Cannot access my server properly

Question

So if I try and connect to my server via IP(ipv4) it doesn’t want to connect. My domain is codeandchill.net

The issues are:
1) Cannot connect via IP
2) On chrome I cannot just type codeandchill.net but rather have to type https://codeandchill.net
3) On chrome and mozzila cannot connect via www.codeandchill.net/

This is my DNS https://imgur.com/a/kXC751i

I used the Let’s Encrypt for SSL

And this is my netstat -plunta

netstat -plunta
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      710/systemd-resolve 
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      910/sshd            
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1234/master         
tcp        0    340 178.62.111.79:22        89.216.219.6:51686      ESTABLISHED 13098/sshd: root@pt 
tcp6       0      0 :::3306                 :::*                    LISTEN      1027/mysqld         
tcp6       0      0 :::80                   :::*                    LISTEN      1001/apache2        
tcp6       0      0 :::22                   :::*                    LISTEN      910/sshd            
tcp6       0      0 ::1:25                  :::*                    LISTEN      1234/master         
tcp6       0      0 :::443                  :::*                    LISTEN      1001/apache2        
tcp6       0      0 :::33060                :::*                    LISTEN      1027/mysqld         
tcp6       0  28976 178.62.111.79:443       89.216.219.6:45238      LAST_ACK    -                   
tcp6      25  90576 178.62.111.79:443       89.216.219.6:45116      CLOSE_WAIT  12960/apache2       
tcp6       0      0 178.62.111.79:443       89.216.219.6:45272      TIME_WAIT   -                   
udp        0      0 127.0.0.53:53           0.0.0.0:*                           710/systemd-resolve

I am not too familiar with the web stuff, so basically I just want to access my page like any other, typing the codeandchill.net or www.codeandchill.net or the IP.

Answer 1

KFSys July 27, 2020

Hi @nikolamilovic,

It seems to be that you haven’t properly configured the Apache vhost file for www.codeandchill.net and http://www.codeandchill.net/. Can you please share the vhost file for domain codeandchill.net to see what might be wrong?

If you want to troubleshoot it on your own, this article should provide some initial information that would help you out :

https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-18-04-quickstart

Regards,
KFSys

How To Set Up Apache Virtual Hosts on Ubuntu 18.04 [Quickstart]

by Lisa Tagliaferri

This tutorial will guide you through setting up multiple domains and websites using Apache virtual hosts on an Ubuntu 18.04 server. During this process, you’ll learn how to serve different content to different visitors depending on which domains they are requesting. For a…

Reply Report

nikolamilovic July 28, 2020

I think I haven’t setup any vhost files, I’ve read that its optional. I’ve used the 1-click wordpress setup. And these are the contents of my /var/www.

root@wordpress:/var/www# ls
html  html.old

I have made some progress on my site, I don’t wanna mess up anything, so I prefer not doing it on my own. Any directions on how to not screw anything up would be great! And I already have files and the website to a state where I like it whereas the tutorials seem to create everything from scratch.

Sorry for the disturbance and the late response (GMT+2 here).

Reply Report

KFSys July 30, 2020

Hi @nikolamilovic,

If you’ve used the 1 click install wordpress in order to replicate the issues you are having. Your conf can be found in the following file:

/etc/apache2/sites-enabled/000-default.con

In there do you see anywhere your www.codeandchill.net domain or only the domain without www. In there it should contain both your domain and the www version.

In fact, it should like something like this :


UseCanonicalName On
<VirtualHost *:80>
    ServerAdmin webmaster@localhost

    ServerName test.domain.tech
    ServerAlias www.test.domain.tech 

    DocumentRoot /var/www/html
    <Directory /var/www/html/>
        Options FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    RewriteEngine on
    RewriteCond %{SERVER_NAME} =test.domain.tech [OR]
    RewriteCond %{SERVER_NAME} =www.test.domain.tech 
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Notice how I have bot ServerName and ServerAlias. Please make sure u have both as well

Reply Report

nikolamilovic July 31, 2020

UseCanonicalName On

<VirtualHost *:80>
        ServerAdmin webmaster@localhost

        ServerName codeandchill.net
        ServerAlias www.codeandchill.net

        DocumentRoot /var/www/html

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.codeandchill.net [OR]
RewriteCond %{SERVER_NAME} =codeandchill.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

It seems that it’s all setup properly?

Thank you for your help anyways! It’s not as urgent of a problem just an annoying one.

Reply Report

KFSys July 31, 2020

Hi @nikolamilovic,

This infact seems odd. What about an ssl-conf do you have one in the same folder?

