Hello,
today I have installed Let’s Encrypt on a Ubuntu 16.04 System with Apache2.4 per Certbot for view hours.
Is use this manual. https://certbot.eff.org/#ubuntuxenial-apache
It work fine.
Now after 3-4 hours I doesn’t have access to my nextcloud.
Also 5 minuntes send the dns-client the ip-adress to dns.
If I take a ssl-test that work.
I am a linux newbie and I don’t know, where ist the mistake.
Can anybody help me please.
Thank you in advanced.
Best regards,
Christoph
Hi Christoph,
Did you see any messages in the log files, that might help here?
You are saying, that the website is not reachable, right?
Please check the apache logs in /var/log/apache2/
You still have access via SSH right?
My problem once was, that I was banned by fail2ban, due to some testings that were discovered as attacks by fail2ban. Could this be the same for you?
However, without error messages and log entries, it’s difficult to help.
Hello Schmu,
here are the log files.
error.log:
[Wed Oct 19 15:09:03.162238 2016] [mpm_prefork:notice] [pid 8131] AH00171: Graceful restart requested, doing restart
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
[Wed Oct 19 15:09:03.266247 2016] [ssl:warn] [pid 8131] AH01906: 48588490292761bc9bb8c91591bb36f5.f292c8e4b1d3b5d1857d3fc22bfc2124.acme.invalid:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Oct 19 15:09:03.266520 2016] [ssl:warn] [pid 8131] AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name
[Wed Oct 19 15:09:03.266612 2016] [mpm_prefork:notice] [pid 8131] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured – resuming normal operations
[Wed Oct 19 15:09:03.266618 2016] [core:notice] [pid 8131] AH00094: Command line: ‘/usr/sbin/apache2’
[Wed Oct 19 15:09:09.852810 2016] [mpm_prefork:notice] [pid 8131] AH00171: Graceful restart requested, doing restart
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
[Wed Oct 19 15:09:09.956870 2016] [ssl:warn] [pid 8131] AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name
[Wed Oct 19 15:09:09.956976 2016] [mpm_prefork:notice] [pid 8131] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured – resuming normal operations
[Wed Oct 19 15:09:09.956982 2016] [core:notice] [pid 8131] AH00094: Command line: ‘/usr/sbin/apache2’
[Wed Oct 19 15:09:10.938571 2016] [mpm_prefork:notice] [pid 8131] AH00171: Graceful restart requested, doing restart
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
[Wed Oct 19 15:09:11.016874 2016] [ssl:warn] [pid 8131] AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name
[Wed Oct 19 15:09:11.016985 2016] [mpm_prefork:notice] [pid 8131] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured – resuming normal operations
[Wed Oct 19 15:09:11.016991 2016] [core:notice] [pid 8131] AH00094: Command line: ‘/usr/sbin/apache2’
[Wed Oct 19 15:09:14.671829 2016] [mpm_prefork:notice] [pid 8131] AH00171: Graceful restart requested, doing restart
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message
[Wed Oct 19 15:09:14.751178 2016] [ssl:warn] [pid 8131] AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name
[Wed Oct 19 15:09:14.751289 2016] [mpm_prefork:notice] [pid 8131] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured – resuming normal operations
[Wed Oct 19 15:09:14.751295 2016] [core:notice] [pid 8131] AH00094: Command line: ‘/usr/sbin/apache2’
[Wed Oct 19 15:11:49.908724 2016] [ssl:error] [pid 11600] [client 64.41.200.101:43143] AH02042: rejecting client initiated renegotiation
[Wed Oct 19 16:50:36.710445 2016] [mpm_prefork:notice] [pid 8131] AH00169: caught SIGTERM, shutting down
[Wed Oct 19 16:51:29.114353 2016] [ssl:warn] [pid 1495] AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name
