SSL in XIBO CMS works with problem


#1

Alex / Dan
Good morning, I tell you that he has made good progress in the installation of XIBO (1.8.10) with Docker and Ubutnu Operating System 18.04. At the time of consultation, enable the SSL Certificate for XIBO CMS and following this procedure https://xibo.org.uk/docs/setup/xibo-with-docker-ubuntu-16-04 , I have the following behavior.

Installation of the certificate from Let’s Encrypt (certbot --apache -d www.misubdomain.com) -> Installation OK

Subsequently, tests are performed and the following protocols or URL works its redirection.

In contrast, these URL does not work the redirect.

I have enabled the option to “FORCE HTTPS” in the XIBO console, but then it stops working and the redirect does not work either and finally everything stops working (at least I maintain backup and my back is fast)

My question is, how can I solve my problem in which all the protocols work correctly?

Greetings friends and thanks in advance
PS: excuse my English


#2

The certificate you’ve asked for is for only www.misubdomain.com but you’re also trying to access misubdomain.com which isn’t the same thing.

You need to request a certificate for both URLs if that’s what you want to do.

FORCE_HTTPS in Xibo should work for you once you have a suitable certificate for both URLs.


#3

Dear Alex
Thank you very much for your prompt response, do as indicated, add only the URL mydomain.com with the command “certbot” and force all addresses to be redirected

(in the process below), but still the problem persists.

I leave the modification process with the command “certbot” here

root@XXXXXXXX:~# certbot

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?


1: mydomain.com

2: www.mydomain.com


Select the appropriate numbers separated by commas and/or spaces, or leave input

blank to select all options shown (Enter ‘c’ to cancel): 1

Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn’t close to expiry.

(ref: /etc/letsencrypt/renewal/mydomain.com.conf)

What would you like to do?


1: Attempt to reinstall this existing certificate

2: Renew & replace the cert (limit ~5 per 7 days)


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1

Keeping the existing certificate

Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/000-default-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.


1: No redirect - Make no further changes to the webserver configuration.

2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for

new sites, or if you’re confident your site works on HTTPS. You can undo this

change by editing your web server’s configuration.


Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2

Enhancement redirect was already set.


Congratulations! You have successfully enabled

https://mydomain.com

You should test your configuration at:

https://www.ssllabs.com/ssltest/analyze.html?d=mydomain.com


IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:

/etc/letsencrypt/live/mydomain.com/fullchain.pem

Your key file has been saved at:

/etc/letsencrypt/live/mydomain.com/privkey.pem

Your cert will expire on 2019-05-08. To obtain a new or tweaked

version of this certificate in the future, simply run certbot again

with the "certonly" option. To non-interactively renew all of

your certificates, run "certbot renew"

  • If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate

Donating to EFF: https://eff.org/donate-le

After the change (as the previous process shows), the following behavior now has the URLs:

Message in the web browser “Your connection is not secure” (you must add an exception in the web browser to allow access), but all these URLs redirect correctly to https://www.mydomain.com.

Works without problems (the green padlock with secure site information is displayed)

It works but the message that the site is not safe (the gray padlock is displayed)

Finally, I return to enable the option “FORCED HTTPS” and again all the URLs stop working, so I return to restore my backup to continue testing.

Please help me in order to satisfactorily complete my configuration.


#4

You’ve generated a second certificate for the other url.

That’s not what you needed to do.

You need to make a single certificate with both host names in it, and then apply that to the webserver


#5

Alex, thank you very much again. I just found the next certbot command where I consolidated both URLs into a single certificate, I leave command and link.

certbot --apache -d www.mydomain.com -d mydomain.com

but when you enable “FORCE HTTPS”, the console stops working again.

There is some other idea to be able to continue testing.

regards


#6

What’s the error you get when you enable FORCE_HTTPS?


#7

Dear Friend
The console stops working completely and with no protocol and URL works.
To correct this problem, in one of your post you indicate modify a certain parameter in MySQL, in my case I make a return to the virtual machine to recover the console.

Thank you very much for answering today Saturday.


#8

The browser will give you an error. What is it?


#9

Dear Friend
this is the web browser message “Firefox and Chrome”

Firefox

The page is not redirecting properly

An error occurred during a connection to mysubdomain.domain.com.

 This problem can sometimes be caused by disabling or rejecting cookies.

Chrome

This page does not work The page www.mysubdomain.domain.com has redirected you too many times.
Delete cookies
ERR_TOO_MANY_REDIRECTS

I leave images of the states after the tests.

Before enabling “FORCE HTTPS” through the XIBO console, where the console operates with the redirect to HTTPS and works with HTTP.

Sitio%20No%20Seguro Sitio%20Seguro%20-%20SSL%20OK

After enabling the “FORCE HTTPS” option, the messages of each web browser
ERROR_CHROME

Thank you very much for your willingness to respond in a weekend.

regards


#10

So “Too many redirects” means that the webserver isn’t telling Xibo that HTTPS is enabled when the request comes via that virtual host.

Apache should be setting the environment variable HTTPS to on when the page is accessed via https. It seems in your case it isn’t. You’d need to look at why that might be.


#11

Alex, again thanks. Based on your experience, you have some idea of how to solve this problem. For my part I will investigate and I will tell you if I am doing well.

Greetings.