Reply Report

nikolamilovic July 31, 2020

IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost

                DocumentRoot /var/www/html

                # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
                # error, crit, alert, emerg.
                # It is also possible to configure the loglevel for particular
                # modules, e.g.
                #LogLevel info ssl:warn

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                # For most configuration files from conf-available/, which are
                # enabled or disabled at a global level, it is possible to
                # include a line for only one particular virtual host. For example the
                # following line enables the CGI configuration for this host only
                # after it has been globally disabled with "a2disconf".
                #Include conf-available/serve-cgi-bin.conf

                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on

                #   A self-signed (snakeoil) certificate can be created by installing
                #   the ssl-cert package. See
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
                SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
                SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

                #   Server Certificate Chain:
                #   Point SSLCertificateChainFile at a file containing the
                #   concatenation of PEM encoded CA certificates which form the
                #   certificate chain for the server certificate. Alternatively
                #   the referenced file can be the same as SSLCertificateFile
                #   when the CA certificates are directly appended to the server
                #   certificate for convinience.
                #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

                #   Certificate Authority (CA):
                #   Set the CA certificate verification path where to find CA
                #   certificates for client authentication or alternatively one
                #   huge file containing all of them (file must be PEM encoded)
                #   Note: Inside SSLCACertificatePath you need hash symlinks
                #                to point to the certificate files. Use the provided
                #                Makefile to update the hash symlinks after changes.
                #SSLCACertificatePath /etc/ssl/certs/
                #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

                #   Certificate Revocation Lists (CRL):
                #   Set the CA revocation path where to find CA CRLs for client
                #   authentication or alternatively one huge file containing all
                #   of them (file must be PEM encoded)
                #   Note: Inside SSLCARevocationPath you need hash symlinks
                #                to point to the certificate files. Use the provided
                #                Makefile to update the hash symlinks after changes.
                #SSLCARevocationPath /etc/apache2/ssl.crl/
                #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

                #   Client Authentication (Type):
                #   Client certificate verification type and depth.  Types are
                #   none, optional, require and optional_no_ca.  Depth is a
                #   number which specifies how deeply to verify the certificate
                #   issuer chain before deciding the certificate is not valid.
                #SSLVerifyClient require
  #   SSL Engine Options:
                #   Set various options for the SSL engine.
                #   o FakeBasicAuth:
                #        Translate the client X.509 into a Basic Authorisation.  This means that
                #        the standard Auth/DBMAuth methods can be used for access control.  The
                #        user name is the `one line' version of the client's X.509 certificate.
                #        Note that no password is obtained from the user. Every entry in the user
                #        file needs this password: `xxj31ZMTZzkVA'.
                #   o ExportCertData:
                #        This exports two additional environment variables: SSL_CLIENT_CERT and
                #        SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
                #        server (always existing) and the client (only existing when client
                #        authentication is used). This can be used to import the certificates
                #        into CGI scripts.
                #   o StdEnvVars:
                #        This exports the standard SSL/TLS related `SSL_*' environment variables.
                #        Per default this exportation is switched off for performance reasons,
                #        because the extraction step is an expensive operation and is usually
                #        useless for serving static content. So one usually enables the
                #        exportation for CGI and SSI requests only.
                #   o OptRenegotiate:
                #        This enables optimized SSL connection renegotiation handling when SSL
                #        directives are used in per-directory context.
                #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                #   SSL Protocol Adjustments:
                #   The safe and default but still SSL/TLS standard compliant shutdown
                #   approach is that mod_ssl sends the close notify alert but doesn't wait for
                #   the close notify alert from client. When you need a different shutdown
                #   approach you can use one of the following variables:
                #   o ssl-unclean-shutdown:
                #        This forces an unclean shutdown when the connection is closed, i.e. no
                #        SSL close notify alert is send or allowed to received.  This violates
                #        the SSL/TLS standard but is needed for some brain-dead browsers. Use
                #        this when you receive I/O errors because of the standard approach where
                #        mod_ssl sends the close notify alert.
                #   o ssl-accurate-shutdown:
                #        This forces an accurate shutdown when the connection is closed, i.e. a
                #        SSL close notify alert is send and mod_ssl waits for the close notify
                #        alert of the client. This is 100% SSL/TLS standard compliant, but in
                #        practice often causes hanging connections with brain-dead browsers. Use
                #        this only for browsers where you know that their SSL implementation
                #        works correctly.
                #   Notice: Most problems of broken clients are also related to the HTTP
                #   keep-alive facility, so you usually additionally want to disable
                #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
                #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
                #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
                #   "force-response-1.0" for this.
                # BrowserMatch "MSIE [2-6]" \
                #               nokeepalive ssl-unclean-shutdown \
                #               downgrade-1.0 force-response-1.0

