httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jens-U. Mozdzen" <jmozd...@nde.ag>
Subject Re: [users@httpd] Problem setting up ssl
Date Tue, 14 Aug 2018 10:59:43 GMT
Hi,

Zitat von Mahmood Naderan <nt_mahmood@yahoo.com.invalid>:
>> what's in the logs of your httpd server? Any errors reported during 
>> httpd startup and/or your accesses?
>
> When I restart apache2 service, I see these lines in the syslog
> Aug 13 22:19:36 webshub systemd[1]: Stopping The Apache HTTP Server...
> Aug 13 22:19:36 webshub apachectl[20543]: AH00558: apache2: Could  
> not reliably determine the server's fully qualified domain name,  
> using 127.0.1.1. Set the 'ServerName' directive globally to suppress  
> this message
> Aug 13 22:19:37 webshub systemd[1]: Stopped The Apache HTTP Server.
> Aug 13 22:19:37 webshub systemd[1]: Starting The Apache HTTP Server...
> Aug 13 22:19:37 webshub apachectl[20554]: AH00558: apache2: Could  
> not reliably determine the server's fully qualified domain name,  
> using 127.0.1.1. Set the 'ServerName' directive globally to suppress  
> this message
> Aug 13 22:19:37 webshub systemd[1]: Started The Apache HTTP Server.

nothing that points to the root cause, then. OTOH, seems to be some  
special setup, defaulting to an address from the loopback network  
(127.0.1.1).

> However, apache/error.log and apache/access.log show nothing when I  
> enter the IP address in the browser.

As you seem to receive some resources via HTTP, the request should get  
logged somewhere.

>> Another guess: what do you see in the browser if you try to access 
>> http://w.x.y.z:443 (so actually trying to access your "SSL site" via 
>> regular HTTP)? I believe to remember having seen that error when the 
>> server spat out regular HTTP.
>
>
> http://w.x.y.z:443 works. I mean I can see the page. However it is  
> not https.https://w.x.y.z:443 says the same error as before.

So your server (on port 443) is handing out http, not https. Seems to  
be some configuration issue then. The browser error (when using  
https://...) is just telling you "cannot interpret the server output  
as SSL/TLS traffic".

As one more step of diagnosis, you might want to ask httpd for it's  
current (v)host setup (see "-S" option) and in your place, I'd try to  
find out where the accesses actually end up - there should be some  
logging somewhere. Another test would be to change the content of your  
html page (the one you believe to receive when reuqesting  
http://w.x.y.z:443) and double-check that the browser then receives  
the modified version. Because:

Might it be that the request ends up in a totally different  
server/httpd process? You always tell you're accessing "w.x.y.z" and  
said "the server's page is reachble by an IP address", so I understand  
you're not using a host name, but IP address to connect. w.x.y.z reads  
like an IPv4 address, while your earlier report of open ports just  
gave an IPv6 port open for listening:

root@webshub:~# netstat -tulpn | grep 443
tcp6       0      0 :::443                  :::*                     
LISTEN      14709/apache2

So there might be a chance your browser's requests doesn't even end up  
in *your* server.

Regards,
J


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message