I am trying to install ssl certificate on my ubuntu server 20.04
I have downloaded ssl files and put them in /home/ubuntu (will change once it works):
- api_limitlesssoft_com_key.txt
- api.limitlesssoft.com.p7b
- api.limitlesssoft.com.crt
- api.limitlesssoft.com.ca-bundle
Now what I have done is edit Virtual host file to look like this:
LoadModule ssl_module modules/mod_ssl.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so <VirtualHost *:80> ServerName api.limitlesssoft.com ServerAdmin [email protected] ProxyPreserveHost On ProxyPass / http://127.0.0.1:5000/ ProxyPassReverse / http://127.0.0.1:5000/ ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> <VirtualHost *:443> ServerName api.limitlesssoft.com ServerAdmin [email protected] ProxyPreserveHost On ProxyPass / http://127.0.0.1:5000/ ProxyPassReverse / http://127.0.0.1:5000/ ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /home/ubuntu/api.limitlesssoft.com.crt SSLCertificateKeyFile /home/ubuntu/api_limitlesssoft_com_key.txt SSLCertificateChainFile /home/ubuntu/api.limitlesssoft.com.ca-bundle </VirtualHost> and for some reason only http one does work.
a2enmod ssl returns that it is already running I have ran sudo ufw 443 and it is enabled
ubuntu@ubuntu:/var/log/apache2$ telnet localhost 443 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. ubuntu@ubuntu:/var/log/apache2$ sudo netstat -peanut | grep ':80' tcp6 0 0 :::80 :::* LISTEN 0 46821 3493/apache2 ubuntu@ubuntu:/var/log/apache2$ sudo netstat -peanut | grep ':443' tcp6 0 0 :::443 :::* LISTEN 0 46825 3493/apache2 tcp6 0 0 127.0.0.1:443 127.0.0.1:45968 TIME_WAIT 0 0 - ubuntu@ubuntu:/var/log/apache2$ netstat -a -n Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:5000 0.0.0.0:* LISTEN tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 1 0 127.0.0.1:41170 127.0.0.1:5000 CLOSE_WAIT tcp 0 192 192.168.1.109:22 192.168.1.2:61495 ESTABLISHED tcp6 0 0 ::1:5000 :::* LISTEN tcp6 0 0 :::80 :::* LISTEN tcp6 0 0 :::21 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 :::443 :::* LISTEN udp 0 0 127.0.0.53:53 0.0.0.0:* udp 0 0 192.168.1.109:68 0.0.0.0:* raw6 0 0 :::58 :::* 7 ubuntu@ubuntu:~$ sudo ufw status Status: active To Action From -- ------ ---- 33380 ALLOW Anywhere 443 ALLOW Anywhere 22 ALLOW Anywhere 80 ALLOW Anywhere 33380 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6) 22 (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) And here is my application startup (when debugging it works on https)
using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.HttpOverrides; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; namespace api.limitlesssoft.com { public class Startup { // This method gets called by the runtime. Use this method to add services to the container. // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940 public void ConfigureServices(IServiceCollection services) { services.AddControllers(); services.Configure<ForwardedHeadersOptions>(options => { options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto; }); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseForwardedHeaders(); app.UseHttpsRedirection(); app.UseStaticFiles(); app.UseRouting(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); }); } } } 
netstat -a -nresults and as i can see there is port 443ufwis disabled