Hi, On 02.07.21 09:27, @lbutlr wrote: > When checking for https HSTS compliance on htstpreload.org I get a warning > >> We cannot connect to https://example.net using TLS ("Get >> https://example.net: http: server gave HTTP response to HTTPS client").
What is in your access logs, can you identify the request and check which virtual hosts served it? You can enable logging of the virtual host in the access log or log to dedicated files (see https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#formats for a list of what is available). > And I do not understand how this can be. The page in questions loads as https > with a valid cert and the http query is set to redirect to https > > <VirtualHost ip.ad.re.ss:443> > ServerName www.example.net > ServerAlias foo.example.net > ServerAlias example.net > DocumentRoot /usr/local/www/example/ > DirectoryIndex index.html > ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/usr/local/www/example/$1 > SSLEngine on > SSLCertificateFile /usr/local/etc/dehydrated/certs/example.net/cert.pem > SSLCertificateKeyFile > /usr/local/etc/dehydrated/certs/example.net/privkey.pem > SSLCertificateChainFile > /usr/local/etc/dehydrated/certs/example.net/chain.pem > SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 > SSLHonorCipherOrder on > SSLCipherSuite > ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS > #SSLUseStapling On > Header always set Strict-Transport-Security "max-age=15638400; > includeSubdomains;" > Header always set X-Frame-Options DENY > Alias /.well-known/ /usr/local/www/.well-known/ > </VirtualHost> > > <VirtualHost *:80> > ServerName www.example.net > ServerAlias foo,example.net > ServerAlias example.net > ServerAlias webmail.example.net > Redirect / https://www.example.net/ > Alias /.well-known/ /usr/local/www/.well-known/ > </VirtualHost> > > I do not see anything onbviously wrong here (there is a typo on "ServerAlias foo,example.net" though, assume this is just an example issue). However, your TLS virtualhost is bound to a fixed IP, your plain HTTP virtual host is bound to all available IPs on the machine. My guess would be virtual host mismatch or a DNS specific issue (does example.net resolve to different IPs for different resolvers?). Again access logs may reveal some more information on that. hth, Thomas --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
