Centos https endless loading












0















I have OS CentOS Linux release 7.6.1810 (Core), Apache/2.4.6 (CentOS), Redmine v3.4.6. My site works nice with http, but I want add https support to it. But when I try use https it has endless loading in my browser and then error: This site can’t be reached took too long to respond.
I checked my open ports with:



sudo netstat -tulnp


I can see here:
enter image description here
Also I checked it with:



sudo firewall-cmd --list-all


I can see here:
enter image description here



My iptables.service not is inactive (dead). I thought that problem was in SELinux, I tried set setenforce to 0, but it did not improve the situation, so I returned setenforce to 1. I test my httpd config - no errors only:
WARNING: PassengerRoot cannot occur within section
Syntax OK



I set LogLevel debug in my httpd.conf. But I don't have any error in my logs, moreover as I see on logs with ssl everything is all right:
enter image description here



Here is my .conf for my site:



<VirtualHost *:80>
Redirect permanent / https://myservernamehere/
ServerName myservernamehere
</VirtualHost>

<VirtualHost *:443>
ServerAdmin admin@myservernamehere
ServerName myservernamehere

DocumentRoot /home/redmine/redmine_ftp/public

PassengerRoot /usr/local/lib/ruby/gems/2.2.0/gems/passenger-6.0.0
PassengerRuby /usr/local/bin/ruby
PassengerUser redmine

<Directory /home/redmine/redmine_ftp/public>
Allow from all
Options -MultiViews
Require all granted
</Directory>
PassengerAppEnv production
PassengerHighPerformance on

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/myservernamehere-0001/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myservernamehere-0001/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/myservernamehere-0001/chain.pem


SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

<IfModule headers_module>
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</IfModule>
</VirtualHost>


So problem not in SELinux, ports are open, no errors in logs.




Updated
It's not about Apache or Ningh or Redmine, even on a simple standard page, https does not work.











share|improve this question

























  • Can you try running openssl s_client -connect [your-domain-name]:443 and add the output here?

    – Haxiel
    2 days ago













  • @Haxiel I got socket: Bad file descriptor connect:errno=9

    – Vladimir Goncharuk
    2 days ago











  • That looks like a connectivity problem rather than an SSL problem. You seem to be listening on IPv6, so hopefully you have already accounted for that. From a remote host, can you try nc -v hostname 443 or telnet hostname 443 and see if it connects?

    – Haxiel
    2 days ago











  • @Haxiel I got Connection timed out

    – Vladimir Goncharuk
    2 days ago











  • Can you confirm that you want to use IPv6 here, and that your network is configured to handle it?

    – Haxiel
    2 days ago
















0















I have OS CentOS Linux release 7.6.1810 (Core), Apache/2.4.6 (CentOS), Redmine v3.4.6. My site works nice with http, but I want add https support to it. But when I try use https it has endless loading in my browser and then error: This site can’t be reached took too long to respond.
I checked my open ports with:



sudo netstat -tulnp


I can see here:
enter image description here
Also I checked it with:



sudo firewall-cmd --list-all


I can see here:
enter image description here



My iptables.service not is inactive (dead). I thought that problem was in SELinux, I tried set setenforce to 0, but it did not improve the situation, so I returned setenforce to 1. I test my httpd config - no errors only:
WARNING: PassengerRoot cannot occur within section
Syntax OK



I set LogLevel debug in my httpd.conf. But I don't have any error in my logs, moreover as I see on logs with ssl everything is all right:
enter image description here



Here is my .conf for my site:



<VirtualHost *:80>
Redirect permanent / https://myservernamehere/
ServerName myservernamehere
</VirtualHost>

<VirtualHost *:443>
ServerAdmin admin@myservernamehere
ServerName myservernamehere

DocumentRoot /home/redmine/redmine_ftp/public

PassengerRoot /usr/local/lib/ruby/gems/2.2.0/gems/passenger-6.0.0
PassengerRuby /usr/local/bin/ruby
PassengerUser redmine

<Directory /home/redmine/redmine_ftp/public>
Allow from all
Options -MultiViews
Require all granted
</Directory>
PassengerAppEnv production
PassengerHighPerformance on

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/myservernamehere-0001/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myservernamehere-0001/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/myservernamehere-0001/chain.pem


SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

<IfModule headers_module>
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</IfModule>
</VirtualHost>


So problem not in SELinux, ports are open, no errors in logs.




