2

I am using drupal 8 , in a Google cloud engine (http and https traffic allowed) running apache on an Ubuntu 19.04. All worked, site (refered to here as sub.my-domain.com, it is indeed a subdomain with a dash in the domain) was running. Certificate was left all the time until now. Same certificate was used successfully but without enforcing https redirections from the apache settings, such is the second option of certbot:

2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration.

That second option will never work, no matter what adjustment I make anywhere. almost 24 hours of troubleshooting, resetting and returning to initial settings wont work.

For now, here is my best bet, which is still pretty much as useless as previous attempts. But it summarize all what I think should work. All necessary settings required that I know of are enabled: like a2enmode ssl

There is no error anywhere else, the only error is: The page isn’t redirecting properly in Firefox and ERR_TOO_MANY_REDIRECTS in Chrome. This happen whenever I try ro reach the sit: https://sub.my-domain.com. Also sub.my-domain.com get redirected to https://sub.my-domain.com just getting stuck in that error.

The certificate is working properly, there was no issue when inserting sub.my-domain.com in the sslshopper website.

<VirtualHost *:80>
    ServerAdmin MyRealMail@gmail.com
    ServerName sub.my-domain.com
    Redirect / https://sub.my-domain.com/
    DocumentRoot /var/www/ee_cc/web
    ServerAlias *.sub.my-domain.com
    <Directory /var/www/ee_cc/web>
            Options +FollowSymLinks
            AllowOverride All
            Require all granted
    </Directory>

RewriteEngine on
RewriteCond %{SERVER_NAME} =sub.my-domain.com [OR]
RewriteCond %{SERVER_NAME} =www.sub.my-domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName sub.my-domain.com
        ServerAdmin MyRealMail@gmail.com
        ServerAlias *.sub.my-domain.com

    DocumentRoot /var/www/ee_cc/web
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/sub.my-domain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/sub.my-domain.com/privkey.pem

            <FilesMatch "\.(cgi|shtml|phtml|php)$">
                            SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory /usr/lib/cgi-bin>
                            SSLOptions +StdEnvVars
            </Directory>
</VirtualHost>
</IfModule>

Edit

@symcbean , here are my headers: (domain replaced with sub.my-domain.com, imitating same form..)

Request header:

Accept: text/html,application/xhtml+xm…plication/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate, br
Accept-Language en-US,en;q=0.5
Connection  keep-alive
Cookie  __cfduid=d41d50e12963d14608a1b20e35031d5d31568574851
Host    sub.my-domain.com
TE  Trailers
Upgrade-Insecure-Requests   1
User-Agent  Mozilla/5.0 (Windows NT 10.0; …) Gecko/20100101 Firefox/68.0

And here s my response header

    cf-ray  516cf864a964cafc-ARN
content-type    text/html; charset=iso-8859-1
date    Sun, 15 Sep 2019 19:22:35 GMT
expect-ct   max-age=604800, report-uri="ht….com/cdn-cgi/beacon/expect-ct"
location    https://sub.my-domain.com/
server  cloudflare
X-Firefox-Spdy  h2
pigeon
  • 23
  • 4

1 Answers1

2

"Too many redirects" - your first port of call is the instrumentation in your browsr to see what is redirecting where.

"Google cloud engine" - Google needs to terminsate the SSL connection in order to route the traffic within its cloud. I bet you've configured Google's proxy to talk http to your server. You can easily check this from your log files if you configure different log files for the virtual hosts, or add an appropriate entry to the logging format.

What we don't know is whether it is the config you have shown us here or further config in the application which is triggering the redirect. If your php.ini has expose_php enabled then you'll see the answer in your headers.

symcbean
  • 21,009
  • 1
  • 31
  • 52
  • Yes indeed! For the record, and after using the information in the header easily available form the network troubleshooting in Firefox, it is all in the [cloudflair flexible ssl](https://support.cloudflare.com/hc/en-us/articles/115000219871-Troubleshooting-redirect-loop-errors), which is on by default. I used expose_php, but there was no additional info, still a very good hint for another trouble. Thanks @symcbean. – pigeon Sep 15 '19 at 21:24