sim_tcr
Posts: 331
Joined: Tue Nov 06, 2012 1:01 pm
Location: Bangalore
Contact: Website

https on apache2. https does not work out side home network

Tue Jul 11, 2017 4:33 am

Hello,

I have a personal website running on apache2 on my raspberry pi(raspbian) with no-ip dynamic dns service. Port 80 is forwarded on my home router and the website is accessible outside home network.
Now I am trying to enable https for the website. I have placed the certs on the server,
I ran below first,

Code: Select all

sudo a2enmod ssl
/etc/apache2/apache2.conf has,

Code: Select all

<VirtualHost <my local ip>:443>
DocumentRoot /var/www/html
ServerName raspiabita.ddns.net
SSLEngine on
SSLCertificateFile /var/www/html/certificate.crt
SSLCertificateKeyFile /var/www/html/private.key
SSLCertificateChainFile /var/www/html/ca_bundle.crt
</VirtualHost>
/etc/apache2/ports.conf has below

Code: Select all

Listen 80
<IfModule ssl_module>
      Listen 443
</IfModule>
<IfModule mod_gnutls.c>
      Listen 443
</IfModule>
I have forwarded port 443 on my router.
Inside home network, http://<my local ip of webserver> works fine. https://<my local ip of webserver> works fine.
Outside home network, http://raspiabita.ddns.net works. But https://raspiabita.ddns.net does not work. Can any one help me ?

Thanks,
Simon
http://raspisimon.no-ip.org
Raspberry Pi Model B x 2, Raspberry Pi 2 x 2, Transcend 32GB Class 10, Transcend 16GB Class 10, Transcend 8GB Class 4, Custom 12V 1.5A (stepped down to 5.5V)

User avatar
Ronaldlees
Posts: 294
Joined: Sat Apr 16, 2016 4:28 pm
Location: North Carolina, US
Contact: Website

Re: https on apache2. https does not work out side home netw

Tue Jul 11, 2017 3:23 pm

Well, when you test inside the home, are you on the same machine as the server?

It sounds like you haven't put the cert on the client you are using when you are outside of the home.
I am the Umbrella man

sim_tcr
Posts: 331
Joined: Tue Nov 06, 2012 1:01 pm
Location: Bangalore
Contact: Website

Re: https on apache2. https does not work out side home netw

Tue Jul 11, 2017 4:29 pm

Ronaldlees wrote:Well, when you test inside the home, are you on the same machine as the server?

It sounds like you haven't put the cert on the client you are using when you are outside of the home.
When I tested inside home, I tested from a windows 10 Dekstop and it works.
The same desktop i have the ability to switch to a different ISP (i have two ISP at home). and it does not work
http://raspisimon.no-ip.org
Raspberry Pi Model B x 2, Raspberry Pi 2 x 2, Transcend 32GB Class 10, Transcend 16GB Class 10, Transcend 8GB Class 4, Custom 12V 1.5A (stepped down to 5.5V)

NotRequired
Posts: 196
Joined: Sat Apr 29, 2017 10:36 am
Location: Denmark

Re: https on apache2. https does not work out side home netw

Tue Jul 11, 2017 5:43 pm

Usually, different rules apply to LAN vs. WAN due to the security implications - especially when we are talking SSL/TLS. Is the certificate authorized by a CA? If not, this may be the problem. Is the common name (host / IP) in the certificate valid for the domain "raspiabita.ddns.net"? If not, that may be the problem as well. Usually you browser should give you some hints about what the problem is other than: It does not work.. :)
Please do not ask questions in private messages, they will not help others.

sim_tcr
Posts: 331
Joined: Tue Nov 06, 2012 1:01 pm
Location: Bangalore
Contact: Website

