For the enabled now it's only le-ssl:
nivsrvubu:~$ sudo ls -l /etc/apache2/sites-enabled
total 0
lrwxrwxrwx 1 root root 50 Dec 14 17:04 nextcloud-le-ssl.conf -> /etc/apache2/sites-available/nextcloud-le-ssl.conf
I still getting “ERR_TOO_MANY_REDIRECTS”
and still:
“I remove the “Redirect permanent / h”
to get the site back to work, now it is going to https but it is on " Apache2 Ubuntu Default Page” and not my nextcloud"
Check this out, I think you do not need to put Virtual Host for port 443 into module, but turn on SSL via SSLEngine on:
Also there you can find tutorial how to setup better TLS, or get A+ on SSLlabs, especially Lests encrypt config include is not optimal: Include /etc/letsencrypt/options-ssl-apache.conf, there you have a lot of things that basically are not needed.
Ty fo the command, i have change my nextcloud-le-ssl.conf to the one you link in the commant.
I’m still stuck on the same problem, I get the massage “ERR_TOO_MANY_REDIRECTS”, if i comment out the per redirect # Redirect permanent / https://"host"/ i’m directed to https://“host” but to the “Apache2 Ubuntu Default Page” insted on my cloud
<VirtualHost "IP":80>
ServerName nextcloud
ServerAdmin "admin@host"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://"host"/
</VirtualHost>
<VirtualHost "IP":443>
ServerName nextcloud
ServerAdmin "admin@host"
DocumentRoot /var/www/html/nextcloud/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/"host"/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/"host"privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/"host"chain.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
<Directory /var/www/html/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud
</Directory>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
Header always set Referrer-Policy no-referrer
ErrorDocument 403 "Hmmmm... Looks it is not here xD:)"
</VirtualHost>
Can we try to do debugging in browser? We need to open debugging Network tool, for Firefox it is under Web Developer → Network (choice Persistent Logs):
Now we will be able to see what is redirected and where. On a screenshot above I goes to http to my server and it replays with 301 and redirected me to https://mydoamin.com (location in headers below the screenshot), then it is starting to loading with code 200. Basically this is what this config should do. Please open http connection to your server.
Yea, it’s been fix and wasent the problem.
I am prety sure this is somthing withe the nextcloud-le-ssl,
If i go back to nextcloud.conf all working fine (ofc it’s not https)
This is what i get when i cange the conf to what you link:
****@nivsrvubu:/etc/apache2/sites-available$ sudo service apache2 restart
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.
****@nivsrvubu:/etc/apache2/sites-available$ sudo service apache2 status
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2019-12-20 09:25:37 UTC; 6s ago
Process: 33632 ExecStop=/usr/sbin/apachectl stop (code=exited, status=1/FAILURE)
Process: 31894 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
Process: 33638 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
Main PID: 32611 (code=exited, status=0/SUCCESS)
Dec 20 09:25:36 nivsrvubu systemd[1]: Starting The Apache HTTP Server...
Dec 20 09:25:36 nivsrvubu apachectl[33638]: AH00526: Syntax error on line 38 of /etc/apache2/sites-enabled/nextcloud.conf:
Dec 20 09:25:36 nivsrvubu apachectl[33638]: SSLCertificateFile: file '/etc/letsencrypt/live/********/cert.pem' does not exist or is empty
Dec 20 09:25:36 nivsrvubu apachectl[33638]: Action 'start' failed.
Dec 20 09:25:36 nivsrvubu apachectl[33638]: The Apache error log may have more information.
Dec 20 09:25:37 nivsrvubu systemd[1]: apache2.service: Control process exited, code=exited status=1
Dec 20 09:25:37 nivsrvubu systemd[1]: apache2.service: Failed with result 'exit-code'.
Dec 20 09:25:37 nivsrvubu systemd[1]: Failed to start The Apache HTTP Server.
That strange why it works before… If you are using Let’s Encrypt Certificate via e.g. Certbot or Acme.sh, it should be there.
Where did you get Certificate?
Is this self signed Certificate, or from Let’s Encrypt?
Where it is stored?
Basically you need at least 2 files Certificate and Private key.
Could you please check what is in this folder?
ls -la /etc/letsencrypt/live/DOMAIN
#OR to see all
ls -laR /etc/letsencrypt/live/
AH00016: Configuration Failed
[Fri Dec 20 11:48:57.003526 2019] [ssl:info] [pid 36763] AH01887: Init: Initializing (virtual) servers for SSL
[Fri Dec 20 11:48:57.003601 2019] [ssl:info] [pid 36763] AH01914: Configuring server *******:443 for SSL protocol
[Fri Dec 20 11:48:57.003624 2019] [ssl:debug] [pid 36763] ssl_engine_init.c(1708): AH10083: Init: (*******:443) mod_md support is unavailable.
