1

What I have:

  • I have a Spring Boot app as a docker image in a private registry
  • SSL Certificate from Let's Encrypt

I ran this commands:

  • wget https://dl.eff.org/certbot-auto(get certbot)
  • chmod a+x certbot-auto (make it exec)
  • ./certbot-auto (run it)
  • openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomcat -CAfile chain.pem -caname root (convert to Spring boot compatible keys)

In my Spring Boot app, I added this entries to the properties:

security.require-ssl=true
server.ssl.key-store={key_store_location}
server.ssl.key-store-password={key_store_password}
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat

At this point I can access my app through: https://example.com:8080/ and the certificate is valid.

Then I do this: My /etc/apache2/sites-enabled/000-default.conf file looks like this:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


ServerAdmin webmaster@localhost
ServerName {domain}

SSLEngine on
SSLProxyEngine On
SSLProtocol All -SSLv2 -SSLv3 # Disable SSL versions with POODLE vulnerability

SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem

ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8080/
ProxyPassReverse / https://localhost:8080/

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

After I start apache2 and open https://example.com/ I get 

Bad Request
This combination of host and port requires TLS.

But, if I enter https://example.com:80/ everything works.

So my question is: what do I need to do to get rid of the port and just get https://example.com/ to work?

Thank you.

EDIT: After I added 443 as suggested, the issue remains with the same error.

Full configuration file:

<VirtualHost *:80>
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

        ServerAdmin webmaster@localhost
        ServerName example.com

        SSLEngine on
        SSLProxyEngine On
        SSLProtocol All -SSLv2 -SSLv3

        SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
        SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem

        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass / https://localhost:8080/
        ProxyPassReverse / https://localhost:8080/


        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

<VirtualHost *:443>
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

        ServerAdmin webmaster@localhost
        ServerName example.com

        SSLEngine on
        SSLProxyEngine On
        SSLProtocol All -SSLv2 -SSLv3

        SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
        SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem

        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass / https://localhost:8080/
        ProxyPassReverse / https://localhost:8080/

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Improve this question

1 Answer 1

Reset to default
1

Default Https port is 443. Could you please created SSL VirtualHost for 443 and add all entry inside VirtualHost and test. 

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Listen 443 https
<VirtualHost Apache-IP:443>
ServerAdmin webmaster@localhost
ServerName {domain}

SSLEngine on
SSLProxyEngine On
SSLProtocol All -SSLv2 -SSLv3 # Disable SSL versions with POODLE vulnerability

SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem

ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8080/
ProxyPassReverse / https://localhost:8080/

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>
Improve this answer
9
  • Thanks! the result is still the same, unfortunately. I made the changes and restarted apache.
    – Alejandro
    Commented Jun 9, 2020 at 13:43
  • share the latest configuration and error log for review.
    – Pandurang
    Commented Jun 9, 2020 at 13:45
  • I updated my original post with the information requested. Thanks!
    – Alejandro
    Commented Jun 9, 2020 at 13:59
  • 1
    Please remove SSL configuration from <VirtualHost *:80>.Restart Apache httpd and test.
    – Pandurang
    Commented Jun 9, 2020 at 14:01
  • I commented everything starting with SSL (6 lines in total) from the <VirtualHost *:80> portion of the config file and still the same error. http redirects correctly to https though
    – Alejandro
    Commented Jun 9, 2020 at 14:12

Not the answer you're looking for? Browse other questions tagged or ask your own question.