Weird result switching to Cloudflare

Das Goravani goravanis at gmail.com
Wed Mar 2 22:19:24 UTC 2022



> On Mar 2, 2022, at 3:25 AM, IT <it at plastipol.com> wrote:
> 
> Hi  Gorovani,
> 
> To stop macos built-in apache you neeed to do something like this
> 
> sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist

I tried this and it said there was no such service or something else, I’m overwhelmed

At this point I need an expert on certificates, NO-IP, or Cloudflare, or some other way of getting SSL, I guess an expert of systems in general would suffice, just a notch above me would help, someone who would get their hands involved, with video screen control sessions, to solve these problems, I am trying to work with Cloudflare or Certbot, those are the two I know how to do, or have done in the past successfully, both of them that is true, but now, neither will work for my sites on my Mac Server, which is running MAMP PRO which runs your apache for you, which installs it’s own apache, which is not known like the built in one is known, so Certbot is trying to update the config file for apache which is the one that comes with the Mac, while I need it to update the config file that is with the apache in MAMP, person might have to get into my apache config file and check things, I have the need to be on this Mac Server because I am running the App Server to serve an Omnis Library that uses an XCOMP that I had built which is only running on either Mac or Windows, so my choices for App Server Server was one of those two, and I chose Mac, for various reasons, and it has worked fine for well over a year with NO-IP as my DNS, which gives me the appearance of a fixed IP to the world, whereas I can actually move house and get a different ISP and thus different router IP address, NO-IP handles that, and they are cheaper, I am on a budget, I care about a couple hundred per year, so I go with the one that is cheaper, NO-IP is cheaper than renting a fixed IP from the local ISP.. they always charge for the "Business Plan Upgrade" which is usually $20 more per month for a fixed IP, so I went with NO-IP, and it has worked fine for well over a year. 

But recently, I moved one of my websites to a Linux server I am renting (Upcloud VPS), and that spoiled my Certbot multi site certificate that I’ve been using all this time successfully, it auto renews too, which is nice, but it went non-renewable because I moved one site off my Mac Server and had to get a new certificate manually through Terminal. Fine. I issued the commands to get separate new ones. Actually I did one of them first, to see if it would work. After it was issued, I rebooted to effect changes, when it came back up, I have it set to auto start all the apps that the server needs to serve, which includes MAMP, and MAILSERVE, and the App Server, but I noticed MAMP had a hiccup.. it would not start Apache. 

After much work, I came to realize that getting that certificate somehow made the built in apache that comes with the Mac come to life somehow, it started listening on port 80 for example, which is what was blocking MAMP from launching it’s apache, and now Certbot is trying to update the config file of the built in apache instead of the MAMP config file. This simply did not happen before. Before, Certbot certs simply worked. With MAMP somehow. MAMP has not changed where it stores things. I upgraded MAMP during this process. It hasn’t changed. But something with Certbot changed. 

I then went on to make certs again and again with Certbot, a few different commands, hoping that would help, and it didn’t. 

Since I was at an end with Certbot for the time being, I decided to try Cloudflare instead.. with CF you sign up for free, you use their site, you enter your sites, it somehow senses and grabs their IP address, it sensed the one that NO-IP provides for my sites, which I thought was correct, you have to change the name server names at your registrar of your domains, to CF’s names, and you’re done. I did this for the site that I moved to the Linux server, I put it through CF, and it worked, straight away. CF was a transparent experience and thing… it is in-between your site and the web user’s browser, it speeds things up with caching of your site, it provides various securities, all this for free.. they have higher paid plans that include support.. free doesn’t really get support, just the community forum. Which I signed up for and am using. 

With CF what I get is 522 error pages. They are coming from CF. They say the problem is with my server. That is their guess after I guess they examine a thing or two, it takes many seconds for this page to appear, so someone is doing something, waiting for something, I get this for one or two of the three sites I tried putting through them, and for one of them I get the apache "It Works!" Page, straight away, which I would love if I was just setting up apache through the Mac itself.. the built in apache, or rather that comes with the system software pre installed, that would be the page that tells me It Works. I have successfully set it up. So the fact that I’m getting that page means that that one site is somehow reaching the default page that comes with the Mac, rather than hitting MAMP which it always hit before.. it hits MAMP and MAMP directs it into the right document folder for HTML pages for the site, and the browser gets them back, instantly, all has been well before. 

But after getting that one cert, it is quite as if:

The built in Apache got activated, literally put into the Launch Control as a NOW ON SERVICE
That started putting httpd listeners on port 80, which if killed would immediately replicate
I issued the sudo apachectl stop command and that seemed to stop it for the time being
I was able to then launch MAMP and it would be able to start Apache as normal

So I have covered how I have tried working with Certbot and had only trouble from it lately with many cert attempts.
If I set everything back to how it was when all was working, including align my sites with the expired cert that always worked before I moved that one site, then my sites come up albeit with Security warnings because the cert is expired. So in other words, if I set everything back to how it was when it worked, well it still works. Which means, my server setup does work, is hearing the ports and serving the sites, on my MAMP 6 newly upgraded version, that is one thing that changed, when my sites always worked I was on MAMP 5, now I am on 6 and like I said they still work. The way I was always working in other words was with MAMP, NO-IP, CERTBOT. This scenario is what has worked for me for years. The certs auto updated, I just had to reboot the server after they got updated every three months. 

