Centos https endless loading
I have OS CentOS Linux release 7.6.1810 (Core), Apache/2.4.6 (CentOS), Redmine v3.4.6. My site works nice with http, but I want add https support to it. But when I try use https it has endless loading in my browser and then error: This site can’t be reached took too long to respond.
I checked my open ports with:
sudo netstat -tulnp
I can see here:
Also I checked it with:
sudo firewall-cmd --list-all
I can see here:
My iptables.service not is inactive (dead). I thought that problem was in SELinux, I tried set setenforce to 0, but it did not improve the situation, so I returned setenforce to 1. I test my httpd config - no errors only:
WARNING: PassengerRoot cannot occur within section
Syntax OK
I set LogLevel debug in my httpd.conf. But I don't have any error in my logs, moreover as I see on logs with ssl everything is all right:
Here is my .conf for my site:
<VirtualHost *:80>
Redirect permanent / https://myservernamehere/
ServerName myservernamehere
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin@myservernamehere
ServerName myservernamehere
DocumentRoot /home/redmine/redmine_ftp/public
PassengerRoot /usr/local/lib/ruby/gems/2.2.0/gems/passenger-6.0.0
PassengerRuby /usr/local/bin/ruby
PassengerUser redmine
<Directory /home/redmine/redmine_ftp/public>
Allow from all
Options -MultiViews
Require all granted
</Directory>
PassengerAppEnv production
PassengerHighPerformance on
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/myservernamehere-0001/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myservernamehere-0001/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/myservernamehere-0001/chain.pem
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
<IfModule headers_module>
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</IfModule>
</VirtualHost>
So problem not in SELinux, ports are open, no errors in logs.
Updated
It's not about Apache or Ningh or Redmine, even on a simple standard page, https does not work.
centos apache-httpd redmine
|
show 2 more comments
I have OS CentOS Linux release 7.6.1810 (Core), Apache/2.4.6 (CentOS), Redmine v3.4.6. My site works nice with http, but I want add https support to it. But when I try use https it has endless loading in my browser and then error: This site can’t be reached took too long to respond.
I checked my open ports with:
sudo netstat -tulnp
I can see here:
Also I checked it with:
sudo firewall-cmd --list-all
I can see here:
My iptables.service not is inactive (dead). I thought that problem was in SELinux, I tried set setenforce to 0, but it did not improve the situation, so I returned setenforce to 1. I test my httpd config - no errors only:
WARNING: PassengerRoot cannot occur within section
Syntax OK
I set LogLevel debug in my httpd.conf. But I don't have any error in my logs, moreover as I see on logs with ssl everything is all right:
Here is my .conf for my site:
<VirtualHost *:80>
Redirect permanent / https://myservernamehere/
ServerName myservernamehere
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin@myservernamehere
ServerName myservernamehere
DocumentRoot /home/redmine/redmine_ftp/public
PassengerRoot /usr/local/lib/ruby/gems/2.2.0/gems/passenger-6.0.0
PassengerRuby /usr/local/bin/ruby
PassengerUser redmine
<Directory /home/redmine/redmine_ftp/public>
Allow from all
Options -MultiViews
Require all granted
</Directory>
PassengerAppEnv production
PassengerHighPerformance on
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/myservernamehere-0001/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myservernamehere-0001/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/myservernamehere-0001/chain.pem
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
<IfModule headers_module>
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</IfModule>
</VirtualHost>
So problem not in SELinux, ports are open, no errors in logs.
Updated
It's not about Apache or Ningh or Redmine, even on a simple standard page, https does not work.
centos apache-httpd redmine
Can you try runningopenssl s_client -connect [your-domain-name]:443
and add the output here?
– Haxiel
2 days ago
@Haxiel I gotsocket: Bad file descriptor connect:errno=9
– Vladimir Goncharuk
2 days ago
That looks like a connectivity problem rather than an SSL problem. You seem to be listening on IPv6, so hopefully you have already accounted for that. From a remote host, can you trync -v hostname 443
ortelnet hostname 443
and see if it connects?
– Haxiel
2 days ago
@Haxiel I gotConnection timed out
– Vladimir Goncharuk
2 days ago
Can you confirm that you want to use IPv6 here, and that your network is configured to handle it?
– Haxiel
2 days ago
|
show 2 more comments
I have OS CentOS Linux release 7.6.1810 (Core), Apache/2.4.6 (CentOS), Redmine v3.4.6. My site works nice with http, but I want add https support to it. But when I try use https it has endless loading in my browser and then error: This site can’t be reached took too long to respond.
I checked my open ports with:
sudo netstat -tulnp
I can see here:
Also I checked it with:
sudo firewall-cmd --list-all
I can see here:
My iptables.service not is inactive (dead). I thought that problem was in SELinux, I tried set setenforce to 0, but it did not improve the situation, so I returned setenforce to 1. I test my httpd config - no errors only:
WARNING: PassengerRoot cannot occur within section
Syntax OK
I set LogLevel debug in my httpd.conf. But I don't have any error in my logs, moreover as I see on logs with ssl everything is all right:
Here is my .conf for my site:
<VirtualHost *:80>
Redirect permanent / https://myservernamehere/
ServerName myservernamehere
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin@myservernamehere
ServerName myservernamehere
DocumentRoot /home/redmine/redmine_ftp/public
PassengerRoot /usr/local/lib/ruby/gems/2.2.0/gems/passenger-6.0.0
PassengerRuby /usr/local/bin/ruby
PassengerUser redmine
<Directory /home/redmine/redmine_ftp/public>
Allow from all
Options -MultiViews
Require all granted
</Directory>
PassengerAppEnv production
PassengerHighPerformance on
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/myservernamehere-0001/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myservernamehere-0001/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/myservernamehere-0001/chain.pem
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
<IfModule headers_module>
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</IfModule>
</VirtualHost>
So problem not in SELinux, ports are open, no errors in logs.
