Discussion in 'Installation/Configuration' started by JustAnotherUser, Oct 26, 2016.

  1. JustAnotherUser

    JustAnotherUser New Member

    I'm getting this error on all sites. I've looked at the configuration files and don't see anything obvious wrong. Any thoughts on where to start troubleshooting?
    If i access the sites using http everything seems to work.
    I'm using let'sencrypt and that is set up correctly as far as i can tell. All the certs downloaded to /etc/letsencrypt/live/
    I did a lot of research online about this but can't seem to find a solution that works. I'll be happy to post config files but need to know which ones are relevant to this.
    The problem seemed to start when i added a third site and had some issues making it work.
    It was incorrectly redirecting and i had to remove it and add it manually again.
    Where do i start looking for the problem and what do i look for?

    Please help.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The error means that you access a site that does not support SSL by https. Ensure that you do not mix * and an IP address in the IPv4 field on the server, either use * for all sites or the IP address, this applies to any manually written vhosts as well. Adding a site manually might override the sites managed by ispconfig so it is possible that your manual site is catching the ssl requests of other sites now, try to remove your manually added site from apache config and restart apache to see if it works then.
  3. JustAnotherUser

    JustAnotherUser New Member

    Thanks for the reply.
    First of all, there was a little misunderstanding here.
    I did not add the site manually, I added it from the control panel. After adding it i was having some trouble with the site not being directed to the correct home page if loading via ssl. If not loading via ssl, it worked fine.
    I'm embarrassed to say that i'm having a little trouble reconstructing the troubleshooting steps i took to correct that but at some point all the rest of the sites broke with the current error.
    I just checked all the vhost files and everything is set to *:443
    As you asked for i deleted the site from the control panel and manually restarted apache with the command "service apache2 restart" Still no luck.
    Anything else i can look at?
  4. JustAnotherUser

    JustAnotherUser New Member

    and the contents of /etc/apache2/sites-enabled/000-default.conf
    Hi again.

    This is an experimental server so i decided to do the following.

    1, deleted all sites of which there were 3.

    2, manually restarted apache

    The problem still exists with a couple of new rinkles.

    It seems that there is a force ssl redirect somewhere because if i try loading as http it redirects to https.

    The ispconfig control panel is completely unaffected, it still works fine loading as

    Following is server information and some of the conf files.

    Os, debian 8 jesse

    web server, apache

    dns, handled by the domain registrar

    ispconfig, 3.1

    Following is my ports.conf file.

    GNU nano 2.2.6 File: ports.conf

    # If you just change the port or add more ports here, you will likely also

    # have to change the VirtualHost statement in

    # /etc/apache2/sites-enabled/000-default.conf

    Listen 80

    <IfModule ssl_module>

    Listen 443


    <IfModule mod_gnutls.c>

    Listen 443


    # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

    # NameVirtualHost *:80

    # NameVirtualHost *:443

    And the contents of /etc/apache2/sites-enable/000-default.conf are as follows

    GNU nano 2.2.6 File: /etc/apache2/sites-enabled/000-default.conf

    <VirtualHost *:80>

    # The ServerName directive sets the request scheme, hostname and port that

    # the server uses to identify itself. This is used when creating

    # redirection URLs. In the context of virtual hosts, the ServerName

    # specifies what hostname must appear in the request's Host: header to

    # match this virtual host. For the default virtual host (this file) this

    # value is not decisive as it is used as a last resort host regardless.

    # However, you must set it for any further virtual host explicitly.


    ServerAdmin [email protected]

    DocumentRoot /var/www/html

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,

    # error, crit, alert, emerg.

    # It is also possible to configure the loglevel for particular

    # modules, e.g.

    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log

    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are

    # enabled or disabled at a global level, it is possible to

    # include a line for only one particular virtual host. For example the

    # following line enables the CGI configuration for this host only

    # after it has been globally disabled with "a2disconf".

    #Include conf-available/serve-cgi-bin.conf

    RewriteEngine on

    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]


    # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

    I'm a little suspicious of the rewrite rule in 000-default but don't know apache well enough to be sure.
    Please help
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    The 000-default file is not from ispconfig, it's the default vhost of the operating system. ISPConfig is not configuring or altering that file.
  6. JustAnotherUser

    JustAnotherUser New Member

    Thanks for pointing me in the right direction. I finally figured out the issue.
    The 000-default-le-ssl.conf file had it's ssl cert settings wiped out somehow.
    Putting those back in fixed the issue.
    What's the best way to test the server for which ssl protocols it works on and which ciphers it's using?

  7. till

    till Super Moderator Staff Member ISPConfig Developer

Share This Page