        </VirtualHost>
</IfModule>

Just used the basic lets-encrypt that comes along with the installation of the 1-click wordpress

Reply Report

Answer 2

nikolamilovic July 28, 2020

I think I haven’t setup any vhost files, I’ve read that its optional. I’ve used the 1-click wordpress setup. And these are the contents of my /var/www.

root@wordpress:/var/www# ls
html  html.old

I have made some progress on my site, I don’t wanna mess up anything, so I prefer not doing it on my own. Any directions on how to not screw anything up would be great! And I already have files and the website to a state where I like it whereas the tutorials seem to create everything from scratch.

Sorry for the disturbance and the late response (GMT+2 here).

Reply Report

KFSys July 30, 2020

Hi @nikolamilovic,

If you’ve used the 1 click install wordpress in order to replicate the issues you are having. Your conf can be found in the following file:

/etc/apache2/sites-enabled/000-default.con

In there do you see anywhere your www.codeandchill.net domain or only the domain without www. In there it should contain both your domain and the www version.

In fact, it should like something like this :


UseCanonicalName On
<VirtualHost *:80>
    ServerAdmin webmaster@localhost

    ServerName test.domain.tech
    ServerAlias www.test.domain.tech 

    DocumentRoot /var/www/html
    <Directory /var/www/html/>
        Options FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    RewriteEngine on
    RewriteCond %{SERVER_NAME} =test.domain.tech [OR]
    RewriteCond %{SERVER_NAME} =www.test.domain.tech 
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Notice how I have bot ServerName and ServerAlias. Please make sure u have both as well

Reply Report

nikolamilovic July 31, 2020

UseCanonicalName On

<VirtualHost *:80>
        ServerAdmin webmaster@localhost

        ServerName codeandchill.net
        ServerAlias www.codeandchill.net

        DocumentRoot /var/www/html

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.codeandchill.net [OR]
RewriteCond %{SERVER_NAME} =codeandchill.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

It seems that it’s all setup properly?

Thank you for your help anyways! It’s not as urgent of a problem just an annoying one.

Reply Report

KFSys July 31, 2020

Hi @nikolamilovic,

This infact seems odd. What about an ssl-conf do you have one in the same folder?

Reply Report

nikolamilovic July 31, 2020

IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost

                DocumentRoot /var/www/html

                # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
                # error, crit, alert, emerg.
                # It is also possible to configure the loglevel for particular
                # modules, e.g.
                #LogLevel info ssl:warn

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                # For most configuration files from conf-available/, which are
                # enabled or disabled at a global level, it is possible to
                # include a line for only one particular virtual host. For example the
                # following line enables the CGI configuration for this host only
                # after it has been globally disabled with "a2disconf".
                #Include conf-available/serve-cgi-bin.conf

                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on

                #   A self-signed (snakeoil) certificate can be created by installing
                #   the ssl-cert package. See
                #   /usr/share/doc/apache2/README.Debian.gz for more info.
                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
                SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
                SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

                #   Server Certificate Chain:
                #   Point SSLCertificateChainFile at a file containing the
                #   concatenation of PEM encoded CA certificates which form the
                #   certificate chain for the server certificate. Alternatively
                #   the referenced file can be the same as SSLCertificateFile
                #   when the CA certificates are directly appended to the server
                #   certificate for convinience.
                #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

                #   Certificate Authority (CA):
                #   Set the CA certificate verification path where to find CA
                #   certificates for client authentication or alternatively one
                #   huge file containing all of them (file must be PEM encoded)
                #   Note: Inside SSLCACertificatePath you need hash symlinks
                #                to point to the certificate files. Use the provided
                #                Makefile to update the hash symlinks after changes.
                #SSLCACertificatePath /etc/ssl/certs/
                #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

                #   Certificate Revocation Lists (CRL):
                #   Set the CA revocation path where to find CA CRLs for client
                #   authentication or alternatively one huge file containing all
                #   of them (file must be PEM encoded)
                #   Note: Inside SSLCARevocationPath you need hash symlinks
                #                to point to the certificate files. Use the provided
                #                Makefile to update the hash symlinks after changes.
                #SSLCARevocationPath /etc/apache2/ssl.crl/
                #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

