HTTPS Anweisungen bei Subdomain führen zu Connection Refused auf das KH Panel  [GELÖST]

Haben Sie einen Bug entdeckt? Teilen Sie es uns mit.
Post Reply
Dreandor
Posts: 35
Joined: Mon 7. Mar 2022, 10:53

HTTPS Anweisungen bei Subdomain führen zu Connection Refused auf das KH Panel

Post by Dreandor »

Ich bin sicher, dass die Ursache des Problems bei KeyHelp liegt
Ja


Server-Betriebssystem + Version
Debian 11.8


Eingesetzte Server-Virtualisierung-Technologie
KVM


KeyHelp-Version + Build-Nummer
23.2.1


Problembeschreibung / Fehlermeldungen
Wenn ich meiner Subdomain (mit Let's Encrypt Zertifikat) HTTPS Anweisungen gebe, dann komm ich nicht mehr auf das KH Panel (Connection Refused)

Erwartetes Ergebnis
Panel läuft weiterhin und die HTTPS Anweisungen funktionieren

Tatsächliches Ergebnis
Panel aufruf klappt nicht mehr mit Fehler: Connection Refused

Schritte zur Reproduktion
Subdomain erstellen + Let's Encrypt Zertifikat einstellen

In HTTP Anweisungen:

Code: Select all

RewriteEngine on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
In HTTPS Anweisungen:

Code: Select all

ProxyPreserveHost On
SSLProxyEngine On
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule .* "wss://127.0.0.1:8443%{REQUEST_URI}" [P]
SSLCertificateFile /var/opt/minecraft/crafty/crafty-4/app/config/web/certs/commander.cert.pem
SSLCertificateKeyFile /var/opt/minecraft/crafty/crafty-4/app/config/web/certs/commander.key.pem

ProxyPass / https://127.0.0.1:8443/
ProxyPassReverse / https://127.0.0.1:8443/
ProxyRequests off
Zusätzliche Informationen
(z.B. kürzlich durchgeführte Änderungen am Server, Auszüge aus Protokolldateien (/var/log/*, /var/log/keyhelp/php-error.log, etc.))
/var/log/keyhelp/php-error.log existiert nicht

php7.4-fpm.log

Code: Select all

[25-Jan-2024 09:10:01] NOTICE: Reloading in progress ...
[25-Jan-2024 09:10:01] NOTICE: reloading: execvp("/usr/sbin/php-fpm7.4", {"/usr/sbin/php-fpm7.4", "--nodaemonize", "--fpm-config", "/etc/php/7.4/fpm/php-fpm.conf"})
[25-Jan-2024 09:10:01] NOTICE: using inherited socket fd=7, "/run/php/keyhelp_keyhelp.socket"
[25-Jan-2024 09:10:01] NOTICE: using inherited socket fd=7, "/run/php/keyhelp_keyhelp.socket"
[25-Jan-2024 09:10:01] NOTICE: using inherited socket fd=8, "/run/php/keyhelp_dreandor_de.socket"
[25-Jan-2024 09:10:01] NOTICE: using inherited socket fd=8, "/run/php/keyhelp_dreandor_de.socket"
[25-Jan-2024 09:10:01] NOTICE: fpm is running, pid 585
[25-Jan-2024 09:10:01] NOTICE: ready to handle connections
[25-Jan-2024 09:10:01] NOTICE: systemd monitor interval set to 10000ms
journalctl -xe

