Hello,
I added an SSL LetsEncrypt certificate on one of my virtual servers but now all of my virtual servers return a 403 Forbidden Error even after I tried fixing the folder/file permissions using:
Limits and Validation > Validate Virtual Servers > Fix Permissions
My server is using Ubuntu 14.04.2 with Webmin 1.900 & Virtualmin 6.04.
The vhost conf file of the site I added SSL too:
kremlyn.com.conf:
<VirtualHost *:80>
SuexecUserGroup "#1018" "#1011"
ServerName kremlyn.com
ServerAlias www.kremlyn.com
ServerAlias webmail.kremlyn.com
ServerAlias admin.kremlyn.com
ServerAlias kremlyn.shillongserver.com
ServerAlias www.kremlyn.shillongserver.com
DocumentRoot /home/kremlyn/public_html
ErrorLog /var/log/virtualmin/kremlyn.com_error_log
CustomLog /var/log/virtualmin/kremlyn.com_access_log combined
ScriptAlias /cgi-bin/ /home/kremlyn/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/kremlyn/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/kremlyn/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.kremlyn.com
RewriteRule ^(.*) https://kremlyn.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.kremlyn.com
RewriteRule ^(.*) https://kremlyn.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
php_value memory_limit 32M
IPCCommTimeout 41
RewriteCond %{SERVER_NAME} =kremlyn.shillongserver.com [OR]
RewriteCond %{SERVER_NAME} =www.kremlyn.com [OR]
RewriteCond %{SERVER_NAME} =admin.kremlyn.com [OR]
RewriteCond %{SERVER_NAME} =www.kremlyn.shillongserver.com [OR]
RewriteCond %{SERVER_NAME} =kremlyn.com [OR]
RewriteCond %{SERVER_NAME} =webmail.kremlyn.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
The SSL configuration file generated by LetsEncrypt:
kremlyn.com-le-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost *:443>
SuexecUserGroup "#1018" "#1011"
ServerName kremlyn.com
ServerAlias www.kremlyn.com
ServerAlias webmail.kremlyn.com
ServerAlias admin.kremlyn.com
ServerAlias kremlyn.shillongserver.com
ServerAlias www.kremlyn.shillongserver.com
DocumentRoot /home/kremlyn/public_html
ErrorLog /var/log/virtualmin/kremlyn.com_error_log
CustomLog /var/log/virtualmin/kremlyn.com_access_log combined
ScriptAlias /cgi-bin/ /home/kremlyn/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/kremlyn/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/kremlyn/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{HTTP_HOST} =webmail.kremlyn.com
# RewriteRule ^(.*) https://kremlyn.com:20000/ [R]
# RewriteCond %{HTTP_HOST} =admin.kremlyn.com
# RewriteRule ^(.*) https://kremlyn.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
php_value memory_limit 32M
IPCCommTimeout 41
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/kremlyn.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/kremlyn.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/kremlyn.com/chain.pem
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:80>
SuexecUserGroup "#1018" "#1011"
ServerName kremlyn.com
ServerAlias www.kremlyn.com
ServerAlias webmail.kremlyn.com
ServerAlias admin.kremlyn.com
ServerAlias kremlyn.shillongserver.com
ServerAlias www.kremlyn.shillongserver.com
DocumentRoot /home/kremlyn/public_html
ErrorLog /var/log/virtualmin/kremlyn.com_error_log
CustomLog /var/log/virtualmin/kremlyn.com_access_log combined
ScriptAlias /cgi-bin/ /home/kremlyn/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/kremlyn/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/kremlyn/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{HTTP_HOST} =webmail.kremlyn.com
# RewriteRule ^(.*) https://kremlyn.com:20000/ [R]
# RewriteCond %{HTTP_HOST} =admin.kremlyn.com
# RewriteRule ^(.*) https://kremlyn.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
php_value memory_limit 32M
IPCCommTimeout 41
# RewriteCond %{SERVER_NAME} =kremlyn.shillongserver.com [OR]
# RewriteCond %{SERVER_NAME} =www.kremlyn.com [OR]
# RewriteCond %{SERVER_NAME} =admin.kremlyn.com [OR]
# RewriteCond %{SERVER_NAME} =www.kremlyn.shillongserver.com [OR]
# RewriteCond %{SERVER_NAME} =kremlyn.com [OR]
# RewriteCond %{SERVER_NAME} =webmail.kremlyn.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
<IfModule mod_ssl.c>
<VirtualHost *:80>
SuexecUserGroup "#1018" "#1011"
ServerName kremlyn.com
ServerAlias www.kremlyn.com
ServerAlias webmail.kremlyn.com
ServerAlias admin.kremlyn.com
ServerAlias kremlyn.shillongserver.com
ServerAlias www.kremlyn.shillongserver.com
DocumentRoot /home/kremlyn/public_html
ErrorLog /var/log/virtualmin/kremlyn.com_error_log
CustomLog /var/log/virtualmin/kremlyn.com_access_log combined
ScriptAlias /cgi-bin/ /home/kremlyn/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/kremlyn/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/kremlyn/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
</Directory>
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{HTTP_HOST} =webmail.kremlyn.com
# RewriteRule ^(.*) https://kremlyn.com:20000/ [R]
# RewriteCond %{HTTP_HOST} =admin.kremlyn.com
# RewriteRule ^(.*) https://kremlyn.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
FcgidMaxRequestLen 1073741824
php_value memory_limit 32M
IPCCommTimeout 41
# RewriteCond %{SERVER_NAME} =kremlyn.shillongserver.com [OR]
# RewriteCond %{SERVER_NAME} =www.kremlyn.com [OR]
# RewriteCond %{SERVER_NAME} =admin.kremlyn.com [OR]
# RewriteCond %{SERVER_NAME} =www.kremlyn.shillongserver.com [OR]
# RewriteCond %{SERVER_NAME} =kremlyn.com [OR]
# RewriteCond %{SERVER_NAME} =webmail.kremlyn.com
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
</IfModule>
What am I doing wrong?
What am I doing wrong?1st. en 2st.
please go to read the docs of virtualmin and also the Forumguidelines here, kind of doublepost.. ;)
https://www.virtualmin.com/node/53663
You double https://www.virtualmin.com/node/64549
@Jfro My apologies. Should I delete this question or the previous one? And you mentioned "Virtualmin itself has a LE script not using certbot". How can I undo what I have done so far so I can use Virtualmin itself? Please help.
Web Design | WordPress Site Development | WordPress Site Maintenance | Private Managed Server Hosting - Complete WordPress Package
@Jfro Following the guide here: How to Use Let’s Encrypt SSL Certificate Automatically in Virtualmin / Webmin, I have managed to overwrite the certbot certificate with the Virtualmin generated certificate just now and also successfully redirected my site from http to https automatically. But now the error has changed from
403toInternal Server Error 500for this particular site. The other non-sll sites all redirects to the above site instead. Please help me.Web Design | WordPress Site Development | WordPress Site Maintenance | Private Managed Server Hosting - Complete WordPress Package
Take a look at the .conf with * or ip adress is in https://www.virtualmin.com/comment/803214#comment-803214
could be don't know...