1

I want traffic on my web server to be served securely. I'm running Ubuntu server 20.04 with Abyss Web Server, which has native support for using Let's Encrypt certificates.

I followed all the instructions found on their website exactly, but when trying to access it afterwards, it just gives a 403 error. When switching back to http, there are no problems - I can access the site perfectly fine. And the only thing I'm changing when switching from https to http is the dropdown box that says protocol (see the image below) then restarting the server.

443 is obviously open on my computer and router (otherwise I'd just be getting a timeout response)

No issues were encountered when generating the LE certificate. And the console is showing that everything is fine, when it's not.

All my web traffic goes through Cloudflare before reaching me - could that be what's causing the issue? If so, I'll just stick to http with Cloudflare, because of the extra security they provide, but this sounds like something that is wrong with my pc - something is not allowing https requests to actually access the website.


Cloudflare provides some encryption by themselves, however this is just between the user agent and the Cloudflare servers - there is none between Cloudflare and the origin server. I want end-to-end encryption.

So when you visit my site, it will say https, but this is only between the user and Cloudflare - the traffic between my server and Cloudflare is still plain old http on port 80.


To prove I followed the instructions correctly, here are what the main settings for my site in the main console look like (with my hostname):

enter image description here

Could it be some rule on my computer that I'm unaware of? It's a serverside issue I think, not anything to do with cloudflare. The documents path htdocs/ has never changed and is not in a position that requires elevated permissions to access on my computer. Like I said before - when I switch back to http on port 80, everything works fine. I don't change anything else.

For the time being, I have just switched my site back to http so it is accessible, until (hopefully) this issue can be solved.

Update:

Bypassing Cloudflare's proxying brought the same result - a 403 forbidden.

To provide some extra information which may help, here are my DNS records (with sensitive info crossed out):

enter image description here

My Let's Encrypt certificate has also now been fully verified, so it must be something like a permission or hostname issue.

pigeonburger
  • 188
  • 13
  • Do you have any log? – LeRouteur Oct 09 '20 at 08:00
  • Can you connect to the site over https if you bypass Cloudflare? – RobbieCrash Oct 09 '20 at 08:11
  • @LeRouteur The server doesn't seem to log any 403 errors – pigeonburger Oct 09 '20 at 08:13
  • @RobbieCrash Still returning a `403` – pigeonburger Oct 09 '20 at 08:15
  • 1
    @pigeonburger trying to access your website using HTTP, also getting a 403. – LeRouteur Oct 09 '20 at 08:18
  • Looks like your root may be incorrect, or your server's permissions need to be fixed. @pigeonburger – RobbieCrash Oct 09 '20 at 08:26
  • @LeRouteur Sorry - I switched it over to https again which is why you would still be getting the 403. I just switched it back. The site should come up now. (when switching it to *just* https, it doesn't allow http requests) – pigeonburger Oct 09 '20 at 09:17
  • @RobbieCrash How come it's accessible on http then? Try accessing it now, while it's on http only: http://pigeonburger.xyz. – pigeonburger Oct 09 '20 at 09:19
  • Looks like you've sorted it out, it's now loading over https. Consider adding your solution so that other people may be able to learn from your experience. :) – RobbieCrash Oct 09 '20 at 09:30
  • @RobbieCrash Should've made it more apparent in my question sorry - Cloudflare encrypts between their servers and the user agent, but between me and Cloudflare, it's just standard http traffic. I want *end-to-end* encryption. Sorry, I should've highlighted that earlier! (if you look at the certificate issuer, you'll see Cloudflare Inc) – pigeonburger Oct 09 '20 at 09:40
  • Thanks for clarifying. So you're saying that as soon as you flip on HTTPS in your control panel you're unable to access your website, even when you bypass Cloudflare entirely? – RobbieCrash Oct 09 '20 at 22:25
  • @RobbieCrash Yes, exactly right. Usually, Cloudflare acts as a kind of reverse proxy for my website, but I can switch that off, and when I tried that, I still got the same result :( – pigeonburger Oct 09 '20 at 22:48
  • https://aprelium.com/abyssws/articles/using-dual-hosting.html – Michael Hampton Oct 10 '20 at 04:27
  • @MichaelHampton I've tried out dual-hosting before - how can I be sure that its always redirecting to https though? Because if the site can't run on https only, why would it be able to dual-host properly? – pigeonburger Oct 10 '20 at 06:45
  • Sorry, this sounds like an issue with Abyss, not with your connection to Cloudflare. Unfortunately, I don't know enough about Abyss to help you out. To pipe in on your comment to @MichaelHampton, you can block inbound port 80 on your server, which will prevent anything from connecting there, then set Cloudflare to strict HTTPS. – RobbieCrash Oct 10 '20 at 08:05

1 Answers1

1

Solved!

And it was the complete opposite of what I was expecting the solution to be.

The problem was not on my origin server's end, all the permissions and firewall rules were all set up correctly - this was an issue on Cloudflare's end.

Because I had configured the site to use https only, attempting to access the site via HTTP returned 403 forbidden because I didn''t allow HTTP traffic, only HTTPS.

As a result, Cloudflare, because of how I had set it up when I first put this site online, kept attempting to view my site via HTTP, and when getting that error, showed it to the user. Resetting all my Cloudflare settings and reconfiguring them so it would visit my site on HTTPS made it accessible, while still being proxied over Cloudflare.

It now also rewrites all HTTP requests to HTTPS, so no more 403 errors!

pigeonburger
  • 188
  • 13
  • How were you bypassing Cloudflare and accessing your site directly previously? You mentioned that you still had the error when you were not connecting through their proxied connection. Glad you got it all working! – RobbieCrash Oct 11 '20 at 05:41
  • 1
    @RobbieCrash I think I had it wrong. The function I was using just bypassed Cloudflare's *cache*, so in reality it was still being proxied. In the end, I found the correct setting to disable Cloudflare completely (while still being able to keep my DNS) and that's actually what led me to solving it! I guess it was my own fault. – pigeonburger Oct 11 '20 at 06:41
  • 1
    Great, thanks for clearing that up! Great that you got it figured out and everything's running over HTTPS. :) – RobbieCrash Oct 11 '20 at 06:53