0

I have a problem with my Apache 2.4.18 server while using ssl encryption. My server setup is: the apache server redirects everything on port 80 (http) to port 443 (ssl), this I realized with different site configuration.

And now my problem is: if I open the link https://www.example.com, I get the website I want.

But if I open https://example.com, I get the error: ERR_CONNECTION_REFUSED

Why is that so, and how can I solve it?

Virtualhost file for ssl:

<IfModule mod_ssl.c>
    <VirtualHost *:443>
            ServerAdmin info@footprintgaming.de

            DocumentRoot /var/www/html



            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined


            #   SSLCertificateFile directive is needed.
            SSLCertificateFile /etc/letsencrypt/live/footprintgaming.de/fullchain.pem
            SSLCertificateKeyFile /etc/letsencrypt/live/footprintgaming.de/privkey.pem



            #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
            <FilesMatch "\.(cgi|shtml|phtml|php)$">
                            SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory /usr/lib/cgi-bin>
                            SSLOptions +StdEnvVars
            </Directory>


     </VirtualHost>
 </IfModule>

  # vim: syntax=apache ts=4 sw=4 sts=4
MelcomX
  • 1

1 Answers1

0

footprintgaming.de has an A record pointing to 89.31.143.1, which appears to live at AS15598.

www.footprintgaming.de ultimately resolves to 46.5.192.81, which appears to live at AS29562.

Neither seems to have any associated IPv6 address record.

"Connection refused" means that the TCP SYN was responded to with a TCP RST/ACK. This typically happens when there is no listening socket bound to the IP address and TCP port in question, but may also be caused by firewalling.

I am able to connect to both just fine on port 80.

I am able to connect to the latter just fine on port 443, but not the former. This matches your results.

Some things to check:

  • Is the Apache instance listening on port 443? netstat -an | grep 443 will be a start.
  • Are there any relevant firewall rules in place? Assuming a moderately modern Linux, start with iptables -L -n and go from there. Other OSes will be similar yet different.
  • Is the mod_ssl module actually loaded? Try apachectl -M (and see here).
  • Silly, but has been known to happen: Have you reloaded the Apache configuration after editing it? apachectl configtest and apachectl graceful should be your friends.
  • Where is the ServerName for that virtual host? Check your apachectl -S output too. (This would normally cause you to get the wrong content or in this case a wrong HTTPS certificate, not a connection refused error, but I am including it because you're probably going to run into that the second you get a TCP connection...)
user
  • 4,505