403 forbidden error when accessing any virtual server

5 posts / 0 new
Last post
#1 Mon, 02/04/2019 - 04:10
shillongserver

403 forbidden error when accessing any virtual server

Hello,

I added an SSL LetsEncrypt certificate on one of my virtual servers but now all of my virtual servers return a 403 Forbidden Error even after I tried fixing the folder/file permissions using:

Limits and Validation > Validate Virtual Servers > Fix Permissions

My server is using Ubuntu 14.04.2 with Webmin 1.900 & Virtualmin 6.04.

The vhost conf file of the site I added SSL too:

kremlyn.com.conf:

<VirtualHost *:80> SuexecUserGroup "#1018" "#1011" ServerName kremlyn.com ServerAlias www.kremlyn.com ServerAlias webmail.kremlyn.com ServerAlias admin.kremlyn.com ServerAlias kremlyn.shillongserver.com ServerAlias www.kremlyn.shillongserver.com DocumentRoot /home/kremlyn/public_html ErrorLog /var/log/virtualmin/kremlyn.com_error_log CustomLog /var/log/virtualmin/kremlyn.com_access_log combined ScriptAlias /cgi-bin/ /home/kremlyn/cgi-bin/ DirectoryIndex index.html index.htm index.php index.php4 index.php5 <Directory /home/kremlyn/public_html> Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI allow from all AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch Require all granted AddType application/x-httpd-php .php AddHandler fcgid-script .php AddHandler fcgid-script .php5 FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php5 </Directory> <Directory /home/kremlyn/cgi-bin> allow from all AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch Require all granted </Directory> RewriteEngine on RewriteCond %{HTTP_HOST} =webmail.kremlyn.com RewriteRule ^(.*) https://kremlyn.com:20000/ [R] RewriteCond %{HTTP_HOST} =admin.kremlyn.com RewriteRule ^(.*) https://kremlyn.com:10000/ [R] RemoveHandler .php RemoveHandler .php5 php_admin_value engine Off FcgidMaxRequestLen 1073741824 php_value memory_limit 32M IPCCommTimeout 41 RewriteCond %{SERVER_NAME} =kremlyn.shillongserver.com [OR] RewriteCond %{SERVER_NAME} =www.kremlyn.com [OR] RewriteCond %{SERVER_NAME} =admin.kremlyn.com [OR] RewriteCond %{SERVER_NAME} =www.kremlyn.shillongserver.com [OR] RewriteCond %{SERVER_NAME} =kremlyn.com [OR] RewriteCond %{SERVER_NAME} =webmail.kremlyn.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost>

The SSL configuration file generated by LetsEncrypt:

kremlyn.com-le-ssl.conf:

