My website is not responding after the 1.62 update and then a SSL certification later

zacsm_admin

Verified User
Joined
Jun 14, 2021
Messages
12
Hello,

First of all, I am a noob at this web admin stuff, so please bare with me.
I have a website called theparkinglotpros.ca and it was working fine without an SSL certification and before the recent update.

Today, I decided to update DA and install SSL certification, one after another without testing the update. I have no clue why I thought that was a good idea, but I did it anyways.

Now, my website wont respond at all, I have checked httpd.conf multiple times and it looks good. I have disabled SSL but it wont go away for some reason as whenever I type http://<domain>, it will redirect to https://<domain>. Not that http:// works anyways, anymore.

I was wondering if anyone can help me around diagnosing the issue and hopefully resolve it.

Thank You!
 

splby

Verified User
Joined
May 5, 2009
Messages
35
Hello. You have turned on redirection to https. Turn it off and the site will only work on http. But it's better to install the certificate and fix the site.
 

zacsm_admin

Verified User
Joined
Jun 14, 2021
Messages
12
Thanks for the reply. I have tried both, redirect to https and ssl certificates, neither works though. I am using LetsEncrypt, and I requested it and installed successfully. Anything else I can try?
 

zacsm_admin

Verified User
Joined
Jun 14, 2021
Messages
12
I have turned off redirect, and it still does not respond. I get this error whenever I try to ./build apache

Cannot complete in-place edit of /etc/httpd/conf/extra/httpd-vhosts.conf: failed to rename work file '/etc/httpd/conf/extra/XXZsawfv' to '/etc/httpd/conf/extra/httpd-vhosts.conf': Operation not permitted, <> line 67.
 

zacsm_admin

Verified User
Joined
Jun 14, 2021
Messages
12
Hi again! I have found that in my httpd configuration (attached), the redirect to https is still on even though i have disabled it for my domain, as seen in the screenshot attached.

How else can I get rid of the redirect lines in my httpd configuration file? Please, and Thank You!
 

Attachments

  • httpd_conf_noSSL.txt
    1.3 KB · Views: 7
  • noSSL_noRedirects.png
    noSSL_noRedirects.png
    31.7 KB · Views: 8

zacsm_admin

Verified User
Joined
Jun 14, 2021
Messages
12
Ok, here is the message back from the server:
Checking to ensure /etc/httpd/conf/ssl.crt/server.ca is set.
Using 205.200.247.47 for your server IP
Debug mode. Level 10

PHP has been secured.
Restarting php-fpm73.
Restarting php-fpm74.
Restarting apache.
And still, it shows no changes to httpd configuration files. Do you need to see apache error logs?
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
6,485
Location
Maastricht
If I visit the site you're talking about, I get kind of a default page under construction.
Something from SuiteCRM for CleanSweepManitoba.

Could it be this SuiteCRM is causing the issue, that you have to change or activate something in there to get ssl working correctly?
Also, when installing LetsEncrypt, did you enable the correct SNI settings in directadmin.conf and restarted directadmin?
 

zacsm_admin

Verified User
Joined
Jun 14, 2021
Messages
12
Yes, that's the default page. I have tried another domain without suitecrm, and it still does not work with https/ssl.
This is currently in my directadmin.conf:
add_userdb_quota=1
admin_ssl_check_retries=0
apache_public_html=0
apache_ver=2.0
apacheconf=/etc/httpd/conf/extra/directadmin-vhosts.conf
brute_force_log_scanner=1
carootcert=/usr/local/directadmin/conf/carootcert.pem
check_subdomain_owner=1
cloud_cache=0
default_private_html_link=1
demodocsroot=./data/skins/evolution
dkim=2
dns_ttl=1
docsroot=./data/skins/evolution
dovecot=1
ethernet_dev=eno2
frontpage_on=0
hide_brute_force_notifications=1
http2=1
lan_ip=<local server ip>
letsencrypt=1
litespeed=0
mail_sni=1
mysql_detect_correct_methods=1
nginx=0
nginx_proxy=0
ns1=ns1.cleansweep.tk
ns2=ns2.cleansweep.tk
openlitespeed=0
php_fpm_max_children_default=10
pointers_own_virtualhost=1
pureftp=1
quota_partition=/
secure_access_group=access
servername=panel.cleansweep.tk
ssl=1
system_user_to_virtual_passwd=1
unified_ftp_password_file=1
webmail_link=roundcube
zip=1
 

zacsm_admin

Verified User
Joined
Jun 14, 2021
Messages
12
Just to update here, I finally got the HTTP working with time. I am not sure what fixed it. I just have force redirect https off for now.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
6,485
Location
Maastricht
Well... I'm not sure if it's really fixed. You should be able to have force https working. At this moment when I try to visit it says "server not found".

