i got a raspian + apache2 + ssl and dynDNS
The forwarded dyndns works on http, but the site is not avaiable over https and i don't know why... If i try the same on local net everything seems to work correct. i got a prompt over https to accept the cert.
I think the proplem should be found in /etc/apache2/sites-available/default resp. /etc/apache2/sites-available/default-ssl
default:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
Alias /alias_P1 /var/www/Projekt1
<Location /alias_P1>
</Location>
Alias /alias_P2 /var/www/Projekt2
<Location /alias_P2>
DAV On
AuthType Basic
AuthName "dav"
AuthUserFile /var/www/Projekt2/pwd.dav
Require valid-user
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>detault-ssl:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
Alias /alias_P1 /var/www/Projekt1
<Location /alias_P1>
</Location>
Alias /alias_P2 /var/www/Projekt2
<Location /alias_P2>
DAV On
AuthType Basic
AuthName "dav"
AuthUserFile /var/www/Projekt2/pwd.dav
Require valid-user
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLEngine on
SSLCertificateKeyFile /etc/apache2/cert-ssl/zertifikat.key
SSLCertificateFile /etc/apache2/cert-ssl/zertifikat.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>best regards thanks for your advices
It's hard to know without knowing a little more about your SSL certificate. Your Apache configurations look fine to me, although I am admittedly not an Apache pro (but I have certainly done my fair share).
My first suspicion would be the certificate - if your certificate includes your IP address, clearly your browser will be upset that the IP in the certificate is not the IP you're connecting to. That would be my first guess at the problem, but it could be something else.
Where did you get your cert? What information is included as part of it? Is that SSL vendor supported by your dynamic DNS vendor (dynDNS.com?)? You're not using a self-signed certificate, are you?
You might check out dnyDNS.com's FAQ here. Even if you're not using dynDNS.com's service, this might shed some light.
Separately, if you have openSSL, you can check your certificate to see what information is included in the cert, and check if any of it might be impacted by a dynamic IP address.
openssl x509 -in certificate.crt -text -noout
You can see a more comprehensive openSSL discussion with many discussion points here