Then like I said, I have used Cloudflare (CF) successfully with my LINUX hosted site. It was easy and fast and its free. 

So when my cert situation stopped working, then I needed an alternative way of getting SSL. CF is one such alternative that I was turned onto by another developer. 

But when attempting to switch my sites to CF I ran into this long time taking frozen browser page that finally comes up with an error 522 server not responding page from CF.  Or, I get on one site the apache IT WORKS! Page, which is odd as all the three websites are setup everywhere identically.. in MAMP, in CF, in Apache, wherever the sites are dealt with, the three are set up identically, they are hosted thus on my Mac side by side, three folders, three entries in things, they should behave the same when put through CF or when being run off the expired shared certificate.. they should act the same, have the same browser responses, ideally come up with the own right sites when accessed.

Right before writing this, I had another disturbing discovery. When I click in the URL bar in Safari on my Mac, it drops down my favorites with large icons.. sites.. that I have visited.. or rather, that I stored there, you can drag a site to there and store it for future pulling up, so my main site is there, Goravani.com, and I have clicked that icon a thousand times and it always comes up with https://goravani.com <https://goravani.com/> as it’s link.. but today, just now, it comes up with that for a second, and then it switches to one of my other sites, namely jyotishstudio.com <http://jyotishstudio.com/> 
The third one is ReadMyAstrology.com <http://readmyastrology.com/>  Click them and tell me what you come up with. It’s on CF right now though that could change at any time as I get inspirations to try various things. I did not forward Goravani.com to jyotishstudio.com <http://jyotishstudio.com/> but that is what it is doing all by itself now.. very disturbing. I really need an expert to come forward and help me. I’m getting overwhelmed. I do want to learn, so I would like to be told what you come up with in the end. 

At this point, with the Certbot way of getting SSL, it seems I am stuck because Certbot updates the wrong config file. That’s what I currently know is wrong. I am going to try to find out if they have a subcommand on certbot which allows you to tell it where your config file is located.. that may yield some results. 

With CF, I am at a loss as to what to do about that. It simply isn’t working with my three sites. It should have just worked straight away, but instead it is hanging. Like I said, the fact that my server works if I connect it to the expired good certificate, proves that indeed my server works, responds to the web, serves my sites, so CF is wrong.. there is nothing wrong with my server.. rather, something is wrong with the fact that CF doesn’t work right with NO-IP issued IP addresses and that channel of traffic.. as NO-IP actually does usually receive all content requests off the web, normally their name servers are in my GoDaddy name servers slots… so traffic goes to NO-IP and from there they push it onto the IP address that my router is currently running. They issue me a fixed IP that the world can know as being for my sites. That should work for giving to CF as the IP address of my sites, but in fact something is not working. 

Are there other ways to get SSL?

Should I cough up for a fixed IP monthly. That would probably make CF work.. then it would be like my Linux server, which as a fixed IP assigned by UPCLOUD, there is no NO IP there on that one and it works through CF

Are you able to be that consultant who helps me solve this set of problems. I only want one of these methods to work. I only want SSL. It was so easy with Certbot previously and that was my way. CF was easy on my Linux hosted site. Now with these three sites on NO IP things have no worked out with

NEW CERTS
Or CLOUDFLARE

Is there another way? That is not a bundle of money. These two ways are free. 

Right now my main site is down, which is bad for business. Also my mail went down with this whole fiasco. For some reason the little green lights on my mail program are red instead of green, on IMAP for example, it is red now.. there’s about four of them that are red, not green, meaning that system did not connect.. this seems to be related to my sites being down.. but I thought the two softwares were quite independent of each other.. that web has nothing to do with mail.. then I thought.. maybe I don’t have the proper MX records set up when my name servers are switched to CF.. which they have been a lot lately, maybe I only looked at my mail program during those times, but I’m guessing that MX records are what these little lights go off of, I wouldn’t think so to be honest.. they are almost like power lights, if the power is on they are green.. but if they are off as now then my mail doesn’t work, indeed my mail is down too. Bad for business. 

It’s already been a good few days that everything is down. It’s driving me nuts. I am trying all I know how to try. Indeed I have found little problems and fixed them, but none of what I have found has fixed it to work, it still won’t work either way, the Cert way or the CF way.

Help me get SSL again. 

Help me disable this system apache.. thanks Xavier for the tip. I checked and that plist is there just as you typed it.. but it wouldn’t disable it for some reason,. It may have said "no such service", which is odd,  because I experienced so much re launching of the ships with apache

Help me get certs that update the right config file, I know where the right one is, and it’s write-able

Or Help me make cloudflare work, though I think this is hopeless.. as it should have worked.. it has a problem with NO IP is my thought. 

Or help me get SSL some other way.. 

