Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Why can't I restart my apache2 server on ubuntu 14 after installing an SSL certificate for one of my hosted domains?

Posted on 2014-12-29
3
661 Views
Last Modified: 2014-12-29
Hi all,

I have a VPS on Linode with Ubuntu 14 and apache2 running on it. For one of the domains I host I need to use the HTTPS protocol so I followed the steps listed below to create and configure an SSL certificate issued by StartSSL. However, after doing so I can't restart apache server anymore. All steps and errors explained below:

The tutorial that I followed is on Linode SSL tutorial

I followed all the steps mentioned there to generate mydomain.com.key and mydomain.com.csr in the /etc/apache2/ssl folder. Then using the CSR I got myself a signed certificate from StartSSL which I saved in the same folder as mydomain.com.crt. I got the startssl.cer from StartSSL - StartCom Root CA (DER encoded) - which also I saved in the same folder.

Then in the /etc/apache2/sites-enabled/mydomain.com.conf
I pasted the following (full contents of file below):

<VirtualHost *:443>
  SSLEngine On
  SSLCertificateFile /etc/apache2/ssl/mydomain.com.crt
  SSLCertificateKeyFile /etc/apache2/ssl/mydomain.com.key
  SSLCACertificateFile /etc/apache2/ssl/startssl.cer

  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin info@mydomain.com
  ServerName  www.mydomain.com
  ServerAlias mydomain.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.htm index.php
  DocumentRoot /home/basedir/public/mydomain.com/public

  # Log file locations
  LogLevel warn
  ErrorLog  /home/basedir/public/mydomain.com/log/error.log
  CustomLog /home/basedir/public/mydomain.com/log/access.log combined
</VirtualHost>

Open in new window



Now when I restart the apache server I get this error:
basedir@octane:~$ sudo service apache2 restart
 * Restarting web server apache2                                                Action 'start' failed.
The Apache error log may have more information.

Open in new window


The apache error log says:
[Mon Dec 29 22:16:38.002012 2014] [ssl:emerg] [pid 14453] AH02311: Fatal error initialising mod_ssl, exiting. See /home/basedir/public/mifujiclark.com/log/error.log for more information

Open in new window


The contents of file /home/basedir/public/mydomain.com/log/error.log are:
[Mon Dec 29 22:16:38.001962 2014] [ssl:emerg] [pid 14453] AH01895: Unable to configure verify locations for client authentication

Open in new window


SOME NOTES:

1

When I ran the command mentioned in the tutorial (seel link):
openssl req -newkey rsa:2048 -days 365 -nodes -keyout mydomain.com.key -out mydomain.com.csr

There was a step that asked me my
FQDN (Fully Qualified Domain Name) or Common Name (eg, YOUR name) []:

There I put in octane.myotherdomain.com (which is my server's principal domain)
Since when I installed my VPS that was the FQDN I used for several other things. Is that responsible for the mess?
Did I need to put in "mydomain.com" instead of "octane.myotherdomain.com" in that field when I ran the command?

2

at present my ports.conf looks like this:
Listen 80
#Listen 8888

<IfModule ssl_module>
Listen 443
</IfModule>

<IfModule mod_gnutls.c>
Listen 443
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
# NameVirtualHost *:80
# NameVirtualHost *:443

By the way I don't think gnutls is installed as I did not find it in the /etc/apache2/mods-available/ folder

Looking on the internet I found some information regarding NameBasedSSLVHostsWithSNI here.
Is this relevant for my case? Do you think I need the server configuration shown on this link? And if so, in which file do I put it?


Sorry about the muddled question but basically the problem is that since I created the SSL certificated and installed it I can't restart my apache server and I've looked everywhere but I can't figure out what I am doing wrong.

Please help. All assistance will be highly appreciated.

thanks
0
Comment
Question by:badwolfff
  • 2
3 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 40522909
Sounds like your cert is malformed - maybe extra characters or CR's or you are referencing the wrong files.
0
 

Author Comment

by:badwolfff
ID: 40522917
How do I fix it?
thanks
0
 
LVL 58

Accepted Solution

by:
Gary earned 500 total points
ID: 40522940
Double check the files have the correct content i.e. the key is in key file, the cert is in the cert file etc and they are correctly formatted
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux script delete files 3 47
lunix and unix command 21 86
number in printf 13 32
trouble on installing syslog-ng on CentOS 7 7 53
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question