Code: Select all

░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit apache2.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Jan 25 09:14:01 panel.dreandor.de systemd[1]: apache2.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit apache2.service has entered the 'failed' state with result 'exit-code'.
Jan 25 09:14:01 panel.dreandor.de systemd[1]: Failed to start The Apache HTTP Server.
░░ Subject: A start job for unit apache2.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit apache2.service has finished with a failure.
░░
░░ The job identifier is 183314 and the job result is failed.
Jan 25 09:14:01 panel.dreandor.de sudo[211979]: pam_unix(sudo:session): session closed for user root
Jan 25 09:14:01 panel.dreandor.de CRON[211945]: pam_unix(cron:session): session closed for user root
Jan 25 09:14:04 panel.dreandor.de systemd[1]: Starting The Apache HTTP Server...
░░ Subject: A start job for unit apache2.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit apache2.service has begun execution.
░░
░░ The job identifier is 183379.
Jan 25 09:14:04 panel.dreandor.de apachectl[212000]: Action 'start' failed.
Jan 25 09:14:04 panel.dreandor.de apachectl[212000]: The Apache error log may have more information.
Jan 25 09:14:04 panel.dreandor.de systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit apache2.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Jan 25 09:14:04 panel.dreandor.de systemd[1]: apache2.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit apache2.service has entered the 'failed' state with result 'exit-code'.
Jan 25 09:14:04 panel.dreandor.de systemd[1]: Failed to start The Apache HTTP Server.
░░ Subject: A start job for unit apache2.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit apache2.service has finished with a failure.
░░
░░ The job identifier is 183379 and the job result is failed.
Jan 25 09:14:06 panel.dreandor.de dhclient[412]: DHCPREQUEST for 212.132.74.53 on ens6 to 169.254.0.2 port 67
Jan 25 09:14:06 panel.dreandor.de dhclient[412]: DHCPACK of 212.132.74.53 from 169.254.0.2
Jan 25 09:14:06 panel.dreandor.de dhclient[412]: bound to 212.132.74.53 -- renewal in 287 seconds.
Top
User avatar
Tobi
Community Moderator
Posts: 2831
Joined: Thu 5. Jan 2017, 13:24

Re: HTTPS Anweisungen bei Subdomain führen zu Connection Refused auf das KH Panel

Post by Tobi »

Das hier ist definitiv falsch.
Sogar doppelt.

Code: Select all


https://127.0.0.1/

Localhost gibt es nicht in der SSL Variante.
IP Adressen können kein Zertifikat haben.
Gruß,
Tobi


-----------------------------
wewoco.de
Das Forum für Reseller, Digital-Agenturen, Bildschirmarbeiter und Mäuseschubser
Top
Dreandor
Posts: 35
Joined: Mon 7. Mar 2022, 10:53

Re: HTTPS Anweisungen bei Subdomain führen zu Connection Refused auf das KH Panel

Post by Dreandor »

Tobi wrote: Thu 25. Jan 2024, 10:53 Das hier ist definitiv falsch.
Sogar doppelt.

Code: Select all


https://127.0.0.1/

Localhost gibt es nicht in der SSL Variante.
IP Adressen können kein Zertifikat haben.

Code: Select all

  GNU nano 5.4                                                                                                               dreandor_de_mc.dreandor.de_https.conf
ProxyPreserveHost On
SSLProxyEngine On
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule .* "wss://mc.dreandor.de:8443%{REQUEST_URI}" [P]
SSLCertificateFile /var/opt/minecraft/crafty/crafty-4/app/config/web/certs/commander.cert.pem
SSLCertificateKeyFile /var/opt/minecraft/crafty/crafty-4/app/config/web/certs/commander.key.pem

ProxyPass / https://mc.dreandor.de:8143/
ProxyPassReverse / https://mc.dreandor.de:8143/
ProxyRequests off
Weiterhin geht Apache2 nicht mehr.
Top
Dreandor
Posts: 35
Joined: Mon 7. Mar 2022, 10:53

Re: HTTPS Anweisungen bei Subdomain führen zu Connection Refused auf das KH Panel

Post by Dreandor »

Wenn ich aber die HTTPS Anweisungen hart in die Vhost Datei schreibe klappt es sogar mit IP Adressen. So bald es über custom_vhosts geladen wird schmiert mir das komplette Panel + Apache2 ab.
Top
User avatar
Jolinar
Community Moderator
Posts: 3612
Joined: Sat 30. Jan 2016, 07:11
Location: Weimar (Thüringen)
Contact:
Contact Jolinar

Re: HTTPS Anweisungen bei Subdomain führen zu Connection Refused auf das KH Panel

Post by Jolinar »

Code: Select all

Jan 25 09:14:04 panel.dreandor.de apachectl[212000]: Action 'start' failed.
Jan 25 09:14:04 panel.dreandor.de apachectl[212000]: The Apache error log may have more information.
Was sagt das Logfile an der Stelle?


