Trouble installing new SSL certificate (Apache2 Virtual Host)
I'm having trouble trying to install a new SSL certificate for Apache2. We have regular traffic running on port 80, SSL running on 443.
I modified httpd.conf, only renaming /etc/httpd/conf/2009certs/
to /etc/httpd/conf/2010certs/
:
<VirtualHost ServerIP:443>
# This parameter already existed as-is
SSLEngine on
# These are the parameters I changed (already existed w/ diff paths.)
SSLCertificateFile /etc/httpd/conf/2010certs/server.crt
SSLCertificateKeyFile /etc/httpd/conf/2010certs/server.key
SSLCertificateChainFile /etc/httpd/conf/2010certs/intermediate.pem
SSLCACertificateFile /etc/httpd/conf/2010certs/gs_root.pem
# Other parameters here; ServerAdmin, DocumentRoot, ServerName, ErrorLog, etc....
</VirtualHost>
Another VirtualHost block exists for *:80
, but no changes were made to that area.
After saving httpd.conf with the new cert paths, commenting out the old 2009 paths, and attempting to restart apache, I get the following in /var/log/httpd/error_log
and httpd
fails to start:
You configured HTTP(80) on the standard HTTPS(443) port!
Nothing was changed except the certificate paths, and te issue disappears after changing httpd.conf back to use the old certificates.
What could be causing this?
Solution 1:
The problem ended up being due to the presence of a pass phrase on the RSA private key-file server.key -- the apache start scripts were not configured to provide one.
I'm not quite sure why this resulted in the error message above. I'm guessing that apache fell back to a different VirtualHost configuration on port 80 when it failed to read the SSL private key file and couldn't start as HTTPS on 443.
Solution 2:
I also had this problem, but the problem turned out to be a missing "ServerName" directive in the section. I suggest trying this modification to your configuration file:
<VirtualHost ServerIP:443>
ServerName host.domain
# This parameter already existed as-is
SSLEngine on
# These are the parameters I changed (already existed w/ diff paths.)
SSLCertificateFile /etc/httpd/conf/2010certs/server.crt
SSLCertificateKeyFile /etc/httpd/conf/2010certs/server.key
SSLCertificateChainFile /etc/httpd/conf/2010certs/intermediate.pem
SSLCACertificateFile /etc/httpd/conf/2010certs/gs_root.pem
# Other parameters here; ServerAdmin, DocumentRoot, ServerName, ErrorLog, etc....
</VirtualHost>
The third line: Servername host.domain
should be added and server.domain
should be replaced with the actual hostname and domain of your web site.