On 2/19/18 2:54 PM, Aldo Maggi wrote:
Thank you for your fast answer!
root@Casa-mia-1:~# lsof -i :443
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 879 root 6u IPv6 20270 0t0 TCP *:https (LISTEN)
apache2 948 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN)
apache2 949 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN)
apache2 950 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN)
apache2 951 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN)
apache2 952 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN)
apache2 1385 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN)
apache2 1386 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN)
apache2 3386 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN)
As for ufw, indeed port 443 was not enabled and I had problems in doing
it (bad port!!!!), at the end I wrote:
ufw allow https
Rule added
Rule added (v6)
now I have:
root@Casa-mia-1:~# ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
CUPS ALLOW Anywhere
......
Telnet ALLOW Anywhere
VNC ALLOW Anywhere
WWW ALLOW Anywhere
Anywhere ALLOW 192.168.3.100
Anywhere ALLOW 192.168.3.0/24
2222/tcp ALLOW Anywhere
5900:5910/tcp ALLOW Anywhere
2049 ALLOW 192.168.3.100
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
CUPS (v6) ALLOW Anywhere (v6)
.......
WWW (v6) ALLOW Anywhere (v6)
2222/tcp (v6) ALLOW Anywhere (v6)
5900:5910/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
root@Casa-mia-1:~# systemctl restart apache2
but ... no avail, still "connection refused"
What else could be the culprit!!!! :-D
Thanks for your time!
Aldo :-)
P.S. Furthermore in ..../apache2/error.log I find:
PHP Warning: PHP Startup: Unable to load dynamic library
'/usr/lib/php/20151012/apc.so' - /usr/lib/php/20151012/apc.so: cannot
open shared object file: No such file or directory in Unknown on line 0
Il giorno Mon, 19 Feb 2018 12:48:25 -0500
Greg Wooledge <wool...@eeg.ccf.org> ha scritto:
On Mon, Feb 19, 2018 at 06:36:01PM +0100, Aldo Maggi wrote:
Anyway, now if I browse writing my IP I get the Apache default page
(the browser tells me, anyway, that the site is unsecure), if I
write the name of the site I get (traslated from Italian):
Unable to reach the site
Connection denied by mysite.com
"Connection refused" (the correct English translation) means that
either the service is not listening to that port, or the packets
were rejected by a firewall.
You will need to examine both of those possibilities.
Making sure the service is listening on :443 should be fairly easy.
You can use "lsof -i :443" for example, or some ss or netstat command.
Checking whether you have a firewall blocking incoming 443 will be
a bit harder.
Looks like apache is only listening to IPV6 (see above lsof output). So if the
domain that you used in the command:
letsencrypt --apache -d mysite.com
resolves to an IPV4 address you need to tell apache to listen to your IPV4
address. Your firewall looks like it has opened IPV4 and IPV6. I also assume
that you try to access the site with that domain name in the url in your
browser. Check the file /etc/apache2/ports.conf. It might be useful to run the
command "ip a" to see what addresses are assigned to your ethernet ports so you
can properly set up the ports.conf file.
--
*...Bob*