[Wed Oct 19 16:51:32.463130 2016] [ssl:warn] [pid 1497] AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name
[Wed Oct 19 16:51:32.467287 2016] [mpm_prefork:notice] [pid 1497] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured – resuming normal operations
[Wed Oct 19 16:51:32.467325 2016] [core:notice] [pid 1497] AH00094: Command line: ‘/usr/sbin/apache2’
[Wed Oct 19 17:04:06.378104 2016] [mpm_prefork:notice] [pid 1497] AH00169: caught SIGTERM, shutting down
[Wed Oct 19 17:04:07.386680 2016] [ssl:warn] [pid 2558] AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name
[Wed Oct 19 17:04:07.428481 2016] [ssl:warn] [pid 2559] AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name
[Wed Oct 19 17:04:07.432859 2016] [mpm_prefork:notice] [pid 2559] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured – resuming normal operations
[Wed Oct 19 17:04:07.432898 2016] [core:notice] [pid 2559] AH00094: Command line: ‘/usr/sbin/apache2’
[Wed Oct 19 17:19:04.396808 2016] [mpm_prefork:notice] [pid 2559] AH00169: caught SIGTERM, shutting down
[Wed Oct 19 17:19:05.420176 2016] [ssl:warn] [pid 2847] AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name
[Wed Oct 19 17:19:05.461436 2016] [ssl:warn] [pid 2848] AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name
[Wed Oct 19 17:19:05.465871 2016] [mpm_prefork:notice] [pid 2848] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured – resuming normal operations
[Wed Oct 19 17:19:05.465911 2016] [core:notice] [pid 2848] AH00094: Command line: ‘/usr/sbin/apache2’
[Wed Oct 19 17:21:15.906443 2016] [ssl:error] [pid 2851] [client 64.41.200.103:58977] AH02042: rejecting client initiated renegotiation
[Wed Oct 19 17:38:17.729380 2016] [ssl:error] [pid 2853] [client 64.41.200.103:53676] AH02042: rejecting client initiated renegotiation
ssl error log:
[Wed Oct 19 18:21:40.886570 2016] [:error] [pid 3326] [client 10.0.0.138:58956] PHP Fatal error: Uncaught Error: Access to undeclared static property: OC\\Files\\Filesystem::$normalizedPathCache in /var/www/html/dragoncloud/lib/private/Files/Filesystem.php:773\nStack trace:\n#0 /var/www/html/dragoncloud/lib/private/Files/View.php(2034): OC\\Files\\Filesystem::normalizePath('/admin/files/Ne...')\n#1 /var/www/html/dragoncloud/lib/private/Files/View.php(1152): OC\\Files\\View->unlockFile('/Nextcloud.mp4', 1)\n#2 [internal function]: OC\\Files\\View->OC\\Files\\{closure}()\n#3 /var/www/html/dragoncloud/3rdparty/icewind/streams/src/CallbackWrapper.php(109): call_user_func(Object(Closure))\n#4 [internal function]: Icewind\\Streams\\CallbackWrapper->stream_close()\n#5 {main}\n thrown in /var/www/html/dragoncloud/lib/private/Files/Filesystem.php on line 773
I use Ubuntu 16.04 - Desktop.
Now it works, wy I don’t know.
Best regards,
Christoph
Hello,
Since my last post and now it doesn’t work.
Best regards,
Christoph
Hello,
Now it works!
Why are that?
It works, it doesn’t work?
Best,
Regards
Christoph
Does the server name match the name on the certificate? This needs to match up exactly.
Sounds like a browser caching issue. Try clearing your browser cache. Also, make sure you are accessing the server by one address. If you have multiple, such a domain.ext, and www.domain.ext, put a redirect in so access is limited to only one of them.
Hello,
Thank you for this info.
Do you mean I can use only one webproject on the server?
How can I fix it?
Thank you in advanced!
Best regards,
Christoph
You can use virtual hosting to host multiple websites with different SSL certificates. The exact steps are dependent on your web server configuration. See Apache Virtual Host documentation - Apache HTTP Server Version 2.4 for Apache.
You can redirect one url to another using mod_rewrite. See http://httpd.apache.org/docs/current/mod/mod_rewrite.html