I'm missing a lot in your directadmin.conf too:
enable_ssl_sni=1
and things like:
ssl_redirect_host=panel.cleansweep.tk apachekey=/etc/httpd/conf/ssl.key/server.key apachecert=/etc/httpd/conf/ssl.crt/server.crt
So I think the installation of Letsencrypt did not go as it should have been. Unless some of these are default nowadays.

I forgot one, missing this one too:
ssl_cipher=HIGH:!aNULL:!MD5
maybe also default nowadays.
 

zacsm_admin

Verified User
Joined
Jun 14, 2021
Messages
12
I have added them to the directadmin.conf then ran ./build update then ./build rewrite_confs. But I still cant get https to work properly.

Here is the updated file config:
add_userdb_quota=1
admin_ssl_check_retries=0
apache_public_html=0
apache_ver=2.0
apacheconf=/etc/httpd/conf/extra/directadmin-vhosts.conf
brute_force_log_scanner=1
carootcert=/usr/local/directadmin/conf/carootcert.pem
check_subdomain_owner=1
cloud_cache=0
default_private_html_link=1
demodocsroot=./data/skins/evolution
dkim=2
dns_ttl=1
docsroot=./data/skins/evolution
dovecot=1
ethernet_dev=eno2
frontpage_on=0
hide_brute_force_notifications=1
http2=0
lan_ip=<local server IP>
letsencrypt=1
litespeed=0
mail_sni=1
mysql_detect_correct_methods=1
nginx=0
nginx_proxy=0
ns1=ns1.cleansweep.tk
ns2=ns2.cleansweep.tk
openlitespeed=0
php_fpm_max_children_default=10
pointers_own_virtualhost=1
pureftp=1
quota_partition=/
secure_access_group=access
servername=panel.cleansweep.tk
ssl=1
system_user_to_virtual_passwd=1
unified_ftp_password_file=1
webmail_link=roundcube
zip=1
enable_ssl_sni=1
ssl_redirect_host=panel.cleansweep.tk
apachekey=/etc/httpd/conf/ssl.key/server.key
apachecert=/etc/httpd/conf/ssl.crt/server.crt
ssl_cipher=HIGH:!aNULL:!MD5
 

yonatanp

Verified User
Joined
Aug 25, 2006
Messages
64
Location
Israel
you do not need to edit ANY httpd config file manually in order to get SSL working for a website.

before you try anything else, reset your configuration as root
Code:
cd /usr/local/directadmin/custombuild;./build rewrite_confs

then, login to your directadmin, user level.
make sure your domain has "Secure SSL" set in domain setup.
once confirmed, it is checked
create your own certificate from the account manager - ssl certificates
select "Create your own self signed certificate"
input your details, and save.
once you get your site to work with a self signed cert ( you will have to accept security check in the browser ),
you can be sure the SSL function is working correctly on your server.

next setup would be to install a valid certificate, either using the free automatic one, or buy a certificate from a vendor and paste it in the control panel.
 

zacsm_admin

Verified User
Joined
Jun 14, 2021
Messages
12
I just did as you suggested but still not working. Here is something interesting that I just found:

When I run build lego from directadmin->custombuild, then I get the pop-up saying it was successful as seen in the attached picture.

However, when I go inside my custombuild folder, I don't see the dnsproviders.json file, shouldnt it be there?
 

Attachments

  • build_lego.png
    build_lego.png
    23.5 KB · Views: 4

yonatanp

Verified User
Joined
Aug 25, 2006
Messages
64
Location
Israel
the installer cleans up the folder when completed.

for your ssl, since i can't tell whats going on there, I would suggest to rebuild everything
Code:
./build all
 

yonatanp

Verified User
Joined
Aug 25, 2006
Messages
64
Location
Israel
something is broken with your configuration, for some reason your apache is not serving correctly the https protocol.

but it wont be possible to fix such a thing without looking at the actual server files to understand what happened.
i don't expect you to know what to look for, but to resolve this, you will have to look at all your httpd configuration files, and make sure they are configured correctly in regards to SSL.

considering that you said you are a newbie.
I guess the fastest solution would be to backup the site data, reformat install a clean OS and install a fresh DA.
out of the box, it works.

I can confirm the latest version works great out of the box with SSL , just migrated a new client yesterday to a fresh VPS.
 

zacsm_admin

Verified User
Joined
Jun 14, 2021
Messages
12
So, I have reinstalled DA from scratch on a new OS. Self-Signed certificate worked. So thank you!
Now, I have Lets Encrypt enabled for the site: theparkinglotpros.ca with https redirect allowed.

Screenshot 2021-06-25 103348.png
I am checking with sslshopper and I still get that Certificate is self-signed. Is that true with LetsEncrypt enabled? Should I wait a day or something for it to change?

Again Thank You!
 

zacsm_admin

Verified User
Joined
Jun 14, 2021
Messages
12
Thank You so much! I had to delete the old certs file from the domain, and fixed my DNS settings. Now, lets encrypt is working as it should.
 
Top