {
		return 301 https://$server_name:443;

nevertheless if you run certbot manually you are asked if you want to redirect your traffic to https and everything is setup automatic.

why to you decide to interfere with this setup?

I dont have ngnix, its just on apache2.

Which file would I have to edit on apache2 to achieve this?

where do you setup this?

I have these lines in the .conf file

ReWriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
ReWriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]

I’ve tried # these out, restarted apache and tried the http:// page again, but it brings you back to the Internal Server Error page listed on the OP

normally internal server errors means that the web server can’t reach one of the backend services (php, redis, db server, depends on your setup). did you check if they are available? what is in the apache2 log?

I’ve managed to restore LOCAL http access to the server now, I found this in the .htaccess file:

RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*
RewriteRule . index.php [PT,E=PATH_INFO:$1]
RewriteBase /nextcloud

SetEnv front_controller_active true

DirectorySlash off

But it if I go the domain name for the site using the http:// it auto-redirects to https://
Not sure why, as in the local network, the http does not auto redirect to https.

Would yourself, or anyone, happen to know where Apache stores the redirect to https if you enter via the domain name?

I have tried using the acme.sh command again - It fails, as when it does the verification, it tries to make a folder under the root folder in apache, not the nextcloud folder.
I am not sure why its getting this wrong folder, as all the conf files in the apache folder all show the right folder name

EDIT - Managed to find out where the mistake was, it was a ENV path, fixed that and now I can get on the from the domain via http. But this did not fix my problem with the certificates. Marking this one as closed