Updated
It's not about Apache or Ningh or Redmine, even on a simple standard page, https does not work.
centos apache-httpd redmine
I have OS CentOS Linux release 7.6.1810 (Core), Apache/2.4.6 (CentOS), Redmine v3.4.6. My site works nice with http, but I want add https support to it. But when I try use https it has endless loading in my browser and then error: This site can’t be reached took too long to respond.
I checked my open ports with:
sudo netstat -tulnp
I can see here:
Also I checked it with:
sudo firewall-cmd --list-all
I can see here:
My iptables.service not is inactive (dead). I thought that problem was in SELinux, I tried set setenforce to 0, but it did not improve the situation, so I returned setenforce to 1. I test my httpd config - no errors only:
WARNING: PassengerRoot cannot occur within section
Syntax OK
I set LogLevel debug in my httpd.conf. But I don't have any error in my logs, moreover as I see on logs with ssl everything is all right:
Here is my .conf for my site:
<VirtualHost *:80>
Redirect permanent / https://myservernamehere/
ServerName myservernamehere
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin@myservernamehere
ServerName myservernamehere
DocumentRoot /home/redmine/redmine_ftp/public
PassengerRoot /usr/local/lib/ruby/gems/2.2.0/gems/passenger-6.0.0
PassengerRuby /usr/local/bin/ruby
PassengerUser redmine
<Directory /home/redmine/redmine_ftp/public>
Allow from all
Options -MultiViews
Require all granted
</Directory>
PassengerAppEnv production
PassengerHighPerformance on
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/myservernamehere-0001/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myservernamehere-0001/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/myservernamehere-0001/chain.pem
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
<IfModule headers_module>
Header always edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
</IfModule>
</VirtualHost>
So problem not in SELinux, ports are open, no errors in logs.
Updated
It's not about Apache or Ningh or Redmine, even on a simple standard page, https does not work.
centos apache-httpd redmine
centos apache-httpd redmine
edited 17 mins ago
Vladimir Goncharuk
asked Jan 10 at 5:02
Vladimir GoncharukVladimir Goncharuk
1064
1064
Can you try runningopenssl s_client -connect [your-domain-name]:443
and add the output here?
– Haxiel
2 days ago
@Haxiel I gotsocket: Bad file descriptor connect:errno=9
– Vladimir Goncharuk
2 days ago
That looks like a connectivity problem rather than an SSL problem. You seem to be listening on IPv6, so hopefully you have already accounted for that. From a remote host, can you trync -v hostname 443
ortelnet hostname 443
and see if it connects?
– Haxiel
2 days ago
@Haxiel I gotConnection timed out
– Vladimir Goncharuk
2 days ago
Can you confirm that you want to use IPv6 here, and that your network is configured to handle it?
– Haxiel
2 days ago
|
show 2 more comments
Can you try runningopenssl s_client -connect [your-domain-name]:443
and add the output here?
– Haxiel
2 days ago
@Haxiel I gotsocket: Bad file descriptor connect:errno=9
– Vladimir Goncharuk
2 days ago
That looks like a connectivity problem rather than an SSL problem. You seem to be listening on IPv6, so hopefully you have already accounted for that. From a remote host, can you trync -v hostname 443
ortelnet hostname 443
and see if it connects?
– Haxiel
2 days ago
@Haxiel I gotConnection timed out
– Vladimir Goncharuk
2 days ago
Can you confirm that you want to use IPv6 here, and that your network is configured to handle it?
– Haxiel
2 days ago
Can you try running
openssl s_client -connect [your-domain-name]:443
and add the output here?– Haxiel
2 days ago
Can you try running
openssl s_client -connect [your-domain-name]:443
and add the output here?– Haxiel
2 days ago
@Haxiel I got
socket: Bad file descriptor connect:errno=9
– Vladimir Goncharuk
2 days ago
@Haxiel I got
socket: Bad file descriptor connect:errno=9
– Vladimir Goncharuk
2 days ago
That looks like a connectivity problem rather than an SSL problem. You seem to be listening on IPv6, so hopefully you have already accounted for that. From a remote host, can you try
nc -v hostname 443
or telnet hostname 443
and see if it connects?– Haxiel
2 days ago
That looks like a connectivity problem rather than an SSL problem. You seem to be listening on IPv6, so hopefully you have already accounted for that. From a remote host, can you try
nc -v hostname 443
or telnet hostname 443
and see if it connects?– Haxiel
2 days ago
@Haxiel I got
Connection timed out
– Vladimir Goncharuk
2 days ago
@Haxiel I got
Connection timed out
– Vladimir Goncharuk
2 days ago
Can you confirm that you want to use IPv6 here, and that your network is configured to handle it?
– Haxiel
2 days ago
Can you confirm that you want to use IPv6 here, and that your network is configured to handle it?
– Haxiel
2 days ago
|
show 2 more comments
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f493616%2fcentos-https-endless-loading%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f493616%2fcentos-https-endless-loading%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Can you try running
openssl s_client -connect [your-domain-name]:443
and add the output here?– Haxiel
2 days ago
@Haxiel I got
socket: Bad file descriptor connect:errno=9
– Vladimir Goncharuk
2 days ago
That looks like a connectivity problem rather than an SSL problem. You seem to be listening on IPv6, so hopefully you have already accounted for that. From a remote host, can you try
nc -v hostname 443
ortelnet hostname 443
and see if it connects?– Haxiel
2 days ago
@Haxiel I got
Connection timed out
– Vladimir Goncharuk
2 days ago
Can you confirm that you want to use IPv6 here, and that your network is configured to handle it?
– Haxiel
2 days ago