Updated
It's not about Apache or Ningh or Redmine, even on a simple standard page, https does not work.











share|improve this question

























  • Can you try running openssl s_client -connect [your-domain-name]:443 and add the output here?

    – Haxiel
    2 days ago













  • @Haxiel I got socket: Bad file descriptor connect:errno=9

    – Vladimir Goncharuk
    2 days ago











  • That looks like a connectivity problem rather than an SSL problem. You seem to be listening on IPv6, so hopefully you have already accounted for that. From a remote host, can you try nc -v hostname 443 or telnet hostname 443 and see if it connects?

    – Haxiel
    2 days ago











  • @Haxiel I got Connection timed out

    – Vladimir Goncharuk
    2 days ago











  • Can you confirm that you want to use IPv6 here, and that your network is configured to handle it?

    – Haxiel
    2 days ago














0












0








0








I have OS CentOS Linux release 7.6.1810 (Core), Apache/2.4.6 (CentOS), Redmine v3.4.6. My site works nice with http, but I want add https support to it. But when I try use https it has endless loading in my browser and then error: This site can’t be reached took too long to respond.
I checked my open ports with:



sudo netstat -tulnp


I can see here:
enter image description here
Also I checked it with:



sudo firewall-cmd --list-all


I can see here:
enter image description here



My iptables.service not is inactive (dead). I thought that problem was in SELinux, I tried set setenforce to 0, but it did not improve the situation, so I returned setenforce to 1. I test my httpd config - no errors only:
WARNING: PassengerRoot cannot occur within section
Syntax OK



I set LogLevel debug in my httpd.conf. But I don't have any error in my logs, moreover as I see on logs with ssl everything is all right:
enter image description here



Here is my .conf for my site:



<VirtualHost *:80>
Redirect permanent / https://myservernamehere/
ServerName myservernamehere
</VirtualHost>

<VirtualHost *:443>
ServerAdmin admin@myservernamehere
ServerName myservernamehere

DocumentRoot /home/redmine/redmine_ftp/public

PassengerRoot /usr/local/lib/ruby/gems/2.2.0/gems/passenger-6.0.0
PassengerRuby /usr/local/bin/ruby
PassengerUser redmine

<Directory /home/redmine/redmine_ftp/public>
Allow from all
Options -MultiViews
Require all granted
</Directory>
PassengerAppEnv production
PassengerHighPerformance on

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/myservernamehere-0001/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myservernamehere-0001/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/myservernamehere-0001/chain.pem


SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

<IfModule headers_module>
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</IfModule>
</VirtualHost>


So problem not in SELinux, ports are open, no errors in logs.




Updated
It's not about Apache or Ningh or Redmine, even on a simple standard page, https does not work.











share|improve this question
















I have OS CentOS Linux release 7.6.1810 (Core), Apache/2.4.6 (CentOS), Redmine v3.4.6. My site works nice with http, but I want add https support to it. But when I try use https it has endless loading in my browser and then error: This site can’t be reached took too long to respond.
I checked my open ports with:



sudo netstat -tulnp


I can see here:
enter image description here
Also I checked it with:



sudo firewall-cmd --list-all


I can see here:
enter image description here



My iptables.service not is inactive (dead). I thought that problem was in SELinux, I tried set setenforce to 0, but it did not improve the situation, so I returned setenforce to 1. I test my httpd config - no errors only:
WARNING: PassengerRoot cannot occur within section
Syntax OK



I set LogLevel debug in my httpd.conf. But I don't have any error in my logs, moreover as I see on logs with ssl everything is all right:
enter image description here



Here is my .conf for my site:



<VirtualHost *:80>
Redirect permanent / https://myservernamehere/
ServerName myservernamehere
</VirtualHost>

<VirtualHost *:443>
ServerAdmin admin@myservernamehere
ServerName myservernamehere

