Have I messed up buying the wrong SSL certificate for my domain?
I have just purchased an SSL certificate from Go Daddy. I setup the certificate to be:
www.mydomainname.com (I changed the domain as you can tell.)
I setup Apache and it is working. So when I type https://www.mydomainname.com it all works.
HOWEVER:
When I type http://www.mydomainname.com I get this error from Apache:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
I was hoping I could type
http://www.mydomainname.com for HTTP requests
and
https://www.mydomainname.com when I want secure requests.
What have I done wrong?
Here is my Apache configuration:
Under sites-enabled (I am using Ubuntu's Apache setup)
I have file called ssl
<IfModule mod_ssl.c>;
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/www.mydomainname.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/www.mydomainname.com.key
</IfModule>
and another called webapp:
<IfModule mod_proxy_ajp.c>
ProxyRequests On
ProxyVia On
<Location />
Order allow,deny
Allow from all
AuthType Basic
AuthName "Restricted area"
AuthUserFile /etc/apache2/passwd/access
Require valid-user
ProxyPass ajp://localhost:9999/
ProxyPassReverse ajp://localhost:9999/
</Location>
<Location /uploader>
Order allow,deny
Satisfy Any
Allow from all
ProxyPass ajp://localhost:9999/uploader
ProxyPassReverse ajp://localhost:9999/uploader
</Location>
</IfModule>
Solution 1:
Check your Apache configuration to make sure you're listening on port 80 for HTTP and port 443 for HTTPS.
In your /etc/httpd/conf/httpd.conf, you should have "Listen 80". You should also have an /etc/httpd/conf.d/ssl.conf file (probably) with "Listen 443" specified in it.
You need virtual hosts configured, one for *:80 and one for *:443. The *:443 needs to have the SSL specification in it, the *:80 should not have the SSL stuff in it.
You did not buy the wrong SSL certification.
Solution 2:
You actually need to configuer 2 VHosts, the SSL VHost and the non-SSL VHost differ only by the SSL part you actually place in the VHost since you could have a multitude of SSL VHosts (listening on different ports) it doesn't actually make sense to provide this in a server wide context which I think is what you are doing.
Solution 3:
OK, I fixed it. I got mixed up with not having Virtualhost earlier. This is the end configuration:
ssl configuration is:
<VirtualHost *:443>
DocumentRoot /var/www/
<IfModule mod_proxy_ajp.c>
ProxyRequests On
ProxyVia On
<Location />
Order allow,deny
Allow from all
AuthType Basic
AuthName "Restricted area"
AuthUserFile /etc/apache2/passwd/site-access
Require valid-user
ProxyPass ajp://localhost:9999/
ProxyPassReverse ajp://localhost:9999/
</Location>
<Location /uploader>
Order allow,deny
Satisfy Any
Allow from all
ProxyPass ajp://localhost:9999/uploader
ProxyPassReverse ajp://localhost:9999/uploader
</Location>
</IfModule>
<IfModule mod_ssl.c>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/www.mydomain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/www.mydomain.com.key
</IfModule>
</VirtualHost>
Webapp configuration is:
<VirtualHost *:80>
DocumentRoot /var/www/
<IfModule mod_proxy_ajp.c>
ProxyRequests On
ProxyVia On
<Location />
Order allow,deny
Allow from all
AuthType Basic
AuthName "Restricted area"
AuthUserFile /etc/apache2/passwd/site-access
Require valid-user
ProxyPass ajp://localhost:9999/
ProxyPassReverse ajp://localhost:9999/
</Location>
<Location /uploader>
Order allow,deny
Satisfy Any
Allow from all
ProxyPass ajp://localhost:9999/uploader
ProxyPassReverse ajp://localhost:9999/uploader
</Location>
</IfModule>
</VirtualHost>