[Fri Dec 20 11:48:57.003927 2019] [ssl:debug] [pid 36763] ssl_engine_init.c(479): AH01893: Configuring TLS extension handling
[Fri Dec 20 11:48:57.003958 2019] [ssl:debug] [pid 36763] ssl_util_stapling.c(868): AH01960: OCSP stapling initialized
[Fri Dec 20 11:48:57.004038 2019] [ssl:emerg] [pid 36763] AH02562: Failed to configure certificate*******:443:0 (with chain), check /etc/ssl/certs/*******.csr
[Fri Dec 20 11:48:57.004066 2019] [ssl:emerg] [pid 36763] SSL Library Error: error:0909006C:PEM routines:get_name:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKe$
[Fri Dec 20 11:48:57.004088 2019] [ssl:emerg] [pid 36763] SSL Library Error: error:140DC009:SSL routines:use_certificate_chain_file:PEM lib
AH00016: Configuration Failed
[Fri Dec 20 11:52:41.489310 2019] [ssl:info] [pid 1954] AH01887: Init: Initializing (virtual) servers for SSL
[Fri Dec 20 11:52:41.490343 2019] [ssl:info] [pid 1954] AH01914: Configuring server *******:443 for SSL protocol
[Fri Dec 20 11:52:41.490358 2019] [ssl:debug] [pid 1954] ssl_engine_init.c(1708): AH10083: Init: (*******:443) mod_md support is unavailable.
[Fri Dec 20 11:52:41.500104 2019] [ssl:debug] [pid 1954] ssl_engine_init.c(479): AH01893: Configuring TLS extension handling
[Fri Dec 20 11:52:41.500170 2019] [ssl:debug] [pid 1954] ssl_util_stapling.c(868): AH01960: OCSP stapling initialized
[Fri Dec 20 11:52:41.500846 2019] [ssl:emerg] [pid 1954] AH02562: Failed to configure certificate *******:443:0 (with chain), check /etc/ssl/certs/c*******.csr
[Fri Dec 20 11:52:41.500883 2019] [ssl:emerg] [pid 1954] SSL Library Error: error:0909006C:PEM routines:get_name:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKey$
[Fri Dec 20 11:52:41.500905 2019] [ssl:emerg] [pid 1954] SSL Library Error: error:140DC009:SSL routines:use_certificate_chain_file:PEM lib
AH00016: Configuration Failed
EDIT:
I fix the problem with the key,
Now this is were we at:
IF “#Redirect permanent / https://“Host”/”
I can get to the http site very good.
IF “Redirect permanent / https://“Host”/”
ERR_TOO_MANY_REDIRECTS
This is my error.log:
[Fri Dec 20 12:35:41.042102 2019] [core:info] [pid 3729] [client 172.69.130.11:40318] AH00561: Request header exceeds LimitRequestFieldSize: Cookie
[Fri Dec 20 12:35:41.042118 2019] [core:debug] [pid 3729] protocol.c(1375): [client 172.69.130.11:40318] AH00567: request failed: error reading the headers
[Fri Dec 20 12:35:41.076539 2019] [core:debug] [pid 3742] protocol.c(1022): (28)No space left on device: [client 172.69.130.11:41400] Failed to read request header line Cookie: __cfduid=da2ba5eb34dfd8b754c3fc7de5c84db321576707635; oc_s$
[Fri Dec 20 12:35:41.076682 2019] [core:info] [pid 3742] [client 172.69.130.11:41400] AH00561: Request header exceeds LimitRequestFieldSize: Cookie
[Fri Dec 20 12:35:41.076693 2019] [core:debug] [pid 3742] protocol.c(1375): [client 172.69.130.11:41400] AH00567: request failed: error reading the headers
[Fri Dec 20 12:35:41.110912 2019] [core:debug] [pid 3728] protocol.c(1022): (28)No space left on device: [client 172.69.130.11:40256] Failed to read request header line Cookie: __cfduid=da2ba5eb34dfd8b754c3fc7de5c84db321576707635; oc_s$
[Fri Dec 20 12:35:41.110998 2019] [core:info] [pid 3728] [client 172.69.130.11:40256] AH00561: Request header exceeds LimitRequestFieldSize: Cookie
Any thing else you can think of before i restart everyting and going from the start?
https://“IP”= going to defult apache2 page
http://“IP”= going to webgui
https://“Domain” = going to webgui not secure
http://“Domain” = going to webgui