Can't connect with HTTPS but HTTP works fine - linux

I'm trying to secure my we server using HTTPS and SSL/TLS to access my website. Going to the site by www.-----.------.compute-1.amazonaws.com works and the connection is successful. But when I try https://www.-----.------.compute-1.amazonaws.com chrome says "This site can’t be reached" "www.-----.------.compute-1.amazonaws.com refused to connect". I am using an Amazon Linux instance. Where did I go wrong?

Typical problem. I am assuming some things here.
You launched a EC2 (or something similar) Instance
Didn't Open 443 port or Configure it further.
Using port 80 for serving pages.
I think you got the answer. Check this out.

I needed an SSL certificate from a CA (certificate authority). I was using a self-signed certificate which doesn't work in a browser.

Related

ERR_SSL_PROTOCOL_ERROR when making request to server IP

I got a nodeJS express API /w nginx up and running on an ubuntu server. I've set up everything but when I try to access the API (https://167.xx.xx.xx:80/get-all-products) directly or through my client I get this error:
ERR_SSL_PROTOCOL_ERROR
I've did some searching and I found out that this could be because my server does not have a valid ssl certificate but for a ssl certificate I would need to have a domain / be the owner of the ip adress which I guess i'm not as the server is hosted by another company.
How can I fix this error without having to buy a domain for my server?
https://167.xx.xx.xx:80/... ...
I've did some searching and I found out that this could be because my
server does not have a valid ssl certificate
This isn't the case here yet. The problem instead is that you are simply trying to switch from http:// on port 80 to https:// on port 80 without having the server setup for HTTPS. Thus the client will try to speak HTTPS while the server only understands HTTP - and this causes the failure you see.
To be able to use https:// in the URL you need to setup the server for this and the configuration must use a certificate which matches the URL (domain or IP) - no way around this.

Production build of website can't make request to Node server while developement build can (possible SSL error ?)

I have a bit of a problem with a web page I'm making. Here's the situation :
I have a working NodeJs server that's online, hosted on a VPS.
I'm making a webpage that makes requests to this server. The requests work when I'm testing them from localhost or my local network.
When I put my website on my hosting service (different from the server), the requests fail.
Google Chrome return this error :
Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR
The domain I have registered for my webpage has TSL1.3 I think, it it https for sure. So I thought it was a mismatch, like my website couldn't make requests to a simple http server that doesn't have any SSL or whatnot.
But when I looked into setting my server to use SSL or TSL or something like that, I got really confused. People recommended I use cloudflare as it provides certificates for free, but Cloudflare only works with domains, not stuff that runs on VPS with only an IP adress. I also tried following Certbot instructions to make a certificate myself but my VPS doesn't support snapd, even though it's Ubuntu 20.04.
Any attempt on my part to follow the rabbit hole of SSL certificates hasn't yielded anything, that's why I'm posting here. I don't even know if somehow getting a ssl certifcate will solve the problem.
Any help is much appreciated

Https and SSL issue with port 80

Recently I just start using https:// for my server and the strange thing is that I can open if I explicitly type "https://www.example.com:80" but won't be able to connect if i type "https://www.example.com".
I am using NodeJS with Express 4 framework hosted on Digital Ocean.
What can I do to let people access my website normally? And also is it normal that they have to click "accept" first time they visit? Why for other https website I dont have to do that?
I am using RapidSSL.
Your question is light on details, but here are the two likely guesses:
If you want your SSL server to work by default when users type https://xxxx, then your server needs to be running on port 443, not port 80. That's the default port number reserved for https connections and is the port number that the browser will try if the user just enters a https://xxxx URL.
If the browser is prompting you for permission to connect to your site, then that is likely because the SSL certificate you are using is not signed by one of the certificate authorities that the browsers trust (perhaps it is a self signed certificate). You can solve that issue by getting a certificate from the right trusted source and using that certificate in your server. It's also a possibility that something else is wrong with your SSL configuration, but we'd need to see more detail about the situation to know.

self signed certificate for implementing https

I have a server with public IP and hold a website on it. I don't have a domain and my web server is IIS, then I created a self signed certificate in the server and bind it to my website. When I want to access to my website using a link like http://.../test. I can access to the website with https in localhost in the server. but I can't access to the website from a client browser with httpsand I get this error in client browser:ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Your server most likely doesn't support TLS (v1.0 or higher) but only SSLv3. That's a common cause for this error. SSLv3 is blocked in most browsers because of the POODLE vulnerability (CVE-2014-3566). You should review your server settings and upgrade them accordingly.
You can test your website at the awesome SSL Test from SSL Labs. This will point out errors like these and it helps you create a secure config. Please keep in mind that any score below A is in urgent need of improvement.
I found out to solve it. Port 443 was closed in the server.

secure websocket for https

I have a local PHP server for my website and a local PHP server for websocket but websockets doesn't work anymore since I installed self-signed SSL certificats in WAMP. I have read that I have to use wss:// but when I change ws://localhost/xxx/server.php to wss://xxx/server.php but it doesn't solve my problem. I have accepted the certificat in firefox and chrome but it doesn't change anything. Any idea of what i supposed to do to repair websocket? Do I have to install certificat or key in my websocket PHP server?
You have to put the same certificate for the web page, and access the page with https://, therefore the browser will prompt you to accept the self-signed certificate and the websocket will be able of connecting using ws://
Also, be sure you use different ports for ws:// and wss://, some browsers get messed up if you start changing the connection of the same port.

Resources