Configuring https for localhost (Apache2)

I try to set up https for my localhost. On my localhost I have a Zabbix_server instance running.

I have set the permissions according to this post, but I recieved this errors:

[Mon Oct 14 10:37:37.593028 2019] [ssl:error] [pid 4224:tid 140048918281152] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: [email protected],CN=127.0.0.1,OU=Support-Myriade,O=Myriade,L=Drongen,ST=Oost-Vlaanderen,C=BE / issuer: [email protected],CN=127.0.0.1,OU=Support-Myriade,O=Myriade,L=Drongen,ST=Oost-Vlaanderen,C=BE / serial: 111BD86A71640373CA50E612F6608B5D5BD4F4B6 / notbefore: Oct 14 08:26:56 2019 GMT / notafter: Oct 13 08:26:56 2020 GMT]
[Mon Oct 14 10:37:37.593040 2019] [ssl:error] [pid 4224:tid 140048918281152] AH02604: Unable to configure certificate 127.0.0.1:443:0 for stapling
[Mon Oct 14 10:37:37.594828 2019] [mpm_event:notice] [pid 4224:tid 140048918281152] AH00489: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 configured -- resuming normal operations
[Mon Oct 14 10:37:37.594875 2019] [core:notice] [pid 4224:tid 140048918281152] AH00094: Command line: '/usr/sbin/apache2'
[Mon Oct 14 10:38:48.961452 2019] [authz_core:error] [pid 4227:tid 140048582260480] [client 127.0.0.1:41054] AH01630: client denied by server configuration: /zabbix

I use Ubuntu version 18.04.3 and apache2 version 2.4.29.

Can anyone guide me on how should I configure my localhost?


Solution 1:

First, disable OCSP stappling with SSLUseStapling off in your VirtualHost section. You don't need that for a self-signed cert. But that's a warning only.

Next, "client denied by server configuration" error means that the Apache Directory section where your /zabbix alias have located has some restrictions. If you've installed Zabbix from package, it might have only localhost allowed by default. Check your Directory sections for the Allow from and/or (depending on your Apache version) Require ip directives and add your IP there.