Letsencrypt SSL HTTPS

[gbrn]

@DanielnetoDotCom I'm opening this new inssue, but the problem is similar to the one already dealt with in #6557 .

With the exchange of the shared server for a new VPS, I am doing all the installations and configurations myself. The AVideo platform is working normally... but I had to enable SSL... Follow Digitalocean's tutorial for installing: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-22-04

I used CERTBOT to automate the installation in APACHE. My virtual host looks like this:

<VirtualHost *:80>
    DocumentRoot /var/www/html/AVideo
    ServerName cnetv.com.br
    ServerAlias www.cnetv.com.br cinetv.com.br www.cinetv.com.br
    ServerAdmin webmaster@localhost
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.cnetv.com.br [OR]
RewriteCond %{SERVER_NAME} =cinetv.com.br [OR]
RewriteCond %{SERVER_NAME} =cnetv.com.br [OR]
RewriteCond %{SERVER_NAME} =www.cinetv.com.br
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
    DocumentRoot /var/www/html/AVideo
    ServerName cnetv.com.br
    ServerAlias www.cnetv.com.br cinetv.com.br www.cinetv.com.br
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/cnetv.com.br/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cnetv.com.br/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<Directory "/var/www/html/AVideo/">
    Options Indexes FollowSymLinks
    XSendFile on
    XSendFilePath /var/www/html/AVideo/
    AllowOverride All
    Require all granted
    Order Allow,Deny
    Allow from All
</Directory>

After configuration, the platform entered a redirection loop: ERR_TOO_MANY_REDIRECTS

Check the following line that causes this looping redirection: RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

I don't know if this line is incorrect... or this CERTBOT configuration conflicts with another that is already written in some file of the AVIDEO platform.

I checked that there are already some lines about SSL https in the .htaccess file:

<IfModule mod_rewrite.c>
    RewriteCond %{HTTPS} =on
    RewriteRule ^(.*)$ - [env=proto:https]
    RewriteCond %{HTTPS} !=on
    RewriteRule ^(.*)$ - [env=proto:http]

    RewriteEngine on

I did a test commenting these lines in the file, but nothing changed... I don't know how much these lines are working for me or disturbing ...

I disabled Cloudflare services, and the problem is not with them.

I did a new installation check and found that it wasn't installed:

apt-transport-https
software-properties-common

But it hasn't changed anything either.

I've run the apache tests....viewed the logs...nothing that indicated a problem.

sudo apachectl configtest
Syntax OK

Can you help me on this issue?

[GreenDragonTavern]

Give this a go...comes in http on 80, goes out https on 443 and all resolve to ServerName cnetv.com.br at the end of the day.

<VirtualHost *:80>
    ServerName cnetv.com.br
        ServerAlias www.cnetv.com.br cinetv.com.br www.cinetv.com.br
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/AVideo

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

    RewriteEngine On
        RewriteRule ^/(.*) https://cnetv.com.br/$1 [NC,R=301,L]
</VirtualHost>

<VirtualHost *:443>
    ServerName cnetv.com.br
        ServerAlias www.cnetv.com.br cinetv.com.br www.cinetv.com.br
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html/AVideo

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLCertificateFile /etc/letsencrypt/live/cnetv.com.br/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/cnetv.com.br/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    <Directory /var/www/html/AVideo/>
        Options Indexes FollowSymLinks
        XSendFile on
        XSendFilePath /var/www/html/AVideo/
        AllowOverride All
        Require all granted
    </Directory>

        RewriteEngine On
    RewriteCond %{HTTP_HOST} ^(www\.)(.*) [OR]
        RewriteCond %{SERVER_NAME} =cinetv.com.br [NC]
        RewriteRule ^ https://cnetv.com.br%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

[gbrn]

@GreenDragonTavern Thanks for the help... I'll run some tests with your suggestion. But apparently I see that the problem is with Cloudflare's SSL, with the Letsencrypt SSL installed on the server.

[GreenDragonTavern]

@gbrn - this may help if having issues...The Correct Way to Use Let’s Encrypt with Cloudflare

[gbrn]

@GreenDragonTavern Yes! I managed to find this very instruction. But it didn't work, it showed another error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Letscript is working correctly. I used a secondary domain to test without going through Cloudflare. This is how I verified that the problem is Cloudflare compatibility.

I'm studying the Cloudflare documentation... I probably won't be able to use Letscript... I'll probably have to generate the certificates on Cloudflare and upload them to my server.

[ronaldod]

I have multiple sites running with letsencrypt and Cloudflare. I run it on Full(strict). Nothing special.

[gbrn]

I did several tests and it didn't work... 2 days trying and nothing... then I gave up. I will run further tests and report the results.

[gbrn]

It worked! It presented the error ERR_SSL_VERSION_OR_CIPHER_MISMATCH... I enabled the universal certificate and had to wait about 30 minutes for it to work. Apparently the problem was the lack of waiting on SSL publication. Or I had some previous problem that was solved in the past and was not present now.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.