I am used to things that are not that hard, which just work, which do their own work, and this is true of Certbot and CF both.. they are both easy.. and do their own work, you don’t have to handle the config files, they do that where necessary, they auto update, renew, link, work, just work, normally

With video screen control these days, you can log into my server and be as if you were SSH into it.. you work through it’s Terminal window onscreen.. you cannot at this time SSH into my server as root or as any user, for some reason it won’t let you. I looked at the FireWall but the only thing you are allowed to do there is add apps that should be let through the wall.. but how do you select SSH as an app,, you can’t.. so I don’t know what to do about the fact that you cannot SSH into my server at this time except I say "Lets use video log in with Teamviewer or some such application"

There’s another annoying small thing that has happened.. somewhere along the way lately, this goes back before my current SSL problems, this goes back to when I installed Postgres or did something on the server.. can’t remember what it is.. or maybe it just started doing this at some point by itself, but now, on the server, you cannot get my sites with Safari.. I haven’t tried other browsers, I figure it would be the same result, can’t connect to the site Goravani.com or whatever I type, if it’s my site, one of my three that are still on that Mac Server, those three won’t come up in the browser. It’s as if Safari on that Mac is not allowed to go through the normal channels of being served a website.. why would this browser not work,  it’s on the same Mac as the sites themselves, so localhost should work, or if it doesn’t know they’re there then the normal channels should serve them to that browser then.. but neither of these is working, or the one that is supposed to be working at least is not. It’s very annoying to me, it messes with my work, as I want to be able to check right there if the sites is being served or not, but I can’t trust it.. it always says Can’t Connect to the site.. even when things are working it says that.. this is most annoying and another little thing you could help me with.

I’m willing to pay a strong rate for help,. I can pay via PayPal or if you take cards.. or I can send a check. They still work. 
> 
> It can vary depending on your macOS version. Search internet to ensure which is the right apache plist to prevent from load the daemon.
> 
> 
> regards
> 
> xavier
> 
> 
>> El 1 mar 2022, a las 19:14, Das Goravani <goravanis at gmail.com> escribió:
>> 
>> 
>> Hello $all,
>> 
>> Today I have switched my websites to Cloudflare. It goes in-between your site and the user to provide SSL and other securities and enhanced performance. It’s free. Or it has a free plan which is sufficient. 
>> 
>> But things are not working out. It worked out for a site of mine that I have on a Debian server, but not the 4 sites that I host myself on a Mac Server with Apache. 
>> 
>> What I am getting when I go to the websites is "It works", which is apache’s welcome page. I am connecting to an apache, but not the right one.
>> 
>> My Mac server is having a problem. It has two apache’s on it.. the one they ship with the Mac and one that came with my MAMP PRO subscription. Mamp Pro manages your apache for you on the Mac. 
>> 
>> I quit MAMP, and did "sudo apachectl stop" and it seemed to be stopping that other apache on my Mac. Then I relaunched MAMP and it is serving apache now.. traffic should go to it, but it’s not.
>> 
>> Traffic is going to the OTHER apache, which has still it’s welcome page set to the "IT WORKS" welcome page. 
>> 
>> How do I permanently stop the apache that came with the Mac from running?
>> 
>> Is this correct also: In cloudflare, you give it the IP address to send traffic to.. to connect to your website.. so I gave it the IP address that NO-IP gave me for all my 4 sites.. I use NO-IP because it’s cheaper than renting your own fixed IP through an ISP. So I am sending DNS from GoDaddy (the registrar for the sites) to Cloudflare, which you have to do to make it work, and then I am sending it on to the IP address NO-IP assigned to my 4 sites. Is that correct?  Or should I be sending traffic to NO-IP’s public Name Server address?  Perhaps you can only put in an IP address, not a name, on cloudflare, I do not know. 
>> 
>> What I am getting is IT WORKS and that is wrong. Can you help me get my websites instead of IT WORKS.. as a page. 
>> 
>> The four websites are
>> 
>> Goravani.com
>> ReadMyAstrology.com
>> JyotishStudio.com
>> 
>> And that’s enough. 
>> 
>> The IP that NO-IP gave me for my sites is
>> 
>> 142.197.254.173
>> 
>> That address is supposed to point to my dynamic IP address which my ISP assigns to my home. I am on a home router. Things were good before I got a new certificate. Things were working fine. I got a new cert from cert bot and that messed me up. I went through a lot of trouble but finally got MAMP back up and working. Then it was serving my sites in an insecure way. But it was working. Now I have added cloudflare to get their free SSL which is really easy to get working, normally, and since doing that I am only getting the "IT WORKS" message, which I think is my OTHER apache running.. but I’m not sure. 
>> 
>> Any help appreciated. 
>> 
>> Thanks
>> 
>> Das Goravani
>> _____________________________________________________________
>> Manage your list subscriptions at https://lists.omnis-dev.com
>> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com 
> 
> _____________________________________________________________
> Manage your list subscriptions at https://lists.omnis-dev.com
> Start a new message -> mailto:omnisdev-en at lists.omnis-dev.com 



More information about the omnisdev-en mailing list