christophertate
asked on
Apache: Why can I access my site at example.com:443 and NOT at https://example.com?
I've created a self-signed SSL certificate via OpenSSL and have configured it for Apache.
For some reason, I can NOT access my site at:
https://alwaysbaked.net
I believe that I have Apache configured correctly because I can access the following:
http://alwaysbaked.net:443
Also, when I start Apache, I get the following message:
* Starting web server apache2 Apache/2.2.8 mod_ssl/2.2.8 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server alwaysbaked.net:443 (RSA)
Enter pass phrase:
OK: Pass Phrase Dialog successful.
My CONF stub looks like this:
NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot /var/www/alwaysbaked.net/
ServerName alwaysbaked.net
ServerAlias www.alwaysbaked.net
SSLEngine On
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.ke y
</VirtualHost>
I used this tutorial to create the certificate:
https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html
I used this tutorial to configure the certificate for Apache:
https://help.ubuntu.com/8.04/serverguide/C/httpd.html#https-configuration
I don't think the problem is a firewall issue. HTTPS should be open to the outside world, because it's apparent that port 443 is open (I believe that HTTPS uses port 443 for incoming/outgoing communication). Also, my domain is registered at GoDaddy.com, so I'm not sure if they block HTTPS in some way.
Can someone take a look at this and point me in the right direction?
Thanks!
For some reason, I can NOT access my site at:
https://alwaysbaked.net
I believe that I have Apache configured correctly because I can access the following:
http://alwaysbaked.net:443
Also, when I start Apache, I get the following message:
* Starting web server apache2 Apache/2.2.8 mod_ssl/2.2.8 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server alwaysbaked.net:443 (RSA)
Enter pass phrase:
OK: Pass Phrase Dialog successful.
My CONF stub looks like this:
NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot /var/www/alwaysbaked.net/
ServerName alwaysbaked.net
ServerAlias www.alwaysbaked.net
SSLEngine On
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.ke
</VirtualHost>
I used this tutorial to create the certificate:
https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html
I used this tutorial to configure the certificate for Apache:
https://help.ubuntu.com/8.04/serverguide/C/httpd.html#https-configuration
I don't think the problem is a firewall issue. HTTPS should be open to the outside world, because it's apparent that port 443 is open (I believe that HTTPS uses port 443 for incoming/outgoing communication). Also, my domain is registered at GoDaddy.com, so I'm not sure if they block HTTPS in some way.
Can someone take a look at this and point me in the right direction?
Thanks!
ASKER
Ok, I've put all of my HTTPS files in /var/www-ssl/ and all of my HTTP files in /var/www/ but the problem still exists. I actually tried that tutorial but still couldn't get it to work...
Here is my /etc/apache2/sites-availab le/ssl file:
NameVirtualHost *:443
DocumentRoot /var/www-ssl/alwaysbaked.n et/
ServerName alwaysbaked.net
ServerAlias www.alwaysbaked.net
SSLEngine On
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.ke y
And here is my /etc/hosts file:
127.0.0.1 localhost
127.0.1.1 alwaysbaked.net ubuntu
70.112.160.245 alwaysbaked.net
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
Here is my /etc/apache2/sites-availab
NameVirtualHost *:443
DocumentRoot /var/www-ssl/alwaysbaked.n
ServerName alwaysbaked.net
ServerAlias www.alwaysbaked.net
SSLEngine On
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.ke
And here is my /etc/hosts file:
127.0.0.1 localhost
127.0.1.1 alwaysbaked.net ubuntu
70.112.160.245 alwaysbaked.net
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
the code that you showed us shows that you are "listening" on port 443. You need similar code for port 80, the reular http port if you want to do that
ASKER
I'm sorry but I don't understand what you're trying to say. Port 80, port 443, and protocol HTTP all work--I'm not worried about those. The ONLY thing that doesn't work is HTTPS.
I believe HTTPS uses port 443 which is why I'm saying that it's weird that "mysite:443" works but "https://mysite" does NOT work.
I believe HTTPS uses port 443 which is why I'm saying that it's weird that "mysite:443" works but "https://mysite" does NOT work.
as I read through the comments here I see one above that I must disagree with. There is no reason whatsoever why http and https content can not be in the same directory. Many if not most sites do that.
On the original question, now I read it better. Do you have mod_ssl loaded, I wonder what apache will do if you don't
On the original question, now I read it better. Do you have mod_ssl loaded, I wonder what apache will do if you don't
While I may have been incorrect in saying that HTTP and HTTPS content CAN'T be in the same directory, I think it is a best practice not to do so to ensure complete security of all transactions / actions occuring. I would add that in all of the websites I have ever designed / administered / seen (100's) they have been in different directories.
Try navigating to https://YourSite:443/ see if specifying the SSL port has any effect.
Try navigating to https://YourSite:443/ see if specifying the SSL port has any effect.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Awesome, worked perfectly.
Here ( http://www.tc.umn.edu/~brams006/selfsign_ubuntu.html ) is a good walkthrough on the subject.
Good Luck