Domain not working after letsencrypt

ℹ️ Support
1

Hi. I hope everyone is ok.
Ok well I have a strange issue, I will tell everything.
I manually installed nextcloud, everything is working fine. i made a local domain hpcloud.com and also made a self signed certificate. The issue was that onlyoffice wasnt working so we decided to get a subdomain and forward that to our IP address. The forwarding started (when I ping it, it works).

After that I went forward and get certbot to create letsencrypt certificate, which was successful.
Now the page doesnt load from the domain. it is working on the IP address. but gives certificate error.
I have edited the config.php file and added the domain in trusted domain.
I have installed Apache and using nextcloud version 17. Ubuntu 20

following is my apache 000-default.conf settings

image
image693×710 39.9 KB

following is my 000-default-le-ssl.conf

image
image682×746 38.7 KB

Following is my config.php settings
image

following is my default-ssl.conf

image
image815×724 37.1 KB

Before making the letsencrypt mistake, i was able to open via the domain but with self signed cert. Now I cannot open at all.

The error i get now is … it doesnt open. as shown in the following picture it is trying to negotiate.

image
image872×971 19.5 KB

I have checked the apache logs and the request is reaching there.

Can anyone please help?
Yes I am able to login via the IP address, yes it was previously working with the same domain but with self signed certificate.
Please tell me what am I missing.

Regards,

2

The redirection error most likely mean redirection from port 80 (http) to port 443 (https).

Try typing manually in the address bar https://name.domain.com.

3

yup, did that, tried 3 different browsers
still no luck

4

this is the apache log when I access

192.168.88.1 - - [07/Jun/2020:04:05:09 +0500] “GET / HTTP/1.1” 301 753 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36”

and the last time is

192.168.88.1 - - [07/Jun/2020:04:16:29 +0500] “-” 408 3866 “-” “-”

5

It’s been a long time since I have used Apache, so I’m mostly only guessing.

000-default-le-ssl.conf
Permanent redict to http://… Should it be https://?

What about Apache error log. Anything interesting there?

config.php should http be https?

000-default-le-ssl.conf last include line in the picture. Is there something which may broke something?

6

Permanent redict to http://… Should it be https://?
Tried with that too. not working

config.php should http be https?
did that too. no luck

this was yesterday in the error log
[Sun Jun 07 04:19:40.199356 2020] [ssl:error] [pid 3587] [client 192.168.88.1:43130] AH02042: rejecting client initiated renegotiation

7

Anyone ???

Please help…

8

Normally you would not use default_vhost but rather set up a new named vhost.

Also in the ssl vhost you should not have a redirect.

9

I dont understand this. Can you please guide ? I will do that too. Please guide me… thanking in anticipation

10

The default vhost is used whenever a client is accesing your server by direct IP-addres (http://1.2.3.4:80) and not with a domain name (http://www.somesite.com). If you only have one domain on this server it does not matter so much. However if you want to add domains in the future it is better to put each domain in their own somedomain.conf file instead.

You do have some small mistakes. Lets fix them:

First: Open default-ssl.conf

  1. Remove the line ServerAlias www.... You cannot have the same in both ssl.conf files.
  2. Set ServerName localhost
  3. DocumentRoot should probably be pointing to the default apache htdocs folder, /var/www/html/ or similar. Not the nextcloud installation.

Second: open 000-default-le-ssl.conf

  1. Remove the line Redirect permanent "/" "http...."
    because that line will redirect your HTTPS requests to your HTTP instance, while your HTTP instance is redirecting you back to HTTPS. This creates a redirect-loop.

Third: Open 000-default.conf

  1. Remove the line Redirect permanent "/" "http...."
  2. Add these lines:
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteCond %{REQUEST_URI} !^/.well-known
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NC,NE,R=permanent,L]

This will make sure that people using HTTP will safely be redirected to your HTTPS site, while still allowing Letsencrypt/Certbot autorenewals to work (the .well-known directory).

Good Luck!

3 Likes
11

Many thanks. Will do that in a while and let you know. Unfortunately I have a Corona patient at home, so have to take care of him also and be careful at the same time.

So, just to let you know that I will reply as soon as I have done that and get any result.
Many thanks

1 Like
12

Many many thanks. This worked. Everything is working.

Lots of regards for your time and effort.

1 Like
13

I’m glad to hear it’s working now :slight_smile:

14

Thanks!! You saved the day.