I decided to enable scoug.com for https using Let's Encrypt certificates
and ran into an unrelated issue that I don't fully understand.
This is not a completely new setup. I had https working with a
self-signed certificate a while back but it's been disabled until now so
it's hard to know what might have changed in the interim.
So I re-enabled SSL and switched over to a Let's Encrypt certificate and
the clients were not able of fetch the certificate. Both sslchecker and
openssl's s_client failed. The failure mode persisted even if I switched
back the the self-signed certificate.
The iptrace logs reported:
HTTP/1.1 400 Bad Request
Date: Tue, 13 Aug 2024 23:19:28 GMT
Server: Apache
Content-Length: 226
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br
/>
</p>
</body></html>
which implied to me that somehow the request was not getting routed to the
SSL enabled VirtualHost.
After much grumbling and complaining, the fix turned out to be modifying
the Listen statement.
Unless I missed something in the docs, I would expect that traffic coming
in on 64.60.60.121:443 would get routed to the 64.60.60.121:443
VirtualHost, but this did not happen.
tilbake listen