Hi. I'm getting this error on all sites. I've looked at the configuration files and don't see anything obvious wrong. Any thoughts on where to start troubleshooting? If i access the sites using http everything seems to work. I'm using let'sencrypt and that is set up correctly as far as i can tell. All the certs downloaded to /etc/letsencrypt/live/ I did a lot of research online about this but can't seem to find a solution that works. I'll be happy to post config files but need to know which ones are relevant to this. The problem seemed to start when i added a third site and had some issues making it work. It was incorrectly redirecting and i had to remove it and add it manually again. Where do i start looking for the problem and what do i look for? Please help. Thanks.
The error means that you access a site that does not support SSL by https. Ensure that you do not mix * and an IP address in the IPv4 field on the server, either use * for all sites or the IP address, this applies to any manually written vhosts as well. Adding a site manually might override the sites managed by ispconfig so it is possible that your manual site is catching the ssl requests of other sites now, try to remove your manually added site from apache config and restart apache to see if it works then.
Hi. Thanks for the reply. First of all, there was a little misunderstanding here. I did not add the site manually, I added it from the control panel. After adding it i was having some trouble with the site not being directed to the correct home page if loading via ssl. If not loading via ssl, it worked fine. I'm embarrassed to say that i'm having a little trouble reconstructing the troubleshooting steps i took to correct that but at some point all the rest of the sites broke with the current error. I just checked all the vhost files and everything is set to *:443 As you asked for i deleted the site from the control panel and manually restarted apache with the command "service apache2 restart" Still no luck. Anything else i can look at?
and the contents of /etc/apache2/sites-enabled/000-default.conf Hi again. This is an experimental server so i decided to do the following. 1, deleted all sites of which there were 3. 2, manually restarted apache The problem still exists with a couple of new rinkles. It seems that there is a force ssl redirect somewhere because if i try loading as http it redirects to https. The ispconfig control panel is completely unaffected, it still works fine loading as https://example.com:8080 Following is server information and some of the conf files. Os, debian 8 jesse web server, apache dns, handled by the domain registrar ispconfig, 3.1 Following is my ports.conf file. GNU nano 2.2.6 File: ports.conf # If you just change the port or add more ports here, you will likely also # have to change the VirtualHost statement in # /etc/apache2/sites-enabled/000-default.conf Listen 80 <IfModule ssl_module> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet # NameVirtualHost *:80 # NameVirtualHost *:443 And the contents of /etc/apache2/sites-enable/000-default.conf are as follows GNU nano 2.2.6 File: /etc/apache2/sites-enabled/000-default.conf <VirtualHost *:80> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf RewriteEngine on RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet I'm a little suspicious of the rewrite rule in 000-default but don't know apache well enough to be sure. Please help
The 000-default file is not from ispconfig, it's the default vhost of the operating system. ISPConfig is not configuring or altering that file.
Hi. Thanks for pointing me in the right direction. I finally figured out the issue. The 000-default-le-ssl.conf file had it's ssl cert settings wiped out somehow. Putting those back in fixed the issue. What's the best way to test the server for which ssl protocols it works on and which ciphers it's using? Thanks.