Re: https on apache2. https does not work out side home netw

Tue Jul 11, 2017 5:54 pm

NotRequired wrote:Usually, different rules apply to LAN vs. WAN due to the security implications - especially when we are talking SSL/TLS. Is the certificate authorized by a CA? If not, this may be the problem. Is the common name (host / IP) in the certificate valid for the domain "raspiabita.ddns.net"? If not, that may be the problem as well. Usually you browser should give you some hints about what the problem is other than: It does not work.. :)
The cert is issued by authorized CA (Lets Encrypt Authority X3).
SAN (subject alternative name) has raspiabita.ddns.net
Attachments
error.jpg
error.jpg (29.64 KiB) Viewed 3331 times
cert2.jpg
cert2.jpg (15.7 KiB) Viewed 3332 times
cer1.jpg
cer1.jpg (16.26 KiB) Viewed 3332 times
http://raspisimon.no-ip.org
Raspberry Pi Model B x 2, Raspberry Pi 2 x 2, Transcend 32GB Class 10, Transcend 16GB Class 10, Transcend 8GB Class 4, Custom 12V 1.5A (stepped down to 5.5V)

pcmanbob
Posts: 9738
Joined: Fri May 31, 2013 9:28 pm
Location: Mansfield UK

Re: https on apache2. https does not work out side home netw

Tue Jul 11, 2017 6:31 pm

Hi.

Dont know if this helps but this is the error firefox returns form you site on HTTPs

"An error occurred during a connection to raspiabita.ddns.net. SSL received a malformed Certificate handshake message. Error code: SSL_ERROR_RX_MALFORMED_CERTIFICATE"
We want information… information… information........................no information no help
The use of crystal balls & mind reading are not supported

broe23
Posts: 902
Joined: Thu Jan 28, 2016 9:35 pm
Location: Central IL
Contact: Website

Re: https on apache2. https does not work out side home netw

Tue Jul 11, 2017 8:31 pm

Did you go into your Gateway and enter the ddns info and then forward the proper LAN IP and ports to be seen outside. Port 80 is the main web port and you do not want to use it for your website. It could also be that your gateway could be blocking any outside ping requests, or your provider is blocking hosting of websites on their network.
Ren: Now listen, Cadet. I've got a job for you. See this button? Ren: Don't touch it! It's the History Eraser button, you fool! Stimpy: So what'll happen? Ren: That's just it. We don't know. Maybe something bad, maybe something good.

rollingcircle
Posts: 5
Joined: Sat Feb 25, 2012 2:29 pm

Re: https on apache2. https does not work out side home netw

Wed Jul 12, 2017 9:19 am

Try replacing your local IP address in the VirtualHost specification with a wildcard:

Code: Select all

<VirtualHost <my local ip>:443>

Code: Select all

<VirtualHost *:443>

sim_tcr
Posts: 331
Joined: Tue Nov 06, 2012 1:01 pm
Location: Bangalore
Contact: Website

Re: https on apache2. https does not work out side home netw

Tue Jul 18, 2017 4:11 am

rollingcircle wrote:Try replacing your local IP address in the VirtualHost specification with a wildcard:

Code: Select all

<VirtualHost <my local ip>:443>

Code: Select all

<VirtualHost *:443>
That did not work
http://raspisimon.no-ip.org
Raspberry Pi Model B x 2, Raspberry Pi 2 x 2, Transcend 32GB Class 10, Transcend 16GB Class 10, Transcend 8GB Class 4, Custom 12V 1.5A (stepped down to 5.5V)

sim_tcr
Posts: 331
Joined: Tue Nov 06, 2012 1:01 pm
Location: Bangalore
Contact: Website

Re: https on apache2. https does not work out side home netw

Tue Jul 18, 2017 8:02 am

so I tried to change the apache ssl port to 8443 and forwarded 8443 in my router (external and internal port as 8443) and https://raspiabita.ddns.net:8443/ worked.
my apache2.conf looks like below now

Code: Select all

<VirtualHost *:8443>
        ServerName raspiabita.ddns.net:8443
        ServerAlias raspiabita.ddns.net
        DocumentRoot /var/www/html
        SSLEngine on
        SSLCertificateFile    /etc/ssl/certs/domain.crt
        SSLCertificateKeyFile /etc/ssl/private/domain.key
        SSLCertificateChainFile /etc/ssl/certs/intermediate.pem       
and ports.conf

Code: Select all

<IfModule ssl_module>
      Listen 8443
</IfModule>
<IfModule mod_gnutls.c>
      Listen 8443
</IfModule>
So I tried port forwarding in my router again as internal port as 8443 and external as 443. So I expected https://raspiabita.ddns.net to work, but it did not.
http://raspisimon.no-ip.org
Raspberry Pi Model B x 2, Raspberry Pi 2 x 2, Transcend 32GB Class 10, Transcend 16GB Class 10, Transcend 8GB Class 4, Custom 12V 1.5A (stepped down to 5.5V)

Return to “General discussion”