Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: [Solved]No https connection possible from outside my LAN |
|
| Author |
|
Luxed
Joined: 15 May 2017
Posts: 3
|
 Posted: Mon 15 May '17 20:12 Post subject: [Solved]No https connection possible from outside my LAN |
 |
|
EDIT: Read the answers to find out what was causing the problem. In short my ISP is doing something on port 443 with their router/modem, I can't do anything about it, so I use another port.
Hey everyone,
I am trying to configure my Apache 2 site ( version 2.4.18 ) to have a secured connection, my server is in my house and it is running Ubuntu Server 16.04.
I use the Certbot program to get my certificates. I know they work because I can connect locally (from another computer on my network) to my server and the connection is secured.
This is my VirtualHost config:
| Code: | <VirtualHost *:80>
ServerName corentinbrunel.ca
DocumentRoot /home/ftp
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin devildead13@gmail.com
ServerName corentinbrunel.ca
ServerAlias www.corentinbrunel.ca
DocumentRoot /home/ftp
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateKeyFile /etc/letsencrypt/live/corentinbrunel.ca/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/corentinbrunel.ca/fullchain.pem
SSLEngine on
SSLProtocol all -SSLv3 -TLSv1
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
SSLOptions +StrictRequire
SSLVerifyClient none
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
|
I have tried this command to see if my ssl certificate is alright:
When I do it locally, no problem.
But when I do it outside of my network:
| Code: | CONNECTED(00000003)
140191931301760:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:252:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 176 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1494871258
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
|
And I don't understand what's going on.
Yes I can join my server and go on my website with http, my ssh is working, my ftps is working, my ports are open (80 for http and 443 for https), http://www.yougetsignal.com/tools/open-ports/ this site says that my port 443 is open, but yet, it doesn't work.
I need help for this problem, I hope I gave enough informations, if not, I will give you what you need.
Last edited by Luxed on Tue 16 May '17 6:11; edited 1 time in total |
|
| Back to top |
|
Luxed
Joined: 15 May 2017
Posts: 3
|
| Posted: Tue 16 May '17 1:47 Post subject: Solution? |
|
|
The solution I found is to change the port to 444.
It works, but isn't what I want, I don't want to see a port.
Can my ISP be the one blocking the 443 port ? |
|
| Back to top |
|
glsmith
Moderator
Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA
|
| Posted: Tue 16 May '17 5:43 Post subject: |
|
|
error log say anything about your attempts to connect
if not, it may be getting intercepted by your isp which seems odd if 80 is open.
Shaw? I've seen folks on Shaw having this problem.
http://www.corentinbrunel.ca:443 gives a 404, meaning whatever server is answering port 443 it's answering with http not https.
Are there any other vhosts for 443 w/o SSLEngine On set in them?
Try forcing 443 to https:
Listen 443 https
Have also seen folks claiming this worked for them
| Quote: | The solution for me was that default-ssl was not enabled in apache 2.... just putting SSLEngine On
I had to execute a2ensite default-ssl and everything worked. |
It's a tough one to debug for sure. |
|
| Back to top |
|
Luxed
Joined: 15 May 2017
Posts: 3
|
| Posted: Tue 16 May '17 6:10 Post subject: |
|
|
As I said in my response earlier, I actually found the problem.
Upon further investigation, it seems like my Router/Modem is listening on that port, because no forward to port 443 is present now, so nothing should be listening, yet something IS listening on that port. What ? I don't know.
My quick and dirty solution is to redirect everything from port 80 (http) to https port 444 like this:
| Code: | | Redirect permanent / https://www.corentinbrunel.ca:444/ |
My website is now working almost as intended, unfortunately, Bell is doing something with their router on port 443 and I can't do anything about it (no, I cannot change my router :/)
| Quote: | The solution for me was that default-ssl was not enabled in apache 2.... just putting SSLEngine On
I had to execute a2ensite default-ssl and everything worked. |
I tried this. It was the first thing I did, but it worked on my LAN, just not outside, I knew it wasn't my config but something else. |
|
| Back to top |
|
williamj12
Joined: 04 Sep 2019
Posts: 1
Location: USA
|
| Posted: Wed 04 Sep '19 9:47 Post subject: |
|
|
| This issue may be related to firmware update, updating the firmware generally resolves such kind of issues if you are using netgear or similar routers, proper reconfiguration after the update is important at the same time. |
|
| Back to top |
|
|
|
|
|
|
