I've edited /etc/hosts adding a line where I put the IP address of the server and the name of site. Now everything works with SSL :-)
Thank you to all, Aldo Il giorno Tue, 20 Feb 2018 21:23:52 +0100 Aldo Maggi <sentini...@virgilio.it> ha scritto: > Thank you for answering! > I'm really sorry but it seems not to be a SSL or Apache problem, > today, while I was away from home and I was using my laptop, I tried > to open my site and I was successful! > So I can open "mysite. com" from outside my Lan but if I try to > connect to "mysite. com" from a Lan computer, the connection is > refused. > I think it is a "ufw" problem but I do not know what to check. > > Thank you anyway, > > Aldo :-) > > Il giorno Mon, 19 Feb 2018 21:08:34 -0500 > Bob Weber <bobrwe...@gmail.com> ha scritto: > > > On 2/19/18 2:54 PM, Aldo Maggi wrote: > > > Thank you for your fast answer! > > > > > > root@Casa-mia-1:~# lsof -i :443 > > > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME > > > apache2 879 root 6u IPv6 20270 0t0 TCP *:https > > > (LISTEN) apache2 948 www-data 6u IPv6 20270 0t0 TCP > > > *:https (LISTEN) apache2 949 www-data 6u IPv6 20270 0t0 > > > TCP *:https (LISTEN) apache2 950 www-data 6u IPv6 20270 > > > 0t0 TCP *:https (LISTEN) apache2 951 www-data 6u IPv6 > > > 20270 0t0 TCP *:https (LISTEN) apache2 952 www-data 6u > > > IPv6 20270 0t0 TCP *:https (LISTEN) apache2 1385 www-data > > > 6u IPv6 20270 0t0 TCP *:https (LISTEN) apache2 1386 > > > www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN) apache2 > > > 3386 www-data 6u IPv6 20270 0t0 TCP *:https (LISTEN) > > > > > > As for ufw, indeed port 443 was not enabled and I had problems in > > > doing it (bad port!!!!), at the end I wrote: > > > ufw allow https > > > Rule added > > > Rule added (v6) > > > > > > now I have: > > > > > > root@Casa-mia-1:~# ufw status > > > Status: active > > > > > > To Action From > > > -- ------ ---- > > > 22/tcp ALLOW Anywhere > > > CUPS ALLOW Anywhere > > > ...... > > > Telnet ALLOW Anywhere > > > VNC ALLOW Anywhere > > > WWW ALLOW Anywhere > > > Anywhere ALLOW 192.168.3.100 > > > Anywhere ALLOW 192.168.3.0/24 > > > 2222/tcp ALLOW Anywhere > > > 5900:5910/tcp ALLOW Anywhere > > > 2049 ALLOW 192.168.3.100 > > > 80/tcp ALLOW Anywhere > > > 443/tcp ALLOW Anywhere > > > 22/tcp (v6) ALLOW Anywhere (v6) > > > CUPS (v6) ALLOW Anywhere (v6) > > > ....... > > > WWW (v6) ALLOW Anywhere (v6) > > > 2222/tcp (v6) ALLOW Anywhere (v6) > > > 5900:5910/tcp (v6) ALLOW Anywhere (v6) > > > 80/tcp (v6) ALLOW Anywhere (v6) > > > 443/tcp (v6) ALLOW Anywhere (v6) > > > > > > root@Casa-mia-1:~# systemctl restart apache2 > > > > > > but ... no avail, still "connection refused" > > > > > > What else could be the culprit!!!! :-D > > > > > > Thanks for your time! > > > > > > Aldo :-) > > > > > > P.S. Furthermore in ..../apache2/error.log I find: > > > PHP Warning: PHP Startup: Unable to load dynamic library > > > '/usr/lib/php/20151012/apc.so' - /usr/lib/php/20151012/apc.so: > > > cannot open shared object file: No such file or directory in > > > Unknown on line 0 > > > > > > Il giorno Mon, 19 Feb 2018 12:48:25 -0500 > > > Greg Wooledge <wool...@eeg.ccf.org> ha scritto: > > > > > >> On Mon, Feb 19, 2018 at 06:36:01PM +0100, Aldo Maggi wrote: > > >>> Anyway, now if I browse writing my IP I get the Apache default > > >>> page (the browser tells me, anyway, that the site is unsecure), > > >>> if I write the name of the site I get (traslated from Italian): > > >>> Unable to reach the site > > >>> Connection denied by mysite.com > > >> "Connection refused" (the correct English translation) means that > > >> either the service is not listening to that port, or the packets > > >> were rejected by a firewall. > > >> > > >> You will need to examine both of those possibilities. > > >> > > >> Making sure the service is listening on :443 should be fairly > > >> easy. You can use "lsof -i :443" for example, or some ss or > > >> netstat command. > > >> > > >> Checking whether you have a firewall blocking incoming 443 will > > >> be a bit harder. > > >> > > > > > Looks like apache is only listening to IPV6 (see above lsof output). > > So if the domain that you used in the command: > > > > letsencrypt --apache -d mysite.com > > > > resolves to an IPV4 address you need to tell apache to listen to > > your IPV4 address. Your firewall looks like it has opened IPV4 and > > IPV6. I also assume that you try to access the site with that > > domain name in the url in your browser. Check the > > file /etc/apache2/ports.conf. It might be useful to run the command > > "ip a" to see what addresses are assigned to your ethernet ports so > > you can properly set up the ports.conf file. > > >
