redirecting traffic via .htaccess or VirtualHost .conf fails with https on centos 7 multisite server
Clash Royale CLAN TAG#URR8PPP
I have a Centos 7 server configured for multisite web hosting. One of the things I'm trying to do with this server is redirect traffic to old subdomains to subdirectories on our primary website. The primary site is NOT on this same server.
I have tried a ton of configurations using pure VirtualHost config as well as .htaccess. I can always get it working with HTTP but never with HTTPS as this VirtualHost has no SSL cert and I can't buy one for it only to redirect traffic.
So, http://bort.example.com redirects to https://www.example.com/bort just fine, but https://bort.example.com gives a security error about an invalid cert always.
My current theory is that without a cert on the redirect server, apache is refusing to even process the .htaccess file, so I've gotten rid of it completely and tried to distill the VirtualHost configuration down to the simplest possible method. This is what I have right now.
<VirtualHost *:80>
ServerName bort.example.com
Redirect / https://www.example.com/bort
</VirtualHost>
<VirtualHost *:443>
ServerName bort.example.com
Redirect / https://www.example.com/bort
</VirtualHost>
This still works fine with HTTP traffic. What am I missing to get this working with https://bort.example.com?
Edit: It looks like another site on this server, lisa.example.com, that does have an SSL cert may be a contributing factor. The actual error received when trying to reach https://bort.example.com is this:
bort.example.com uses an invalid security certificate.
The certificate is only valid for the following names:
lisa.example.com
Error code: SSL_ERROR_BAD_CERT_DOMAIN
centos apache-httpd apache-virtualhost
edited Feb 22 at 13:18
Rui F Ribeiro
40.6k1479137
asked Feb 5 at 17:12
Anonymous ManAnonymous Man
1085
|
show 2 more comments
I have a Centos 7 server configured for multisite web hosting. One of the things I'm trying to do with this server is redirect traffic to old subdomains to subdirectories on our primary website. The primary site is NOT on this same server.
I have tried a ton of configurations using pure VirtualHost config as well as .htaccess. I can always get it working with HTTP but never with HTTPS as this VirtualHost has no SSL cert and I can't buy one for it only to redirect traffic.
So, http://bort.example.com redirects to https://www.example.com/bort just fine, but https://bort.example.com gives a security error about an invalid cert always.
My current theory is that without a cert on the redirect server, apache is refusing to even process the .htaccess file, so I've gotten rid of it completely and tried to distill the VirtualHost configuration down to the simplest possible method. This is what I have right now.
<VirtualHost *:80>
ServerName bort.example.com
Redirect / https://www.example.com/bort
</VirtualHost>
<VirtualHost *:443>
ServerName bort.example.com
Redirect / https://www.example.com/bort
</VirtualHost>
This still works fine with HTTP traffic. What am I missing to get this working with https://bort.example.com?
Edit: It looks like another site on this server, lisa.example.com, that does have an SSL cert may be a contributing factor. The actual error received when trying to reach https://bort.example.com is this:
bort.example.com uses an invalid security certificate.
The certificate is only valid for the following names:
lisa.example.com
Error code: SSL_ERROR_BAD_CERT_DOMAIN
centos apache-httpd apache-virtualhost
edited Feb 22 at 13:18
Rui F Ribeiro
40.6k1479137
asked Feb 5 at 17:12
Anonymous ManAnonymous Man
1085
You are doing it for virtual host*:80. 80 is the port of http. You should check the portion of config of your https.
– Giacomo Catenazzi
Feb 5 at 17:15
1
And BTW you can link what you tried, so that we can improve old answers (sometime things go obsolete)
– Giacomo Catenazzi
Feb 5 at 17:16
I have added configuration for port 443 and confirmed that is the port it uses but the behavior is the same.
– Anonymous Man
Feb 5 at 17:33
will keep letsencrypt on the back burner. would prefer a simpler solution if possible.
– Anonymous Man
Feb 5 at 17:39
my only option with letsencrypt would be manual mode which they "don’t recommend this option because it is time-consuming and you will need to repeat it several times per year as your certificate expires." that sounds truly awful but if it's the only way...
– Anonymous Man
Feb 5 at 17:45
|
show 2 more comments
I have a Centos 7 server configured for multisite web hosting. One of the things I'm trying to do with this server is redirect traffic to old subdomains to subdirectories on our primary website. The primary site is NOT on this same server.
I have tried a ton of configurations using pure VirtualHost config as well as .htaccess. I can always get it working with HTTP but never with HTTPS as this VirtualHost has no SSL cert and I can't buy one for it only to redirect traffic.
