Page 1 of 1

canot start https

PostPosted:07 Sep 2018 01:14
by leonardoap
Hi when i try to create ssl certificate, vpssim looks for a www.domain.com and does not fount it as log below, but the thing is that i created a www A IP but still not working. and if you go to browser it resolv normally www.boliviastock.com by the way im using powerdns with poweradmin and the it is set
www.boliviastock.com IN A <MY_IP>

Code: Select all
Check Domain ENABLE cloudflare (Hide IP Address) or NOT ? 
Check boliviastock.com
boliviastock.com does not Enabled Cloudflare. => [ OK ]
Check www.boliviastock.com
www.boliviastock.com do not ENABLED Cloudflare. => [ OK ]
Check DNS for Domain:
=========================================================================
You must point www.boliviastock.com to Server's IP 
-------------------------------------------------------------------------
before run this function.
-------------------------------------------------------------------------
Check result:
-------------------------------------------------------------------------
Host www.boliviastock.com not found: 3(NXDOMAIN)

Re: canot start https

PostPosted:07 Sep 2018 06:32
by nguyenoanh
Glad to see you fixed that :)

Re: canot start https

PostPosted:07 Sep 2018 10:54
by leonardoap
hi i foud why is happening this, the iptables rule is not accepting to pas lookup port 53, i disabled it nd vpssim generate the SSL, could you fix this problem

Re: canot start https

PostPosted:07 Sep 2018 11:49
by nguyenoanh
That's very usefull info.
I will check it. Thank you.

Re: canot start https

PostPosted:07 Sep 2018 20:59
by leonardoap
hi again maybe the table of rules has conflicts , i change it and works fine. for the ones that has this conflicts you can change all table to next
Code: Select all
#!/bin/sh

iptables -F
iptables -X

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

# SPIS PORTOW
#
# 80 www
# 110 POP3
# 9000 PHP
# 21 FTP
# 22 ssh
# 25 smtp
# 53 dns
# 143 imap
# 443 https
# 23 telnet
# 3306 mysql
#
#

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

#spoofing drops (rudimentary)
iptables -A INPUT -s 255.0.0.0/8 -j DROP
iptables -A INPUT -s 0.0.0.0/8 -j DROP
iptables -A INPUT -s 127.0.0.0/8 -j DROP
iptables -A INPUT -s 192.168.0.0/16 -j DROP
iptables -A INPUT -s 172.16.0.0/12 -j DROP
iptables -A INPUT -s 10.0.0.0/8 -j DROP

#INPUT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT
iptables -A INPUT -p udp --dport 53  -m state --state NEW -j ACCEPT
iptables -A INPUT -p udp --dport 11211  -m state --state NEW -j ACCEPT
iptables -A INPUT -p udp --dport 587  -m state --state NEW -j ACCEPT
iptables -A INPUT -p udp --dport 465  -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -m state --state NEW  -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -m state --state NEW  -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
#OUTPUT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -p tcp --sport 53 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 443 -j ACCEPT
iptables -A OUTPUT -p udp --sport 53 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT

Re: canot start https

PostPosted:08 Sep 2018 07:54
by nguyenoanh
Thank you very much.