DocumentRoot /home/redmine/redmine_ftp/public

PassengerRoot /usr/local/lib/ruby/gems/2.2.0/gems/passenger-6.0.0
PassengerRuby /usr/local/bin/ruby
PassengerUser redmine

<Directory /home/redmine/redmine_ftp/public>
Allow from all
Options -MultiViews
Require all granted
</Directory>
PassengerAppEnv production
PassengerHighPerformance on

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/myservernamehere-0001/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myservernamehere-0001/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/myservernamehere-0001/chain.pem


SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

<IfModule headers_module>
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</IfModule>
</VirtualHost>


So problem not in SELinux, ports are open, no errors in logs.




Updated
It's not about Apache or Ningh or Redmine, even on a simple standard page, https does not work.








centos apache-httpd redmine






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 17 mins ago







Vladimir Goncharuk

















asked Jan 10 at 5:02









Vladimir GoncharukVladimir Goncharuk

1064




1064













  • Can you try running openssl s_client -connect [your-domain-name]:443 and add the output here?

    – Haxiel
    2 days ago













  • @Haxiel I got socket: Bad file descriptor connect:errno=9

    – Vladimir Goncharuk
    2 days ago











  • That looks like a connectivity problem rather than an SSL problem. You seem to be listening on IPv6, so hopefully you have already accounted for that. From a remote host, can you try nc -v hostname 443 or telnet hostname 443 and see if it connects?

    – Haxiel
    2 days ago











  • @Haxiel I got Connection timed out

    – Vladimir Goncharuk
    2 days ago











  • Can you confirm that you want to use IPv6 here, and that your network is configured to handle it?

    – Haxiel
    2 days ago



















  • Can you try running openssl s_client -connect [your-domain-name]:443 and add the output here?

    – Haxiel
    2 days ago













  • @Haxiel I got socket: Bad file descriptor connect:errno=9

    – Vladimir Goncharuk
    2 days ago











  • That looks like a connectivity problem rather than an SSL problem. You seem to be listening on IPv6, so hopefully you have already accounted for that. From a remote host, can you try nc -v hostname 443 or telnet hostname 443 and see if it connects?

    – Haxiel
    2 days ago











  • @Haxiel I got Connection timed out

    – Vladimir Goncharuk
    2 days ago











  • Can you confirm that you want to use IPv6 here, and that your network is configured to handle it?

    – Haxiel
    2 days ago

















Can you try running openssl s_client -connect [your-domain-name]:443 and add the output here?

– Haxiel
2 days ago







Can you try running openssl s_client -connect [your-domain-name]:443 and add the output here?

– Haxiel
2 days ago















@Haxiel I got socket: Bad file descriptor connect:errno=9

– Vladimir Goncharuk
2 days ago





@Haxiel I got socket: Bad file descriptor connect:errno=9

– Vladimir Goncharuk
2 days ago













That looks like a connectivity problem rather than an SSL problem. You seem to be listening on IPv6, so hopefully you have already accounted for that. From a remote host, can you try nc -v hostname 443 or telnet hostname 443 and see if it connects?

– Haxiel
2 days ago





That looks like a connectivity problem rather than an SSL problem. You seem to be listening on IPv6, so hopefully you have already accounted for that. From a remote host, can you try nc -v hostname 443 or telnet hostname 443 and see if it connects?

– Haxiel
2 days ago













@Haxiel I got Connection timed out

– Vladimir Goncharuk
2 days ago





@Haxiel I got Connection timed out

– Vladimir Goncharuk
2 days ago













Can you confirm that you want to use IPv6 here, and that your network is configured to handle it?

– Haxiel
2 days ago





Can you confirm that you want to use IPv6 here, and that your network is configured to handle it?

– Haxiel
2 days ago










0






active

oldest

votes











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f493616%2fcentos-https-endless-loading%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f493616%2fcentos-https-endless-loading%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Accessing regular linux commands in Huawei's Dopra Linux

Can't connect RFCOMM socket: Host is down

Kernel panic - not syncing: Fatal Exception in Interrupt