After creating user: Only https and www links do work

[zakazak]

Hello everyone,

my domains are bought at "do.de" and each of them has the following DNS entries:

*	TTL 15min	A	Prio 0	Server IP
mail	TTL 15min	A	Prio 0	Server IP
domainname.eu	TTL 15min	A	Prio 0	Server IP
www	TTL 15min	A	Prio 0	Server IP
domainname.eu	TTL 15min	AAAA	Prio 0	Server IP (IPv6)
domainname.eu	TTL 15min	MX	Prio 10	Server IP
domainname.eu	TTL 15min	TXT	Prio 0	Server IP
x._domainkey	TTL 15min	TXT	Prio 0	Server IP

Yesterday I created a new user and added his new domain.
For that domain all links work fine (e.g. domain.com, www.domain.com http://domain.com) and redirect to the https version of the website.

However, all my old (pre-existing) domains suddenly stopped working.
Now only "www.domain.com" and "https://www.domain.com" as well as "https://domain.com" will work.
Entering "domain.com" or "http://domain.com" will not redirect to https and instead give "Apache ins functioning normally".

Any ideas what to do?

 

[zEitEr]

Hello,

You might need to link your IPv6 to IPv4 in DirectAdmin at admin level as mentioned here: https://www.directadmin.com/features.php?id=1377

 

[zakazak]

Hmm I will give it a try, but it worked for several months now without doing so.

Anyway, I went into Admin -> Server Manager -> IP Management
It shows my IPv4 but when clicking on it it has no linked IP and I can't add anything anywhere.
In "IP Management" I can click on "Add IP" but it only allows me to enter an IPv4 and not IPv6.

Edit:
In IP Management -> Devices -> enp2s0 has my IPv6 IP but it is "inactive".
No idea how to activate it?

 

[zEitEr]

I've seen IPv6 in your table, so my guess is that some requests from you use IPv6 and some IPv4. If IPv6 exists in DNS but is missing in web-server settings, then that might be the root cause of the issue.

If you intend to use IPv6 on your server, then it should be configured properly. If you don't, then you should remove it from DNS.

 

[zakazak]

Your statement makes sense.

Stupidly I can't remember why exactly I added the IPv6 address do my domain providers DNS entries but I remember that I had some problem and this fixed the issue. Other than that I do not want to use IPv6.

I guess I will start removing the IPv6 DNS entries from my domain provider and see if any troubles come back.

 

[zakazak]

I still do not understand why some domains work though, some don't, and after all until latey they all worked.
The domains that do not work basically get an "untrusted connection" notification by firefox, then I enable HTTPS-Only mode, then I get "Secure site not available", then I suddenly land on the https version.

Edit:

Oh wait, maybe something is wrong with my .htaccess file

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

 

[zEitEr]

If you need us to check your domains, then we will need a list of them. Alternatively you might check them by yourself using the following tools:

- https://intodns.com/
- https://dnsinspect.com
- https://dnschecker.org
- https://zonemaster.iis.se/

 

[zakazak]

If you need us to check your domains, then we will need a list of them. Alternatively you might check them by yourself using the following tools:

- https://intodns.com/
- https://dnsinspect.com
- https://dnschecker.org
- https://zonemaster.iis.se/

Oh yes ofcourse. Here are two examples.
I ran a check but it seems like everything is green and okay.

Not fully working: bestmail.ws
Fully working: mg-mma.at

 

[zEitEr]

The solution has been already provided, these tests proved my guess:

# host bestmail.ws
bestmail.ws has address 148.251.84.232
bestmail.ws has IPv6 address 2a01:4f8:202:54e7::2
bestmail.ws mail is handled by 10 s1.bestmail.ws.

