Posted: 10/16/2016 2:31:44 PM EDT
|
I have a personal LAMP webserver running on a RPi2B w/ Raspbian 8 with DDNS service from duckdns and a SSL cert from LetsEncrypt.
Connecting to the server via HTTP is fine (both local and outside my network), but a few days ago, I noticed HTTPS stopped working, through either duckdns or directly to the IP Address. I'm not sure what changed. It might have been after a sudo apt update All the ports are forwarded correctly (Double NAT) and the cert is current and valid. apache seems to be in INACTIVE(DEAD) mode, but HTTP still works? See TERM output below. seems like apache can't bind to 0.0.0.0:80. Nothing else that I know of is using that address. Webmin is running, but on a different port; no torrents. This speed_test script is running every 30 min, but it shouldn't be blocking port 80 or 443. EDIT: now that I think about it, it was about the time I loaded the speed_test was the first time I noticed the HTTPS failure, though I had not been on the website in a week or 2. Not sure if they are related. Tried rebooting the Pi, sudo service apache2 restart, etc. Not sure if my Internet Provider started blocking port 443, though all other HTTPS sites work. I get service through Plateau Fiber. I doubt it is them, as even on the local network, I cannot connect via HTTPS, only HTTP. $ service apache2 status apache2/access.log and apache2/error.log are empty syslog dump after reboot $ /var/log/syslog 
|
|
Found this SO post that was very similar (though it seems like his server didn't serve any HTTP or HTTPS):
https://stackoverflow.com/questions/40072846/debian-apache2-doent-start-and-stays-in-inactive-mode Per his solution, he did not have /usr/sbin/apache2. I checked /usr/bin/apache2 (note bin vs sbin, d'oh!), which of course didn't come up with anything. I then reinstalled apache2-bin per his solution, no effect, but I do now have /usr/sbin/apache2 not sure the status of it before the reinstall. Still can access only via HTTP, not HTTPS. |
|
Search on enabling debug logging.
Netstat -nr. To see if you are listening on 443 From webserver try telnet localhost 443. To see if you can get some kind of connect Any kind of packet filtering being run on the box? Get lynx text browser. Try to connect with SSL from the server with that |
|
Quoted:
Search on enabling debug logging. Quoted:
Search on enabling debug logging. I'll try that tomorrow, sounds like it might be a bit much for tonight before bed. Netstat -nr. To see if you are listening on 443 pi@raspberrypi:~ $ netstat -nr From webserver try telnet localhost 443. To see if you can get some kind of connect. kyle@mint-laptop ~ $ telnet pi.main 443 Any kind of packet filtering being run on the box? Pi-Hole would be the only thing of that type I can think of. Does that packet filter? Can't remember if I have connected via https after installing. Get lynx text browser. Try to connect with SSL from the server with that From the Pi webserver: Connects to https://www.google.com just fine. Does NOT connect to https://localhost Does connect to http://localhost |
|
sorry - that netstat -nr should have been "netstat -an"
but that "telnet localhost 443" results you have indicates that either a firewall is on the box blocking things, or you are just not listening of port 443 which is where SSL connections are (due to apache config/misconfig). the "netstat -an" will tell you which ports you are LISTENing on. |
|
Quoted:
sorry - that netstat -nr should have been "netstat -an" but that "telnet localhost 443" results you have indicates that either a firewall is on the box blocking things, or you are just not listening of port 443 which is where SSL connections are (due to apache config/misconfig). the "netstat -an" will tell you which ports you are LISTENing on. Looks like that was it. Now to figure out up how to make it listen on 443 again. pi@raspberrypi:~ $ netstat -an |
|
Got it. It seems lighttpd took over as my host somehow, I remember installing it, but thought I had disabled it. Forget why I installed it to start. When I restarted the Pi, lighttpd started first, and was preventing apache from doing it's thing. Stopped lighttpd, restarted apache2, and now all is well.
I found this post that suggested using ss -tlnp as it gave more detail. That allowed me to see that lighttpd had grabbed port 80, and since apache was still in a DEAD state, I figured lighttpd might be killing apache. Sure enough, it worked. Now to figure out if I can disable/uninstall lighttpd without further complications. Thanks for the help, M4! 
|
|
Quoted:
Since SSL didn't work, you sure lighttpd didn't grab port 443? I think lighttp grabbed 80 (only) first and when apache tried to start, port 80 was already bound, so apache failed then and there, and didn't even try to bind 443. Therefore, nothing serving 443, only 80. when I ran ss -tlnp, there was nothing referencing port 443, only lighttpd on port 80 |
Win a FREE Membership!
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.