Quoting Mahmood Naderan ([email protected]):
> [mahmood@rocks7 ~]$ wget http://w.x.y.z:443
> Connecting to w.x.y.z:443... connected.
> HTTP request sent, awaiting response... 200 OK
> 2018-08-20 10:30:50 (1.95 MB/s) - ‘index.html.1’ saved [33229]
> Any thought?
Did you forget to put 'SSLEngine On' in your SSL-vhost definition?
The above quoted clearly shows your Apache is doing normal HTTP on port 443.
Also, SSL generally doesn't work well when connecting to just an IP-address.
SSL certs contain a domain name, it has to match or you'll get certificate
security warnings.
Use this config as a reference, assuming Apache 2.4+:
| <VirtualHost aa.bb.cc.dd:80 [2001:7b8:zzz:1:aa.bb.cc.dd]:80>
| ServerName www.example.com
| ServerAlias example.com
|
| DocumentRoot /var/vhosts/www.example.com/html
|
| RewriteEngine On
| RewriteCond %{REQUEST_URI} !^/.well-known/
| RewriteRule (.*) https://www.example.com$1 [R=301,L]
| </VirtualHost>
| <VirtualHost aa.bb.cc.dd:443 [2001:7b8:zzz:1:aa.bb.cc.dd]:443>
| ServerName www.example.com
| ServerAlias example.com
|
| AddDefaultCharset utf-8
|
| Header always add Strict-Transport-Security "max-age=15552000;
includeSubDomains"
| Header always add X-Content-Type-Options "nosniff"
| Header always add X-Frame-Options "SAMEORIGIN"
| Header always add X-XSS-Protection "1; mode=block"
|
| SSLEngine On
| SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
| SSLCipherSuite
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:!aNULL:!eNULL:!EXPORT:!RC4:!DES:!SSLv2:!MD5:!SSLV3:!3DES:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:KRB5-DES-CBC3-SHA:"
| SSLOpenSSLConfCmd ECDHParameters secp384r1
| SSLOpenSSLConfCmd Curves secp384r1
|
| SSLCertificateChainFile /etc/letsencrypt/manual/chain.pem
| SSLCertificateFile /etc/letsencrypt/manual/www.example.com.crt
| SSLCertificateKeyFile /etc/letsencrypt/manual/www.example.com.key
| SSLOpenSSLConfCmd DHParameters /etc/letsencrypt/manual/www.example.com.dh
|
| ErrorLog /var/vhosts/www.example.com/logs/error.log
| CustomLog /var/vhosts/www.example.com/logs/access.log combined
|
| DocumentRoot /var/vhosts/www.example.com/html/
| <Directory /var/vhosts/www.example.com/html/>
| Options -Indexes
| Require all granted
| </Directory>
|
| RewriteEngine On
|
| RewriteCond %{HTTP_HOST} !^www.example.com
| RewriteRule (.*) https://www.example.com$1 [R=301,L]
| </VirtualHost>
--
| Dopeler effect: The tendency of stupid ideas to seem smarter when they
| come at you rapidly.
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7 FBD6 F3A9 9442 20CC 6CD2
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