So, http://bort.example.com redirects to https://www.example.com/bort just fine, but https://bort.example.com gives a security error about an invalid cert always.
My current theory is that without a cert on the redirect server, apache is refusing to even process the .htaccess file, so I've gotten rid of it completely and tried to distill the VirtualHost configuration down to the simplest possible method. This is what I have right now.
<VirtualHost *:80>
ServerName bort.example.com
Redirect / https://www.example.com/bort
</VirtualHost>
<VirtualHost *:443>
ServerName bort.example.com
Redirect / https://www.example.com/bort
</VirtualHost>
This still works fine with HTTP traffic. What am I missing to get this working with https://bort.example.com?
Edit: It looks like another site on this server, lisa.example.com, that does have an SSL cert may be a contributing factor. The actual error received when trying to reach https://bort.example.com is this:
bort.example.com uses an invalid security certificate.
The certificate is only valid for the following names:
lisa.example.com
Error code: SSL_ERROR_BAD_CERT_DOMAIN
centos apache-httpd apache-virtualhost
edited Feb 22 at 13:18
Rui F Ribeiro
40.6k1479137
asked Feb 5 at 17:12
Anonymous ManAnonymous Man
1085
I have a Centos 7 server configured for multisite web hosting. One of the things I'm trying to do with this server is redirect traffic to old subdomains to subdirectories on our primary website. The primary site is NOT on this same server.
I have tried a ton of configurations using pure VirtualHost config as well as .htaccess. I can always get it working with HTTP but never with HTTPS as this VirtualHost has no SSL cert and I can't buy one for it only to redirect traffic.
So, http://bort.example.com redirects to https://www.example.com/bort just fine, but https://bort.example.com gives a security error about an invalid cert always.
My current theory is that without a cert on the redirect server, apache is refusing to even process the .htaccess file, so I've gotten rid of it completely and tried to distill the VirtualHost configuration down to the simplest possible method. This is what I have right now.
<VirtualHost *:80>
ServerName bort.example.com
Redirect / https://www.example.com/bort
</VirtualHost>
<VirtualHost *:443>
ServerName bort.example.com
Redirect / https://www.example.com/bort
</VirtualHost>
This still works fine with HTTP traffic. What am I missing to get this working with https://bort.example.com?
Edit: It looks like another site on this server, lisa.example.com, that does have an SSL cert may be a contributing factor. The actual error received when trying to reach https://bort.example.com is this:
bort.example.com uses an invalid security certificate.
The certificate is only valid for the following names:
lisa.example.com
Error code: SSL_ERROR_BAD_CERT_DOMAIN
centos apache-httpd apache-virtualhost
centos apache-httpd apache-virtualhost
edited Feb 22 at 13:18
Rui F Ribeiro
40.6k1479137
asked Feb 5 at 17:12
Anonymous ManAnonymous Man
1085
edited Feb 22 at 13:18
Rui F Ribeiro
40.6k1479137
asked Feb 5 at 17:12
Anonymous ManAnonymous Man
1085
edited Feb 22 at 13:18
Rui F Ribeiro
40.6k1479137
edited Feb 22 at 13:18
Rui F Ribeiro
40.6k1479137
edited Feb 22 at 13:18
Rui F Ribeiro
40.6k1479137
40.6k1479137
asked Feb 5 at 17:12
Anonymous ManAnonymous Man
1085
asked Feb 5 at 17:12
Anonymous ManAnonymous Man
1085
asked Feb 5 at 17:12
Anonymous ManAnonymous Man
1085
1085
You are doing it for virtual host*:80. 80 is the port of http. You should check the portion of config of your https.
– Giacomo Catenazzi
Feb 5 at 17:15
1
And BTW you can link what you tried, so that we can improve old answers (sometime things go obsolete)
– Giacomo Catenazzi
Feb 5 at 17:16
I have added configuration for port 443 and confirmed that is the port it uses but the behavior is the same.
– Anonymous Man
Feb 5 at 17:33
will keep letsencrypt on the back burner. would prefer a simpler solution if possible.
– Anonymous Man
Feb 5 at 17:39
my only option with letsencrypt would be manual mode which they "don’t recommend this option because it is time-consuming and you will need to repeat it several times per year as your certificate expires." that sounds truly awful but if it's the only way...
– Anonymous Man
Feb 5 at 17:45
|
show 2 more comments
You are doing it for virtual host*:80. 80 is the port of http. You should check the portion of config of your https.
