so i'm running into a very funny, frustrating, and odd issue.
I have a RackSpace webserver running a webiste. Lets calls it dummy.com
.
http://dummy.com
is accessible on port 80
no problem. But accessing https://dummy.com
gives me a This site can't be reached
error on Chrome and similar on FireFox.
But what is confusing is that https://1.11.111.1111
works (meaning if i access the site via its IP i'm able to access it)
this is the VirtualHost
config I'm using:
<VirtualHost *:80>
ServerName dummy.com
ServerAlias www.dummy.com
DocumentRoot /var/www/vhosts/www.dummy.com
<Directory /var/www/vhosts/www.dummy.com>
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride All
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName dummy.com
ServerAlias www.dummy.com
DocumentRoot /var/www/vhosts/www.dummy.com
<Directory /var/www/vhosts/www.dummy.com>
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride All
</Directory>
...
SSLEngine on
SSLCertificateFile /var/www/ssl/DUMMY.COM.crt
SSLCertificateKeyFile /var/www/ssl/dummy_com.key
SSLCertificateChainFile /var/www/ssl/ov_chain.txt
</VirtualHost>
I had a thought that maybe the domain isn't being picked up on port 443
but that would be true for port 80
on this config.
So another question, because this is a server hosted on RackSpace
is there a firewall setting in the manager that would be the cause of this issue? I'm stumped on this =(
oh, also this is the netstat -tnlp
snippet
tcp6 0 0 :::25 :::* LISTEN 1670/master
tcp6 0 0 :::443 :::* LISTEN 9013/apache2
and ss -tnlp | grep :80
LISTEN 0 128 :::80 :::* users:(("apache2",9025,4),("apache2",9020,4),("apache2",9019,4),("apache2",9018,4),("apache2",9017,4),("apache2",9016,4),("apache2",9013,4))
ss -tnlp | grep :443
LISTEN 0 128 :::443 :::* users:(("apache2",9025,6),("apache2",9020,6),("apache2",9019,6),("apache2",9018,6),("apache2",9017,6),("apache2",9016,6),("apache2",9013,6))
edit: here is the apache logs when the server starts:
[Sun Oct 07 11:09:12.646647 2018] [ssl:info] [pid 10085] AH02200: Loading certificate & private key of SSL-aware server 'dummy.com:443'
[Sun Oct 07 11:09:12.647104 2018] [ssl:debug] [pid 10085] ssl_engine_pphrase.c(506): AH02249: unencrypted RSA private key - pass phrase not required
[Sun Oct 07 11:09:12.647176 2018] [ssl:info] [pid 10085] AH01914: Configuring server dummy.com:443 for SSL protocol
[Sun Oct 07 11:09:12.647722 2018] [ssl:debug] [pid 10085] ssl_engine_init.c(791): AH01904: Configuring server certificate chain (3 CA certificates)
[Sun Oct 07 11:09:12.647742 2018] [ssl:debug] [pid 10085] ssl_engine_init.c(328): AH01893: Configuring TLS extension handling
[Sun Oct 07 11:09:12.647750 2018] [ssl:debug] [pid 10085] ssl_engine_init.c(838): AH02232: Configuring RSA server certificate
[Sun Oct 07 11:09:12.647952 2018] [ssl:debug] [pid 10085] ssl_util_ssl.c(407): AH02412: [dummy.com:443] Cert matches for name 'dummy.com' [subject: CN=dummy.com,OU=Secure Link SSL,OU=IT,O=Dummy Corp,street=123 Happy Ave,L=Some City,ST=XX,postalCode=12345,C=US / issuer: CN=Network Solutions OV Server CA 2,O=Network Solutions L.L.C.,L=Herndon,ST=VA,C=US / serial: 501C094D916AE8257C96F3C794F0A10B / notbefore: Oct 6 00:00:00 2018 GMT / notafter: Sep 28 23:59:59 2020 GMT]
[Sun Oct 07 11:09:12.647988 2018] [ssl:debug] [pid 10085] ssl_engine_init.c(893): AH02236: Configuring RSA server private key
[Sun Oct 07 11:09:12.682709 2018] [ssl:info] [pid 10086] AH02200: Loading certificate & private key of SSL-aware server 'dummy.com:443'
[Sun Oct 07 11:09:12.683385 2018] [ssl:debug] [pid 10086] ssl_engine_pphrase.c(506): AH02249: unencrypted RSA private key - pass phrase not required
[Sun Oct 07 11:09:12.683569 2018] [ssl:info] [pid 10086] AH01914: Configuring server dummy.com:443 for SSL protocol
[Sun Oct 07 11:09:12.684012 2018] [ssl:debug] [pid 10086] ssl_engine_init.c(791): AH01904: Configuring server certificate chain (3 CA certificates)
[Sun Oct 07 11:09:12.684085 2018] [ssl:debug] [pid 10086] ssl_engine_init.c(328): AH01893: Configuring TLS extension handling
[Sun Oct 07 11:09:12.684149 2018] [ssl:debug] [pid 10086] ssl_engine_init.c(838): AH02232: Configuring RSA server certificate
[Sun Oct 07 11:09:12.684333 2018] [ssl:debug] [pid 10086] ssl_util_ssl.c(407): AH02412: [dummy.com:443] Cert matches for name 'dummy.com' [subject: CN=dummy.com,OU=Secure Link SSL,OU=IT,O=Dummy Corp,street=123 Happy Ave,L=Some City,ST=XX,postalCode=12345,C=US / issuer: CN=Network Solutions OV Server CA 2,O=Network Solutions L.L.C.,L=Herndon,ST=VA,C=US / serial: 501C094D916AE8257C96F3C794F0A10B / notbefore: Oct 6 00:00:00 2018 GMT / notafter: Sep 28 23:59:59 2020 GMT]
[Sun Oct 07 11:09:12.684392 2018] [ssl:debug] [pid 10086] ssl_engine_init.c(893): AH02236: Configuring RSA server private key
thanks guys
Best Answer
There is a concept of so called Security Groups in Rackspace.
Login to Rackspace console, click on your server and scroll down to "Network and Security groups".
Another possibility is firewall on your host (
iptables -L
assuming it's one of the RedHat derivatives). You can test if port 443 is open from outside with nmap or nc, you obviously need to be on remote host for it so you can see if you can establish TCP session towards port 443.