"no http access":
calling
http://stg-brb.de -> timeout
calling
http://stg-brb.de/.well-known/acme-challenge -> timeout
calling
https://stg-brb.de -> works, Website (with index.html redirection) is shown
my letsencrypt certs were valid until yesterday.
Refresh letsencrypt certs doesn't work. ( dehydrated -c -x)
=>
ERROR: Challenge is invalid! (returned: invalid) (result: ["type"] "http-01"
["status"] "invalid"
["error","type"] "urn:ietf:params:acme:error:connection"
["error","detail"] "80.151.43.198: Fetching
http://ftp.mail.stg-brb.de/.well-known/acme-challenge/T3Zs_OxxErYQgSf9mc-95S398FmPc3Tri41x5Yq9Btw: Timeout during connect (likely firewall problem)"
["error","status"] 400
["error"] {"type":"urn:ietf:params:acme:error:connection","detail":"80.151.43.198: Fetching
http://ftp.mail.stg-brb.de/.well-known/acme-challenge/T3Zs_OxxErYQgSf9mc-95S398FmPc3Tri41x5Yq9Btw: Timeout during connect (likely firewall problem)","status":400}
["url"] "
https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/3025911384/fUzw_g"
["token"] "T3Zs_OxxErYQgSf9mc-95S398FmPc3Tri41x5Yq9Btw"
["validationRecord",0,"url"] "
http://ftp.mail.stg-brb.de/.well-known/acme-challenge/T3Zs_OxxErYQgSf9mc-95S398FmPc3Tri41x5Yq9Btw"
["validationRecord",0,"hostname"] "ftp.mail.stg-brb.de"
["validationRecord",0,"port"] "80"
["validationRecord",0,"addressesResolved",0] "80.151.43.198"
["validationRecord",0,"addressesResolved"] ["80.151.43.198"]
["validationRecord",0,"addressUsed"] "80.151.43.198"
access_log: (these line several times, 'webcam' folder does't exist any more, this is ok.)
stg-brb.de 83.65.30.38 - - [17/Jul/2022:18:35:55 +0200] "GET /webcam/home/neumarkt2.jpg HTTP/1.1" 403 227 "
https://www.bergfex.at/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 bergfex/webcams"
stg-brb.de 192.168.0.115 - - [17/Jul/2022:18:41:00 +0200] "GET /wpad.dat HTTP/1.1" 304 - "-" "WinHttp-Autoproxy-Service/5.1"
following file/folder states:
/home/e-smith/files/ibays rwxr-xr-x root:root
/home/e-smith/files/ibays/Primary rwxr-xr-x root:root
/home/e-smith/files/ibays/Primary/html rwxrwsr-x admin:shared
/home/e-smith/files/ibays/Primary/html/.well-known rwxrwsr-x admin:shared
/home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge rwxrwsr-x admin:shared
httpd/error_log: (lets encrypt cert is not valid anynore)
[Sun Jul 17 18:18:25.492799 2022] [ssl:warn] [pid 8281] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Jul 17 18:18:25.492804 2022] [ssl:warn] [pid 8281] AH01909: RSA certificate configured for stg-brb.de:443 does NOT include an ID which matches the server name
[Sun Jul 17 18:18:25.492907 2022] [ssl:warn] [pid 8281] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Sun Jul 17 18:18:25.502052 2022] [ssl:warn] [pid 8281] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Jul 17 18:25:12.485668 2022] [mpm_prefork:notice] [pid 8502] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips configured -- resuming normal operations
[Sun Jul 17 18:25:12.485686 2022] [core:notice] [pid 8502] AH00094: Command line: '/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -D FOREGROUND'
[Sun Jul 17 18:28:56.118571 2022] [core:crit] [pid 8506] (13)Permission denied: [client 207.46.13.36:1216] AH00529: /home/e-smith/files/ibays/Primary/html/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/home/e-smith/files/ibays/Primary/html/' is executable
[Sun Jul 17 18:31:32.554395 2022] [mpm_prefork:notice] [pid 8502] AH00170: caught SIGWINCH, shutting down gracefully
[Sun Jul 17 18:31:33.963452 2022] [ssl:warn] [pid 8787] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Jul 17 18:31:33.963493 2022] [ssl:warn] [pid 8787] AH01909: RSA certificate configured for stgbrb.de:443 does NOT include an ID which matches the server name
[Sun Jul 17 18:31:33.963677 2022] [ssl:warn] [pid 8787] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Jul 17 18:31:33.963682 2022] [ssl:warn] [pid 8787] AH01909: RSA certificate configured for mail.stg-brb.de:443 does NOT include an ID which matches the server name
[Sun Jul 17 18:31:33.963862 2022] [ssl:warn] [pid 8787] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Jul 17 18:31:33.963870 2022] [ssl:warn] [pid 8787] AH01909: RSA certificate configured for stg-brb.de:443 does NOT include an ID which matches the server name
[Sun Jul 17 18:31:33.963969 2022] [ssl:warn] [pid 8787] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Sun Jul 17 18:31:33.972988 2022] [ssl:warn] [pid 8787] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Jul 17 18:31:33.972997 2022] [ssl:warn] [pid 8787] AH01909: RSA certificate configured for stgbrb.de:443 does NOT include an ID which matches the server name
[Sun Jul 17 18:31:33.973173 2022] [ssl:warn] [pid 8787] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Jul 17 18:31:33.973178 2022] [ssl:warn] [pid 8787] AH01909: RSA certificate configured for mail.stg-brb.de:443 does NOT include an ID which matches the server name
[Sun Jul 17 18:31:33.973379 2022] [ssl:warn] [pid 8787] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Jul 17 18:31:33.973389 2022] [ssl:warn] [pid 8787] AH01909: RSA certificate configured for stg-brb.de:443 does NOT include an ID which matches the server name
[Sun Jul 17 18:31:33.973485 2022] [ssl:warn] [pid 8787] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Sun Jul 17 18:31:33.976090 2022] [mpm_prefork:notice] [pid 8787] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips configured -- resuming normal operations
[Sun Jul 17 18:31:33.976112 2022] [core:notice] [pid 8787] AH00094: Command line: '/usr/sbin/httpd -f /etc/httpd/conf/httpd.conf -D FOREGROUND'
iptables/denylog.log:
Jul 17 18:38:03 stgsvr01 denylog: IN=eno2 OUT= MAC=ac:1f:6b:74:f9:5d:00:09:4f:8a:75:32:08:00 SRC=79.197.20.169 DST=192.168.1.2 LEN=52 TOS=00 PREC=0x00 TTL=122 ID=21163 DF PROTO=TCP SPT=53089 DPT=80 SEQ=293349125 ACK=0 WINDOW=64240 SYN URGP=0 MARK=0
Jul 17 18:38:03 stgsvr01 denylog: IN=eno2 OUT= MAC=ac:1f:6b:74:f9:5d:00:09:4f:8a:75:32:08:00 SRC=79.197.20.169 DST=192.168.1.2 LEN=52 TOS=00 PREC=0x00 TTL=122 ID=21170 DF PROTO=TCP SPT=53087 DPT=80 SEQ=278275206 ACK=0 WINDOW=64240 SYN URGP=0 MARK=0