– Giacomo Catenazzi
Feb 5 at 17:15
1
And BTW you can link what you tried, so that we can improve old answers (sometime things go obsolete)
– Giacomo Catenazzi
Feb 5 at 17:16
I have added configuration for port 443 and confirmed that is the port it uses but the behavior is the same.
– Anonymous Man
Feb 5 at 17:33
will keep letsencrypt on the back burner. would prefer a simpler solution if possible.
– Anonymous Man
Feb 5 at 17:39
my only option with letsencrypt would be manual mode which they "don’t recommend this option because it is time-consuming and you will need to repeat it several times per year as your certificate expires." that sounds truly awful but if it's the only way...
– Anonymous Man
Feb 5 at 17:45
You are doing it for virtual host
*:80. 80 is the port of http. You should check the portion of config of your https.– Giacomo Catenazzi
Feb 5 at 17:15
You are doing it for virtual host
*:80. 80 is the port of http. You should check the portion of config of your https.– Giacomo Catenazzi
Feb 5 at 17:15
1
1
And BTW you can link what you tried, so that we can improve old answers (sometime things go obsolete)
– Giacomo Catenazzi
Feb 5 at 17:16
And BTW you can link what you tried, so that we can improve old answers (sometime things go obsolete)
– Giacomo Catenazzi
Feb 5 at 17:16
I have added configuration for port 443 and confirmed that is the port it uses but the behavior is the same.
– Anonymous Man
Feb 5 at 17:33
I have added configuration for port 443 and confirmed that is the port it uses but the behavior is the same.
– Anonymous Man
Feb 5 at 17:33
will keep letsencrypt on the back burner. would prefer a simpler solution if possible.
– Anonymous Man
Feb 5 at 17:39
will keep letsencrypt on the back burner. would prefer a simpler solution if possible.
– Anonymous Man
Feb 5 at 17:39
my only option with letsencrypt would be manual mode which they "don’t recommend this option because it is time-consuming and you will need to repeat it several times per year as your certificate expires." that sounds truly awful but if it's the only way...
– Anonymous Man
Feb 5 at 17:45
my only option with letsencrypt would be manual mode which they "don’t recommend this option because it is time-consuming and you will need to repeat it several times per year as your certificate expires." that sounds truly awful but if it's the only way...
– Anonymous Man
Feb 5 at 17:45
|
show 2 more comments
1 Answer
1
active
oldest
votes
In HTTPS, the order of operations at the beginning of a connection is... less than ideal. This is because HTTP was initially designed separate from SSL/TLS, and the two technologies did not fit perfectly together.
When the server accepts any incoming HTTPS connection, the first step is the SSL/TLS negotiation. This happens before any other data is passed over the connection - in particular, before the client has a chance to send the HTTP(s) header specifying the name of the server the client is asking for.
As a result, if the server has multiple certificates for different sites, it may need to blindly choose one and hope it's the certificate for the site the client is asking for. If the wrong certificate was presented, the client will refuse to believe anything the server sends on that connection, and so redirecting the client will be impossible. "Wait, I wanted bort and now your certificate proves your name is lisa instead? This is a mistake or something worse, I don't want to talk to you." The client won't even give the server the chance to offer the redirect information.
As name-based virtual hosting became common, two technologies were developed to fix this issue: Server Name Indication (SNI) and Server Alternative Names (SAN).
Server Name Indication is a SSL/TLS extension that allows the client to tell the name of the server in the early phase of SSL/TLS negotiation, instead of only in the HTTP(s) request headers. If the server supports SNI, it can then choose the correct certificate to present to the client. Of course, each VirtualHost must then have its own certificate: with Apache it means SSLCertificateFile and SSLCertificateKeyFile parameters for each virtual host, pointing to a certificate that matches the ServerName of that virtual host. And if you don't already have a certificate for bort, you'll need to get one.
The other alternative would be to have a certificate that is good for more than one virtual host. That's where the Server Alternate Names technology comes in. It is a certificate extension that allows the certificate to list multiple host names it's good for. You could get a new certificate for your server that uses SAN to list both lisa.example.com and bort.example.com as valid DNS names for the certificate. Of course, getting a new certificate can be a hassle.
Unfortunately, since both SNI and SAN are later additions to the SSL/TLS standards, the oldest browsers won't necessarily support them. But basically any browser that was released on this decade should support them just fine.
answered Feb 7 at 10:29
telcoMtelcoM
18.5k12347
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f498855%2fredirecting-traffic-via-htaccess-or-virtualhost-conf-fails-with-https-on-cento%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
In HTTPS, the order of operations at the beginning of a connection is... less than ideal. This is because HTTP was initially designed separate from SSL/TLS, and the two technologies did not fit perfectly together.