<IfModule mod_ssl.c> <VirtualHost *:443> SuexecUserGroup "#1018" "#1011" ServerName kremlyn.com ServerAlias www.kremlyn.com ServerAlias webmail.kremlyn.com ServerAlias admin.kremlyn.com ServerAlias kremlyn.shillongserver.com ServerAlias www.kremlyn.shillongserver.com DocumentRoot /home/kremlyn/public_html ErrorLog /var/log/virtualmin/kremlyn.com_error_log CustomLog /var/log/virtualmin/kremlyn.com_access_log combined ScriptAlias /cgi-bin/ /home/kremlyn/cgi-bin/ DirectoryIndex index.html index.htm index.php index.php4 index.php5 <Directory /home/kremlyn/public_html> Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI allow from all AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch Require all granted AddType application/x-httpd-php .php AddHandler fcgid-script .php AddHandler fcgid-script .php5 FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php5 </Directory> <Directory /home/kremlyn/cgi-bin> allow from all AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch Require all granted </Directory> RewriteEngine on # Some rewrite rules in this file were disabled on your HTTPS site, # because they have the potential to create redirection loops. # RewriteCond %{HTTP_HOST} =webmail.kremlyn.com # RewriteRule ^(.*) https://kremlyn.com:20000/ [R] # RewriteCond %{HTTP_HOST} =admin.kremlyn.com # RewriteRule ^(.*) https://kremlyn.com:10000/ [R] RemoveHandler .php RemoveHandler .php5 php_admin_value engine Off FcgidMaxRequestLen 1073741824 php_value memory_limit 32M IPCCommTimeout 41 Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/kremlyn.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/kremlyn.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/kremlyn.com/chain.pem </VirtualHost> </IfModule> <IfModule mod_ssl.c> <VirtualHost *:80> SuexecUserGroup "#1018" "#1011" ServerName kremlyn.com ServerAlias www.kremlyn.com ServerAlias webmail.kremlyn.com ServerAlias admin.kremlyn.com ServerAlias kremlyn.shillongserver.com ServerAlias www.kremlyn.shillongserver.com DocumentRoot /home/kremlyn/public_html ErrorLog /var/log/virtualmin/kremlyn.com_error_log CustomLog /var/log/virtualmin/kremlyn.com_access_log combined ScriptAlias /cgi-bin/ /home/kremlyn/cgi-bin/ DirectoryIndex index.html index.htm index.php index.php4 index.php5 <Directory /home/kremlyn/public_html> Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI allow from all AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch Require all granted AddType application/x-httpd-php .php AddHandler fcgid-script .php AddHandler fcgid-script .php5 FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php5 </Directory> <Directory /home/kremlyn/cgi-bin> allow from all AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch Require all granted </Directory> RewriteEngine on # Some rewrite rules in this file were disabled on your HTTPS site, # because they have the potential to create redirection loops. # RewriteCond %{HTTP_HOST} =webmail.kremlyn.com # RewriteRule ^(.*) https://kremlyn.com:20000/ [R] # RewriteCond %{HTTP_HOST} =admin.kremlyn.com # RewriteRule ^(.*) https://kremlyn.com:10000/ [R] RemoveHandler .php RemoveHandler .php5 php_admin_value engine Off FcgidMaxRequestLen 1073741824 php_value memory_limit 32M IPCCommTimeout 41 # RewriteCond %{SERVER_NAME} =kremlyn.shillongserver.com [OR] # RewriteCond %{SERVER_NAME} =www.kremlyn.com [OR] # RewriteCond %{SERVER_NAME} =admin.kremlyn.com [OR] # RewriteCond %{SERVER_NAME} =www.kremlyn.shillongserver.com [OR] # RewriteCond %{SERVER_NAME} =kremlyn.com [OR] # RewriteCond %{SERVER_NAME} =webmail.kremlyn.com # RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost> </IfModule> <IfModule mod_ssl.c> <VirtualHost *:80> SuexecUserGroup "#1018" "#1011" ServerName kremlyn.com ServerAlias www.kremlyn.com ServerAlias webmail.kremlyn.com ServerAlias admin.kremlyn.com ServerAlias kremlyn.shillongserver.com ServerAlias www.kremlyn.shillongserver.com DocumentRoot /home/kremlyn/public_html ErrorLog /var/log/virtualmin/kremlyn.com_error_log CustomLog /var/log/virtualmin/kremlyn.com_access_log combined ScriptAlias /cgi-bin/ /home/kremlyn/cgi-bin/ DirectoryIndex index.html index.htm index.php index.php4 index.php5 <Directory /home/kremlyn/public_html> Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI allow from all AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch Require all granted AddType application/x-httpd-php .php AddHandler fcgid-script .php AddHandler fcgid-script .php5 FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php FCGIWrapper /home/kremlyn/fcgi-bin/php5.fcgi .php5 </Directory> <Directory /home/kremlyn/cgi-bin> allow from all AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch Require all granted </Directory> RewriteEngine on # Some rewrite rules in this file were disabled on your HTTPS site, # because they have the potential to create redirection loops. # RewriteCond %{HTTP_HOST} =webmail.kremlyn.com # RewriteRule ^(.*) https://kremlyn.com:20000/ [R] # RewriteCond %{HTTP_HOST} =admin.kremlyn.com # RewriteRule ^(.*) https://kremlyn.com:10000/ [R] RemoveHandler .php RemoveHandler .php5 php_admin_value engine Off FcgidMaxRequestLen 1073741824 php_value memory_limit 32M IPCCommTimeout 41 # RewriteCond %{SERVER_NAME} =kremlyn.shillongserver.com [OR] # RewriteCond %{SERVER_NAME} =www.kremlyn.com [OR] # RewriteCond %{SERVER_NAME} =admin.kremlyn.com [OR] # RewriteCond %{SERVER_NAME} =www.kremlyn.shillongserver.com [OR] # RewriteCond %{SERVER_NAME} =kremlyn.com [OR] # RewriteCond %{SERVER_NAME} =webmail.kremlyn.com # RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost> </IfModule>

What am I doing wrong?

Mon, 02/04/2019 - 04:19
Jfro

What am I doing wrong?

1st. en 2st.

please go to read the docs of virtualmin and also the Forumguidelines here, kind of doublepost.. ;)

https://www.virtualmin.com/node/53663

You double https://www.virtualmin.com/node/64549

Mon, 02/04/2019 - 04:45 (Reply to #2)
shillongserver

@Jfro My apologies. Should I delete this question or the previous one? And you mentioned "Virtualmin itself has a LE script not using certbot". How can I undo what I have done so far so I can use Virtualmin itself? Please help.

Mon, 02/04/2019 - 05:10 (Reply to #3)
shillongserver

@Jfro Following the guide here: How to Use Let’s Encrypt SSL Certificate Automatically in Virtualmin / Webmin, I have managed to overwrite the certbot certificate with the Virtualmin generated certificate just now and also successfully redirected my site from http to https automatically. But now the error has changed from 403 to Internal Server Error 500 for this particular site. The other non-sll sites all redirects to the above site instead. Please help me.

Mon, 02/04/2019 - 06:33
Jfro

Take a look at the .conf with * or ip adress is in https://www.virtualmin.com/comment/803214#comment-803214

could be don't know...