Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 803
  • Last Modified:

Why can't I restart my apache2 server on ubuntu 14 after installing an SSL certificate for one of my hosted domains?

Hi all,

I have a VPS on Linode with Ubuntu 14 and apache2 running on it. For one of the domains I host I need to use the HTTPS protocol so I followed the steps listed below to create and configure an SSL certificate issued by StartSSL. However, after doing so I can't restart apache server anymore. All steps and errors explained below:

The tutorial that I followed is on Linode SSL tutorial

I followed all the steps mentioned there to generate mydomain.com.key and mydomain.com.csr in the /etc/apache2/ssl folder. Then using the CSR I got myself a signed certificate from StartSSL which I saved in the same folder as mydomain.com.crt. I got the startssl.cer from StartSSL - StartCom Root CA (DER encoded) - which also I saved in the same folder.

Then in the /etc/apache2/sites-enabled/mydomain.com.conf
I pasted the following (full contents of file below):

<VirtualHost *:443>
  SSLEngine On
  SSLCertificateFile /etc/apache2/ssl/mydomain.com.crt
  SSLCertificateKeyFile /etc/apache2/ssl/mydomain.com.key
  SSLCACertificateFile /etc/apache2/ssl/startssl.cer

  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin info@mydomain.com
  ServerName  www.mydomain.com
  ServerAlias mydomain.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.htm index.php
  DocumentRoot /home/basedir/public/mydomain.com/public

  # Log file locations
  LogLevel warn
  ErrorLog  /home/basedir/public/mydomain.com/log/error.log
  CustomLog /home/basedir/public/mydomain.com/log/access.log combined
</VirtualHost>

Open in new window



Now when I restart the apache server I get this error:
basedir@octane:~$ sudo service apache2 restart
 * Restarting web server apache2                                                Action 'start' failed.
The Apache error log may have more information.

Open in new window


The apache error log says:
[Mon Dec 29 22:16:38.002012 2014] [ssl:emerg] [pid 14453] AH02311: Fatal error initialising mod_ssl, exiting. See /home/basedir/public/mifujiclark.com/log/error.log for more information

Open in new window


The contents of file /home/basedir/public/mydomain.com/log/error.log are:
[Mon Dec 29 22:16:38.001962 2014] [ssl:emerg] [pid 14453] AH01895: Unable to configure verify locations for client authentication

Open in new window


SOME NOTES:

1

When I ran the command mentioned in the tutorial (seel link):
openssl req -newkey rsa:2048 -days 365 -nodes -keyout mydomain.com.key -out mydomain.com.csr

There was a step that asked me my
FQDN (Fully Qualified Domain Name) or Common Name (eg, YOUR name) []:

There I put in octane.myotherdomain.com (which is my server's principal domain)
Since when I installed my VPS that was the FQDN I used for several other things. Is that responsible for the mess?
Did I need to put in "mydomain.com" instead of "octane.myotherdomain.com" in that field when I ran the command?

2

at present my ports.conf looks like this:
Listen 80
#Listen 8888

<IfModule ssl_module>
Listen 443
</IfModule>

<IfModule mod_gnutls.c>
Listen 443
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
# NameVirtualHost *:80
# NameVirtualHost *:443

By the way I don't think gnutls is installed as I did not find it in the /etc/apache2/mods-available/ folder

Looking on the internet I found some information regarding NameBasedSSLVHostsWithSNI here.
Is this relevant for my case? Do you think I need the server configuration shown on this link? And if so, in which file do I put it?


Sorry about the muddled question but basically the problem is that since I created the SSL certificated and installed it I can't restart my apache server and I've looked everywhere but I can't figure out what I am doing wrong.

Please help. All assistance will be highly appreciated.

thanks
0
badwolfff
Asked:
badwolfff
  • 2
1 Solution
 
GaryCommented:
Sounds like your cert is malformed - maybe extra characters or CR's or you are referencing the wrong files.
0
 
badwolfffAuthor Commented:
How do I fix it?
thanks
0
 
GaryCommented:
Double check the files have the correct content i.e. the key is in key file, the cert is in the cert file etc and they are correctly formatted
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now