When the server accepts any incoming HTTPS connection, the first step is the SSL/TLS negotiation. This happens before any other data is passed over the connection - in particular, before the client has a chance to send the HTTP(s) header specifying the name of the server the client is asking for.
As a result, if the server has multiple certificates for different sites, it may need to blindly choose one and hope it's the certificate for the site the client is asking for. If the wrong certificate was presented, the client will refuse to believe anything the server sends on that connection, and so redirecting the client will be impossible. "Wait, I wanted bort and now your certificate proves your name is lisa instead? This is a mistake or something worse, I don't want to talk to you." The client won't even give the server the chance to offer the redirect information.
As name-based virtual hosting became common, two technologies were developed to fix this issue: Server Name Indication (SNI) and Server Alternative Names (SAN).
Server Name Indication is a SSL/TLS extension that allows the client to tell the name of the server in the early phase of SSL/TLS negotiation, instead of only in the HTTP(s) request headers. If the server supports SNI, it can then choose the correct certificate to present to the client. Of course, each VirtualHost must then have its own certificate: with Apache it means SSLCertificateFile and SSLCertificateKeyFile parameters for each virtual host, pointing to a certificate that matches the ServerName of that virtual host. And if you don't already have a certificate for bort, you'll need to get one.
The other alternative would be to have a certificate that is good for more than one virtual host. That's where the Server Alternate Names technology comes in. It is a certificate extension that allows the certificate to list multiple host names it's good for. You could get a new certificate for your server that uses SAN to list both lisa.example.com and bort.example.com as valid DNS names for the certificate. Of course, getting a new certificate can be a hassle.
Unfortunately, since both SNI and SAN are later additions to the SSL/TLS standards, the oldest browsers won't necessarily support them. But basically any browser that was released on this decade should support them just fine.
answered Feb 7 at 10:29
telcoMtelcoM
18.5k12347
add a comment |
In HTTPS, the order of operations at the beginning of a connection is... less than ideal. This is because HTTP was initially designed separate from SSL/TLS, and the two technologies did not fit perfectly together.
When the server accepts any incoming HTTPS connection, the first step is the SSL/TLS negotiation. This happens before any other data is passed over the connection - in particular, before the client has a chance to send the HTTP(s) header specifying the name of the server the client is asking for.
As a result, if the server has multiple certificates for different sites, it may need to blindly choose one and hope it's the certificate for the site the client is asking for. If the wrong certificate was presented, the client will refuse to believe anything the server sends on that connection, and so redirecting the client will be impossible. "Wait, I wanted bort and now your certificate proves your name is lisa instead? This is a mistake or something worse, I don't want to talk to you." The client won't even give the server the chance to offer the redirect information.
As name-based virtual hosting became common, two technologies were developed to fix this issue: Server Name Indication (SNI) and Server Alternative Names (SAN).
Server Name Indication is a SSL/TLS extension that allows the client to tell the name of the server in the early phase of SSL/TLS negotiation, instead of only in the HTTP(s) request headers. If the server supports SNI, it can then choose the correct certificate to present to the client. Of course, each VirtualHost must then have its own certificate: with Apache it means SSLCertificateFile and SSLCertificateKeyFile parameters for each virtual host, pointing to a certificate that matches the ServerName of that virtual host. And if you don't already have a certificate for bort, you'll need to get one.
The other alternative would be to have a certificate that is good for more than one virtual host. That's where the Server Alternate Names technology comes in. It is a certificate extension that allows the certificate to list multiple host names it's good for. You could get a new certificate for your server that uses SAN to list both lisa.example.com and bort.example.com as valid DNS names for the certificate. Of course, getting a new certificate can be a hassle.
Unfortunately, since both SNI and SAN are later additions to the SSL/TLS standards, the oldest browsers won't necessarily support them. But basically any browser that was released on this decade should support them just fine.
answered Feb 7 at 10:29
telcoMtelcoM
18.5k12347
add a comment |
In HTTPS, the order of operations at the beginning of a connection is... less than ideal. This is because HTTP was initially designed separate from SSL/TLS, and the two technologies did not fit perfectly together.
When the server accepts any incoming HTTPS connection, the first step is the SSL/TLS negotiation. This happens before any other data is passed over the connection - in particular, before the client has a chance to send the HTTP(s) header specifying the name of the server the client is asking for.
As a result, if the server has multiple certificates for different sites, it may need to blindly choose one and hope it's the certificate for the site the client is asking for. If the wrong certificate was presented, the client will refuse to believe anything the server sends on that connection, and so redirecting the client will be impossible. "Wait, I wanted bort and now your certificate proves your name is lisa instead? This is a mistake or something worse, I don't want to talk to you." The client won't even give the server the chance to offer the redirect information.