BTW:
Dreandor wrote: Thu 25. Jan 2024, 10:13 In HTTP Anweisungen:

Code: Select all

RewriteEngine on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Warum?

Das kannst du doch direkt übers Panel einstellen:
Screenshot_65.png
Screenshot_65.png (3.41 KiB) Viewed 523 times
Wenn jemand inkompetent ist, dann kann er nicht wissen, daß er inkompetent ist. (David Dunning)

Data Collector für Community Support
___
Ich verwende zwei verschiedene Schriftfarben in meinen Beiträgen /
I use two different font colors in my posts:
  • In dieser Farbe schreibe ich als Moderator und gebe moderative Hinweise oder begründe moderative Eingriffe /
    In this color, I write as a moderator and provide moderative guidance or justify moderative interventions
  • In dieser Farbe schreibe ich als Community Mitglied und teile meine private Meinung und persönlichen Ansichten mit /
    In this color, I write as a community member and share my personal opinions and views
Top
Dreandor
Posts: 35
Joined: Mon 7. Mar 2022, 10:53

Re: HTTPS Anweisungen bei Subdomain führen zu Connection Refused auf das KH Panel

Post by Dreandor »

ErrorLog /var/log/apache2/error.log

Code: Select all

[Thu Jan 25 13:24:01.908306 2024] [mpm_event:notice] [pid 248148:tid 140133451824448] AH00493: SIGUSR1 received.  Doing graceful restart
[Thu Jan 25 13:24:01.965148 2024] [ssl:warn] [pid 248148:tid 140133451824448] AH01906: webmail:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jan 25 13:24:01.965173 2024] [ssl:warn] [pid 248148:tid 140133451824448] AH01909: webmail:443:0 server certificate does NOT include an ID which matches the server name
[Thu Jan 25 13:24:01.965296 2024] [ssl:error] [pid 248148:tid 140133451824448] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=info@keyhelp.de,CN=panel.dreandor.de,OU=KeyHelp Control Panel,O=KeyHelp,L=Erfurt,ST=Thuringia,C=DE / issuer: em>
[Thu Jan 25 13:24:01.965305 2024] [ssl:error] [pid 248148:tid 140133451824448] AH02604: Unable to configure certificate webmail:443:0 for stapling
[Thu Jan 25 13:24:01.965772 2024] [:emerg] [pid 248148:tid 140133451824448] AH00020: Configuration Failed, exiting
[Thu Jan 25 13:25:01.619055 2024] [ssl:warn] [pid 249050:tid 140483355684160] AH01906: webmail:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jan 25 13:25:01.619113 2024] [ssl:warn] [pid 249050:tid 140483355684160] AH01909: webmail:443:0 server certificate does NOT include an ID which matches the server name
[Thu Jan 25 13:25:01.619195 2024] [ssl:error] [pid 249050:tid 140483355684160] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=info@keyhelp.de,CN=panel.dreandor.de,OU=KeyHelp Control Panel,O=KeyHelp,L=Erfurt,ST=Thuringia,C=DE / issuer: em>
[Thu Jan 25 13:25:01.619201 2024] [ssl:error] [pid 249050:tid 140483355684160] AH02604: Unable to configure certificate webmail:443:0 for stapling
AH00016: Configuration Failed
Errorlog /var/log/apache2/keyhelp/error.log

