Trouble installing new SSL certificate (Apache2 Virtual Host)

apache-2.2 ssl-certificate port virtualhost

I'm having trouble trying to install a new SSL certificate for Apache2. We have regular traffic running on port 80, SSL running on 443.

I modified httpd.conf, only renaming /etc/httpd/conf/2009certs/ to /etc/httpd/conf/2010certs/:

<VirtualHost ServerIP:443>
  # This parameter already existed as-is
  SSLEngine on

  # These are the parameters I changed (already existed w/ diff paths.)
  SSLCertificateFile /etc/httpd/conf/2010certs/server.crt
  SSLCertificateKeyFile /etc/httpd/conf/2010certs/server.key
  SSLCertificateChainFile /etc/httpd/conf/2010certs/intermediate.pem
  SSLCACertificateFile /etc/httpd/conf/2010certs/gs_root.pem

  # Other parameters here; ServerAdmin, DocumentRoot, ServerName, ErrorLog, etc....
</VirtualHost>

Another VirtualHost block exists for *:80, but no changes were made to that area.

After saving httpd.conf with the new cert paths, commenting out the old 2009 paths, and attempting to restart apache, I get the following in /var/log/httpd/error_log and httpd fails to start:

You configured HTTP(80) on the standard HTTPS(443) port!

Nothing was changed except the certificate paths, and te issue disappears after changing httpd.conf back to use the old certificates.

What could be causing this?


Solution 1:

The problem ended up being due to the presence of a pass phrase on the RSA private key-file server.key -- the apache start scripts were not configured to provide one.

I'm not quite sure why this resulted in the error message above. I'm guessing that apache fell back to a different VirtualHost configuration on port 80 when it failed to read the SSL private key file and couldn't start as HTTPS on 443.

Solution 2:

I also had this problem, but the problem turned out to be a missing "ServerName" directive in the section. I suggest trying this modification to your configuration file:

<VirtualHost ServerIP:443>

  ServerName   host.domain

  # This parameter already existed as-is
  SSLEngine on

  # These are the parameters I changed (already existed w/ diff paths.)
  SSLCertificateFile /etc/httpd/conf/2010certs/server.crt
  SSLCertificateKeyFile /etc/httpd/conf/2010certs/server.key
  SSLCertificateChainFile /etc/httpd/conf/2010certs/intermediate.pem
  SSLCACertificateFile /etc/httpd/conf/2010certs/gs_root.pem

  # Other parameters here; ServerAdmin, DocumentRoot, ServerName, ErrorLog, etc....
</VirtualHost>

The third line: Servername host.domain should be added and server.domain should be replaced with the actual hostname and domain of your web site.

Related

Quick, successive SSH connection attempts hanging
nginx sometimes gets killed after reloading it using systemd
Mount hybrid ISO (ISO 9660/HFS+) under Linux
GCP: Way to get "paged" via the GCP Cloud Console Android app?
Why do some VPN clients slow down the network connection even when they are not it use?
Backing up Hyper-V VMs using "wbadmin" failing on Windows Server 2012
Enable non root user to upload/download onto website directory
Executing one task from a playbook using tags
count.index for dictionary in Ansible
OpenVPN connection resetting every 2 minutes
Outlook 2013 rules do not work after migrating mailbox to Exchange 2013
Restrict relay with postfix to certain domain from single IP