eotsr Posted March 26 Posted March 26 I recently had reverse DNS setup on VPS36 and everything appeared to be working fine after deleting the site from my browser's history(firefox) and refreshing it. I tried visiting the site using (chrome and ie on PC, mobile and tablet) but it says there are certificate errors and will not show. I deleted history and cookies and it still doesn't show. Says my site is using HSTS and is giving certificate errors. It was not a problem before I had reverse DNS setup, I was wondering if I could have it changed back (Remove Reverse DNS Setup) and if not can I get VPS36 Wiped/Reinstalled? Thank You and your assistance will be greatly appreciated.
wolstech Posted March 26 Posted March 26 Are you using Cloudflare for your domain? If so, turn off strict SSL if it's enabled. The site is working for me when accessed via its service URL: http://vps36.heliohost.us/ and https://vps36.heliohost.us/ (it lets me ignore the cert warning then redirects to plain HTTP...).
Krydos Posted March 26 Posted March 26 I'm pretty sure it's not going to change anything, but I changed the reverse DNS for VPS36 back to the default value.
eotsr Posted March 26 Author Posted March 26 No i'm not using cloudfare and for anyone(me) who visited my site before the reverse DNS is unable to visit the site after Reverse DNS. My DNS is setup through GoDaddy everything's fine on that end. I'm managing the VPS with Hestia Control Panel. I don't know if this could be where my problem lies but HestiaCP installed nginx. Could NGINX be in conflict with the reverse DNS that you setup and on return of my certs it's sending the certs to NGINX and not the setup that you created for me?
eotsr Posted March 26 Author Posted March 26 (edited) Thank You. I have another donation coming your way. I also purchased another VPS and have roughly 5 more in the near future to setup. You're doing a great job and I appreciate all you've done for me. Edited March 26 by eotsr
wolstech Posted March 26 Posted March 26 Reverse DNS should have zero impact on the availability of a website hosted on the box. All reverse DNS does is map an IP to a name (as opposed to a name to an IP). It's basically just an entry in a backwards phone book...you have a number and want to know the domain it belongs to. It's mostly used for things like mail spam prevention. The fact the site is working for me only over plain HTTP makes me think either the site is not configured to accept HTTPS. I got a security warning earlier, but now it just automatically redirects to plain HTTP. Also, a browser configured to only allow HTTPS connections (I know Firefox has this as an option) would see your site as unacceptable... You may want to check the configuration for HTTPS and also renew the certificate if needed. EDIT: After clearing cache, I now just get connection refused over HTTPS, so yeah, it's not responding on 443. Either apache/nginx misconfigured or port possibly blocked in firewall?
Krydos Posted March 27 Posted March 27 http is redirecting to https # curl -v http://urbiznow.com * About to connect() to urbiznow.com port 80 (#0) * Trying 64.71.153.14... * Connected to urbiznow.com (64.71.153.14) port 80 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: urbiznow.com > Accept: */* > < HTTP/1.1 301 Moved Permanently < Server: nginx < Date: Wed, 27 Mar 2024 03:24:56 GMT < Content-Type: text/html < Content-Length: 162 < Connection: keep-alive < Location: https://urbiznow.com/ and then https is redirecting back to http # curl -v https://urbiznow.com * About to connect() to urbiznow.com port 443 (#0) * Trying 64.71.153.14... * Connected to urbiznow.com (64.71.153.14) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=urbiznow.com * start date: Mar 26 23:19:24 2024 GMT * expire date: Jun 24 23:19:23 2024 GMT * common name: urbiznow.com * issuer: CN=R3,O=Let's Encrypt,C=US > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: urbiznow.com > Accept: */* > < HTTP/1.1 301 Moved Permanently < Server: nginx < Date: Wed, 27 Mar 2024 03:25:02 GMT < Content-Type: text/html < Content-Length: 162 < Connection: keep-alive < Location: http://urbiznow.com/ Your browser only follows that infinite loop about 10 times and then gives up and shows you an error. SSL redirects are not affected by reverse DNS.
eotsr Posted March 27 Author Posted March 27 I have truly messed things up. The website won't show, I can't start apache, I can't start NGINX and bind9 stopped working. Please wipe and reinstall VPS36.
Krydos Posted March 27 Posted March 27 The rebuild has been started and you’ll get an email in a bit when it finishes. If you want us to install Hestia for you let us know. Hestia requires a fresh clean install so don’t install anything or change anything before we install it.
eotsr Posted March 27 Author Posted March 27 I appreciate the reinstall. I know what I did wrong and how I messed things up, I just couldn't go back and undo the changes that I made. I'm making a list of things to avoid when setting up my server. Perhaps when I'm finished with it you could look it over and if it proves to be helpful for others maybe it could be posted in the forums. Something like -- Getting Started -- or -- Server Setup Tips --
Krydos Posted March 27 Posted March 27 Yeah, we have a wiki that any of our users can edit or add pages to located at https://wiki.helionet.org Just send us a pull request on Github and we can merge your changes. Did you want me to install Hestia for you?
Recommended Posts