As name-based virtual hosting became common, two technologies were developed to fix this issue: Server Name Indication (SNI) and Server Alternative Names (SAN).
Server Name Indication is a SSL/TLS extension that allows the client to tell the name of the server in the early phase of SSL/TLS negotiation, instead of only in the HTTP(s) request headers. If the server supports SNI, it can then choose the correct certificate to present to the client. Of course, each VirtualHost must then have its own certificate: with Apache it means SSLCertificateFile and SSLCertificateKeyFile parameters for each virtual host, pointing to a certificate that matches the ServerName of that virtual host. And if you don't already have a certificate for bort, you'll need to get one.
The other alternative would be to have a certificate that is good for more than one virtual host. That's where the Server Alternate Names technology comes in. It is a certificate extension that allows the certificate to list multiple host names it's good for. You could get a new certificate for your server that uses SAN to list both lisa.example.com and bort.example.com as valid DNS names for the certificate. Of course, getting a new certificate can be a hassle.
Unfortunately, since both SNI and SAN are later additions to the SSL/TLS standards, the oldest browsers won't necessarily support them. But basically any browser that was released on this decade should support them just fine.
answered Feb 7 at 10:29
telcoMtelcoM
18.5k12347
In HTTPS, the order of operations at the beginning of a connection is... less than ideal. This is because HTTP was initially designed separate from SSL/TLS, and the two technologies did not fit perfectly together.
When the server accepts any incoming HTTPS connection, the first step is the SSL/TLS negotiation. This happens before any other data is passed over the connection - in particular, before the client has a chance to send the HTTP(s) header specifying the name of the server the client is asking for.
As a result, if the server has multiple certificates for different sites, it may need to blindly choose one and hope it's the certificate for the site the client is asking for. If the wrong certificate was presented, the client will refuse to believe anything the server sends on that connection, and so redirecting the client will be impossible. "Wait, I wanted bort and now your certificate proves your name is lisa instead? This is a mistake or something worse, I don't want to talk to you." The client won't even give the server the chance to offer the redirect information.
As name-based virtual hosting became common, two technologies were developed to fix this issue: Server Name Indication (SNI) and Server Alternative Names (SAN).
Server Name Indication is a SSL/TLS extension that allows the client to tell the name of the server in the early phase of SSL/TLS negotiation, instead of only in the HTTP(s) request headers. If the server supports SNI, it can then choose the correct certificate to present to the client. Of course, each VirtualHost must then have its own certificate: with Apache it means SSLCertificateFile and SSLCertificateKeyFile parameters for each virtual host, pointing to a certificate that matches the ServerName of that virtual host. And if you don't already have a certificate for bort, you'll need to get one.
The other alternative would be to have a certificate that is good for more than one virtual host. That's where the Server Alternate Names technology comes in. It is a certificate extension that allows the certificate to list multiple host names it's good for. You could get a new certificate for your server that uses SAN to list both lisa.example.com and bort.example.com as valid DNS names for the certificate. Of course, getting a new certificate can be a hassle.
Unfortunately, since both SNI and SAN are later additions to the SSL/TLS standards, the oldest browsers won't necessarily support them. But basically any browser that was released on this decade should support them just fine.
answered Feb 7 at 10:29
telcoMtelcoM
18.5k12347
answered Feb 7 at 10:29
telcoMtelcoM
18.5k12347
answered Feb 7 at 10:29
telcoMtelcoM
18.5k12347
answered Feb 7 at 10:29
telcoMtelcoM
18.5k12347
18.5k12347
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f498855%2fredirecting-traffic-via-htaccess-or-virtualhost-conf-fails-with-https-on-cento%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
You are doing it for virtual host
*:80. 80 is the port of http. You should check the portion of config of your https.– Giacomo Catenazzi
Feb 5 at 17:15
1
And BTW you can link what you tried, so that we can improve old answers (sometime things go obsolete)
– Giacomo Catenazzi
Feb 5 at 17:16
I have added configuration for port 443 and confirmed that is the port it uses but the behavior is the same.
– Anonymous Man
Feb 5 at 17:33
will keep letsencrypt on the back burner. would prefer a simpler solution if possible.
– Anonymous Man
Feb 5 at 17:39
my only option with letsencrypt would be manual mode which they "don’t recommend this option because it is time-consuming and you will need to repeat it several times per year as your certificate expires." that sounds truly awful but if it's the only way...
– Anonymous Man
Feb 5 at 17:45