Code: Select all

[Wed Jan 24 07:30:34.178724 2024] [ssl:warn] [pid 18487:tid 140492828781888] AH01906: panel.dreandor.de:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jan 24 07:30:34.178823 2024] [ssl:error] [pid 18487:tid 140492828781888] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=info@keyhelp.de,CN=panel.dreandor.de,OU=KeyHelp Control Panel,O=KeyHelp,L=Erfurt,ST=Thuringia,C=DE / issuer: ema>
[Wed Jan 24 07:30:34.178829 2024] [ssl:error] [pid 18487:tid 140492828781888] AH02604: Unable to configure certificate panel.dreandor.de:443:0 for stapling
[Wed Jan 24 07:30:34.188753 2024] [ssl:warn] [pid 18488:tid 140492828781888] AH01906: panel.dreandor.de:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jan 24 07:30:34.188843 2024] [ssl:error] [pid 18488:tid 140492828781888] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=info@keyhelp.de,CN=panel.dreandor.de,OU=KeyHelp Control Panel,O=KeyHelp,L=Erfurt,ST=Thuringia,C=DE / issuer: ema>
[Wed Jan 24 07:30:34.188849 2024] [ssl:error] [pid 18488:tid 140492828781888] AH02604: Unable to configure certificate panel.dreandor.de:443:0 for stapling
[Wed Jan 24 07:33:37.728358 2024] [ssl:warn] [pid 697:tid 139641325047104] AH01906: panel.dreandor.de:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jan 24 07:33:37.728596 2024] [ssl:error] [pid 697:tid 139641325047104] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=info@keyhelp.de,CN=panel.dreandor.de,OU=KeyHelp Control Panel,O=KeyHelp,L=Erfurt,ST=Thuringia,C=DE / issuer: email>
[Wed Jan 24 07:33:37.728604 2024] [ssl:error] [pid 697:tid 139641325047104] AH02604: Unable to configure certificate panel.dreandor.de:443:0 for stapling
[Wed Jan 24 07:33:37.740189 2024] [ssl:warn] [pid 737:tid 139641325047104] AH01906: panel.dreandor.de:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jan 24 07:33:37.740287 2024] [ssl:error] [pid 737:tid 139641325047104] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=info@keyhelp.de,CN=panel.dreandor.de,OU=KeyHelp Control Panel,O=KeyHelp,L=Erfurt,ST=Thuringia,C=DE / issuer: email>
[Wed Jan 24 07:33:37.740293 2024] [ssl:error] [pid 737:tid 139641325047104] AH02604: Unable to configure certificate panel.dreandor.de:443:0 for stapling
[Wed Jan 24 07:34:27.834051 2024] [authz_core:error] [pid 1675:tid 139640048707328] [client 144.126.202.105:54434] AH01630: client denied by server configuration: /home/keyhelp/www/keyhelp/server-status
[Wed Jan 24 13:59:28.653247 2024] [cgid:error] [pid 36799:tid 140517381179136] [client 185.224.128.191:56396] AH01264: script not found or unable to stat: /usr/lib/cgi-bin/jarrewrite.sh
Top
User avatar
Florian
Keyweb AG
Posts: 1261
Joined: Wed 20. Jan 2016, 02:28

Re: HTTPS Anweisungen bei Subdomain führen zu Connection Refused auf das KH Panel

Post by Florian »

Hallo,

ich würde wenn die Anweisungen aktiv sind und der Webserver nicht mehr erreichbar ist ein "apache2ctl configtest" ausführen.
Mit freundlichen Grüßen / Best regards
Florian Cheno

**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Top
Dreandor
Posts: 35
Joined: Mon 7. Mar 2022, 10:53

Re: HTTPS Anweisungen bei Subdomain führen zu Connection Refused auf das KH Panel

Post by Dreandor »

Florian wrote: Thu 25. Jan 2024, 16:03 Hallo,

ich würde wenn die Anweisungen aktiv sind und der Webserver nicht mehr erreichbar ist ein "apache2ctl configtest" ausführen.
Scheint alles in Ordnung zu sein

Code: Select all

root@panel:~# apache2ctl configtest
Syntax OK
Top
User avatar
Florian
Keyweb AG
Posts: 1261
Joined: Wed 20. Jan 2016, 02:28

Re: HTTPS Anweisungen bei Subdomain führen zu Connection Refused auf das KH Panel

Post by Florian »

Hallo,

und der Webserver läuft trotzdem nicht bzw. lässt sich nicht starten?
Mit freundlichen Grüßen / Best regards
Florian Cheno

**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Top
Dreandor
Posts: 35
Joined: Mon 7. Mar 2022, 10:53

Re: HTTPS Anweisungen bei Subdomain führen zu Connection Refused auf das KH Panel

Post by Dreandor »

Florian wrote: Thu 25. Jan 2024, 18:38 Hallo,

und der Webserver läuft trotzdem nicht bzw. lässt sich nicht starten?
Genau. Der Webserver startet trotzdem nicht.