# host www.bestmail.ws
www.bestmail.ws has address 148.251.84.232

- Requests to IPv6

# curl -I -6 https://bestmail.ws
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.

# curl -I -6 http://bestmail.ws
HTTP/1.1 200 OK
Date: Tue, 15 Nov 2022 09:56:50 GMT
Server: Apache/2
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Fri, 10 Jun 2022 11:46:30 GMT
ETag: "2c-5e1167d479f4f"
Accept-Ranges: bytes
Content-Length: 44
Vary: User-Agent
Content-Type: text/html

- Requests to IPv4:

# curl -I -4 https://bestmail.ws
HTTP/1.1 301 Moved Permanently
Date: Tue, 15 Nov 2022 09:57:10 GMT
Server: Apache/2
Location: http://www.bestmail.ws/
Content-Type: text/html; charset=iso-8859-1

# curl -I -4 https://www.bestmail.ws
HTTP/1.1 200 OK
Date: Tue, 15 Nov 2022 09:57:16 GMT
Server: Apache/2
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Sun, 29 Jan 2012 01:00:00 GMT
ETag: "3576-4b7a03fcea400"
Accept-Ranges: bytes
Content-Length: 13686
Vary: Accept-Encoding,User-Agent
Content-Type: text/html

An interface on your server has IPv6 configured, but it is missing in DirectAdmin and Apache.

 

[zakazak]

The solution has been already provided, these tests proved my guess:

# host bestmail.ws
bestmail.ws has address 148.251.84.232
bestmail.ws has IPv6 address 2a01:4f8:202:54e7::2
bestmail.ws mail is handled by 10 s1.bestmail.ws.

# host www.bestmail.ws
www.bestmail.ws has address 148.251.84.232

- Requests to IPv6

# curl -I -6 https://bestmail.ws
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.

# curl -I -6 http://bestmail.ws
HTTP/1.1 200 OK
Date: Tue, 15 Nov 2022 09:56:50 GMT
Server: Apache/2
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Fri, 10 Jun 2022 11:46:30 GMT
ETag: "2c-5e1167d479f4f"
Accept-Ranges: bytes
Content-Length: 44
Vary: User-Agent
Content-Type: text/html

- Requests to IPv4:

# curl -I -4 https://bestmail.ws
HTTP/1.1 301 Moved Permanently
Date: Tue, 15 Nov 2022 09:57:10 GMT
Server: Apache/2
Location: http://www.bestmail.ws/
Content-Type: text/html; charset=iso-8859-1

# curl -I -4 https://www.bestmail.ws
HTTP/1.1 200 OK
Date: Tue, 15 Nov 2022 09:57:16 GMT
Server: Apache/2
Upgrade: h2,h2c
Connection: Upgrade
Last-Modified: Sun, 29 Jan 2012 01:00:00 GMT
ETag: "3576-4b7a03fcea400"
Accept-Ranges: bytes
Content-Length: 13686
Vary: Accept-Encoding,User-Agent
Content-Type: text/html

An interface on your server has IPv6 configured, but it is missing in DirectAdmin and Apache.

How ever, I can't add an IPv6 in the IP Manager. It only allows me to enter IPv4 adresses.
So I guess I first have to enable that option in directadmin?

/usr/local/directadmin/directadmin set ipv6 1 restart
/usr/local/directadmin/dataskq d

Then add IPv6, then link it to the IPv4.

That will simply link my IPv6 to my IPv4 and then all the magic should happen as everything that goes to IPv6 will be be redirected to IPv4?

@edit: I now remember that I had to add the IPv6 IP on my root servers provider webinterface due to some connectivity troubles back then. So I definitely need to keep it enabled.

 

[zEitEr]

Yes, the steps you've mentioned should do all the required. There won't be redirection from IPv6 to IPv4, at least on DirectAdmin server's side though.

 

[zakazak]

Yes, the steps you've mentioned should do all the required. There won't be redirection from IPv6 to IPv4, at least on DirectAdmin server's side though.

Thank you a lot, you were a life saver! It is not working just fine.

I also figured out why I added the IPv6 to my DNS in the first place:
It was due to gmail dropping my mails because of a "missing IPv6 PTR" Error.
Other than that, I didn't have any use for IPv6 and it also is still disabled in all other service e.g. exim.