                #   Client Authentication (Type):
                #   Client certificate verification type and depth.  Types are
                #   none, optional, require and optional_no_ca.  Depth is a
                #   number which specifies how deeply to verify the certificate
                #   issuer chain before deciding the certificate is not valid.
                #SSLVerifyClient require
  #   SSL Engine Options:
                #   Set various options for the SSL engine.
                #   o FakeBasicAuth:
                #        Translate the client X.509 into a Basic Authorisation.  This means that
                #        the standard Auth/DBMAuth methods can be used for access control.  The
                #        user name is the `one line' version of the client's X.509 certificate.
                #        Note that no password is obtained from the user. Every entry in the user
                #        file needs this password: `xxj31ZMTZzkVA'.
                #   o ExportCertData:
                #        This exports two additional environment variables: SSL_CLIENT_CERT and
                #        SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
                #        server (always existing) and the client (only existing when client
                #        authentication is used). This can be used to import the certificates
                #        into CGI scripts.
                #   o StdEnvVars:
                #        This exports the standard SSL/TLS related `SSL_*' environment variables.
                #        Per default this exportation is switched off for performance reasons,
                #        because the extraction step is an expensive operation and is usually
                #        useless for serving static content. So one usually enables the
                #        exportation for CGI and SSI requests only.
                #   o OptRenegotiate:
                #        This enables optimized SSL connection renegotiation handling when SSL
                #        directives are used in per-directory context.
                #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                #   SSL Protocol Adjustments:
                #   The safe and default but still SSL/TLS standard compliant shutdown
                #   approach is that mod_ssl sends the close notify alert but doesn't wait for
                #   the close notify alert from client. When you need a different shutdown
                #   approach you can use one of the following variables:
                #   o ssl-unclean-shutdown:
                #        This forces an unclean shutdown when the connection is closed, i.e. no
                #        SSL close notify alert is send or allowed to received.  This violates
                #        the SSL/TLS standard but is needed for some brain-dead browsers. Use
                #        this when you receive I/O errors because of the standard approach where
                #        mod_ssl sends the close notify alert.
                #   o ssl-accurate-shutdown:
                #        This forces an accurate shutdown when the connection is closed, i.e. a
                #        SSL close notify alert is send and mod_ssl waits for the close notify
                #        alert of the client. This is 100% SSL/TLS standard compliant, but in
                #        practice often causes hanging connections with brain-dead browsers. Use
                #        this only for browsers where you know that their SSL implementation
                #        works correctly.
                #   Notice: Most problems of broken clients are also related to the HTTP
                #   keep-alive facility, so you usually additionally want to disable
                #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
                #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
                #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
                #   "force-response-1.0" for this.
                # BrowserMatch "MSIE [2-6]" \
                #               nokeepalive ssl-unclean-shutdown \
                #               downgrade-1.0 force-response-1.0

        </VirtualHost>
</IfModule>

Just used the basic lets-encrypt that comes along with the installation of the 1-click wordpress

Reply Report

Answer 3

Taux1c July 31, 2020

I would just run certbot again and tell it to add redirects.

Just type certbot and it should start it then expand certain and then add redirects to https.

If you used https when you set up the domain that would be a Homer Simpson “Doh” moment. You’ll need to edit the /etc/apache2/sites-available/{your file} (if it’s default it may be 000-default.conf) change the domain to just the domain no http or https except in the rewrite section (at the bottom of it exists). It will say RewriteEngine on
Rewrite rule.....etc

Then save and reload apache2

Looks like you probably already have an answer that is considerably better than my answer from mobile but I wanted to put this here just in case you didn’t.

Reply Report

KFSys August 1, 2020

Hi @Taux1c,

Thank you for your suggestions as well! All of them are plausible ways to go. Sometimes, the easiest solutions are the best, meaning, running certbot again.

@nikolamilovic, please give a try what @Taux1c suggested, it may very well solve the issue.

Regards,
KFSys
Reply Report

Answer 4

KFSys August 1, 2020

Hi @Taux1c,

Thank you for your suggestions as well! All of them are plausible ways to go. Sometimes, the easiest solutions are the best, meaning, running certbot again.

@nikolamilovic, please give a try what @Taux1c suggested, it may very well solve the issue.

Regards,
KFSys
Reply Report

Related

Question

Cannot access my server properly

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

Cannot access my server properly

Related

Leave a comment

Related

question

Running a web-based video game on a droplet

question

my site i down please see http://www.cheri3a.com/

question

Can't connect to droplet when using VPN

question

After changing droplet root password databse error coming on wordpress website.

Looking for something else?