403 Forbidden Error or OS-Specific Apache Page Showing Over HTTPS

Contents

• 403 Forbidden Error or OS-Specific Apache Page Showing Over HTTPS

  • How the Issue Manifests

  • Common Cause of the Issue

  • How to Resolve

  • Other Considerations

How the Issue Manifests

Navigating to a domain over https://{domain.com} (replacing {domain.com} with the corresponding information) shows a browser error stating “403 Forbidden”.

On EL8 servers, a default Apache page that mentions the specific OS may show, instead.

Common Cause of the Issue

The domain does not have an SSL certificate.

When a domain is accessed over https, Apache will check to see if that domain has a :443 section listed in its vhost file. The :443 section is created when an SSL certificate is added to a domain.

If the domain’s vhost does not have a :443 section, Apache will then check the first vhost, alphabetically, on the same IP, which does have a :443 section. If one is found, it will load that domain, instead.

If there are no vhosts on the server with a :443 section, Apache will default to the /var/www/html directory. If there is not an index.html file in that directory, Apache will show a 403 Forbidden error in the browser, because there is nothing for it to serve.

On EL8 servers, the a default Apache page specified in /etc/httpd/conf.d/welcome.conf may load, instead.

This is not a limitation of InterWorx. It is the process in which Apache handles SNI and multiple domains on the same IP address. Detailed information can be found here.

How to Resolve

There are multiple options that may be taken to resolve this issue:

• Create a default index.html file in /var/www/html. This will be served instead of the 403 error

• Create an SSL certificate for the domain

• Enable or run AutoSSL. AutoSSL will automatically create SSL certificates for new domains without SSL certificates that resolve to the server when the daily cron runs each day. This script can also be run, manually

• Remove any redirects that may be in place to automatically redirect domains to https until an SSL certificate is created

Other Considerations

If the domain does have an SSL certificate, and there is still a 403 error in the browser, the next step would be to check the domain-level error log, which is found at /home/{unixuser}/var/{domain.com}/logs/error.log or error-ssl.log, replacing {unixuser} and {domain.com} with the corresponding information. Logging related to 403 errors is most often found there, which can help point toward the issue and further troubleshooting steps.