Code: Select all

root@panel:~# systemctl status apache2
● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Thu 2024-01-25 18:57:01 CET; 1s ago
    Process: 4297 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
        CPU: 14ms

Jan 25 18:57:01 panel.dreandor.de systemd[1]: Starting The Apache HTTP Server...
Jan 25 18:57:01 panel.dreandor.de apachectl[4297]: Action 'start' failed.
Jan 25 18:57:01 panel.dreandor.de apachectl[4297]: The Apache error log may have more information.
Jan 25 18:57:01 panel.dreandor.de systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Jan 25 18:57:01 panel.dreandor.de systemd[1]: apache2.service: Failed with result 'exit-code'.
Jan 25 18:57:01 panel.dreandor.de systemd[1]: Failed to start The Apache HTTP Server.
Top
User avatar
Florian
Keyweb AG
Posts: 1261
Joined: Wed 20. Jan 2016, 02:28

Re: HTTPS Anweisungen bei Subdomain führen zu Connection Refused auf das KH Panel

Post by Florian »

und was steht in /var/log/apache2/error.log direkt nach dem Startversuch
Mit freundlichen Grüßen / Best regards
Florian Cheno

**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Top
Dreandor
Posts: 35
Joined: Mon 7. Mar 2022, 10:53

Re: HTTPS Anweisungen bei Subdomain führen zu Connection Refused auf das KH Panel

Post by Dreandor »

Florian wrote: Thu 25. Jan 2024, 19:01 und was steht in /var/log/apache2/error.log direkt nach dem Startversuch

Code: Select all

root@panel:~# systemctl start apache2
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.

Code: Select all

[Thu Jan 25 19:02:48.251904 2024] [ssl:warn] [pid 5137:tid 140109540576576] AH01906: webmail:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jan 25 19:02:48.251967 2024] [ssl:warn] [pid 5137:tid 140109540576576] AH01909: webmail:443:0 server certificate does NOT include an ID which matches the server name
[Thu Jan 25 19:02:48.252046 2024] [ssl:error] [pid 5137:tid 140109540576576] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=info@keyhelp.de,CN=panel.dreandor.de,OU=KeyHelp Control Panel,O=KeyHelp,L=Erfurt,ST=Thuringia,C=DE / issuer: emai>
[Thu Jan 25 19:02:48.252052 2024] [ssl:error] [pid 5137:tid 140109540576576] AH02604: Unable to configure certificate webmail:443:0 for stapling
AH00016: Configuration Failed
Top
User avatar
Florian
Keyweb AG
Posts: 1261
Joined: Wed 20. Jan 2016, 02:28

Re: HTTPS Anweisungen bei Subdomain führen zu Connection Refused auf das KH Panel

Post by Florian »

Hallo,

bitte Logins per PM, muss ich wenn selber gucken.
Mit freundlichen Grüßen / Best regards
Florian Cheno

**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Top
Dreandor
Posts: 35
Joined: Mon 7. Mar 2022, 10:53

Re: HTTPS Anweisungen bei Subdomain führen zu Connection Refused auf das KH Panel

Post by Dreandor »

Florian wrote: Thu 25. Jan 2024, 19:13 Hallo,

bitte Logins per PM, muss ich wenn selber gucken.
Hab ich dir geschickt.
Top
Dreandor
Posts: 35
Joined: Mon 7. Mar 2022, 10:53

Re: HTTPS Anweisungen bei Subdomain führen zu Connection Refused auf das KH Panel  [GELÖST]

Post by Dreandor »

Dank der Hilfe von Florian geht es wieder.

Lag an
SSLCertificateFile /var/opt/minecraft/crafty/crafty-4/app/config/web/certs/commander.cert.pem
SSLCertificateKeyFile /var/opt/minecraft/crafty/crafty-4/app/config/web/certs/commander.key.pem

Wenn ich die beiden entferne dann geht es auch wieder.
Top
Post Reply

Return to “Fehler / Probleme”