Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Why can't I restart my apache2 server on ubuntu 14 after installing an SSL certificate for one of my hosted domains?

Posted on 2014-12-29
3
Medium Priority
?
766 Views
Last Modified: 2014-12-29
Hi all,

I have a VPS on Linode with Ubuntu 14 and apache2 running on it. For one of the domains I host I need to use the HTTPS protocol so I followed the steps listed below to create and configure an SSL certificate issued by StartSSL. However, after doing so I can't restart apache server anymore. All steps and errors explained below:

The tutorial that I followed is on Linode SSL tutorial

I followed all the steps mentioned there to generate mydomain.com.key and mydomain.com.csr in the /etc/apache2/ssl folder. Then using the CSR I got myself a signed certificate from StartSSL which I saved in the same folder as mydomain.com.crt. I got the startssl.cer from StartSSL - StartCom Root CA (DER encoded) - which also I saved in the same folder.

Then in the /etc/apache2/sites-enabled/mydomain.com.conf
I pasted the following (full contents of file below):

<VirtualHost *:443>
  SSLEngine On
  SSLCertificateFile /etc/apache2/ssl/mydomain.com.crt
  SSLCertificateKeyFile /etc/apache2/ssl/mydomain.com.key
  SSLCACertificateFile /etc/apache2/ssl/startssl.cer

  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin info@mydomain.com
  ServerName  www.mydomain.com
  ServerAlias mydomain.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.htm index.php
  DocumentRoot /home/basedir/public/mydomain.com/public

  # Log file locations
  LogLevel warn
  ErrorLog  /home/basedir/public/mydomain.com/log/error.log
  CustomLog /home/basedir/public/mydomain.com/log/access.log combined
</VirtualHost>

Open in new window



Now when I restart the apache server I get this error:
basedir@octane:~$ sudo service apache2 restart
 * Restarting web server apache2                                                Action 'start' failed.
The Apache error log may have more information.

Open in new window


The apache error log says:
[Mon Dec 29 22:16:38.002012 2014] [ssl:emerg] [pid 14453] AH02311: Fatal error initialising mod_ssl, exiting. See /home/basedir/public/mifujiclark.com/log/error.log for more information

Open in new window


The contents of file /home/basedir/public/mydomain.com/log/error.log are:
[Mon Dec 29 22:16:38.001962 2014] [ssl:emerg] [pid 14453] AH01895: Unable to configure verify locations for client authentication

Open in new window


SOME NOTES:

1

When I ran the command mentioned in the tutorial (seel link):
openssl req -newkey rsa:2048 -days 365 -nodes -keyout mydomain.com.key -out mydomain.com.csr

There was a step that asked me my
FQDN (Fully Qualified Domain Name) or Common Name (eg, YOUR name) []:

There I put in octane.myotherdomain.com (which is my server's principal domain)
Since when I installed my VPS that was the FQDN I used for several other things. Is that responsible for the mess?
Did I need to put in "mydomain.com" instead of "octane.myotherdomain.com" in that field when I ran the command?

2

at present my ports.conf looks like this:
Listen 80
#Listen 8888

<IfModule ssl_module>
Listen 443
</IfModule>

<IfModule mod_gnutls.c>
Listen 443
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
# NameVirtualHost *:80
# NameVirtualHost *:443

By the way I don't think gnutls is installed as I did not find it in the /etc/apache2/mods-available/ folder

Looking on the internet I found some information regarding NameBasedSSLVHostsWithSNI here.
Is this relevant for my case? Do you think I need the server configuration shown on this link? And if so, in which file do I put it?


Sorry about the muddled question but basically the problem is that since I created the SSL certificated and installed it I can't restart my apache server and I've looked everywhere but I can't figure out what I am doing wrong.

Please help. All assistance will be highly appreciated.

thanks
0
Comment
Question by:badwolfff
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 40522909
Sounds like your cert is malformed - maybe extra characters or CR's or you are referencing the wrong files.
0
 

Author Comment

by:badwolfff
ID: 40522917
How do I fix it?
thanks
0
 
LVL 58

Accepted Solution

by:
Gary earned 2000 total points
ID: 40522940
Double check the files have the correct content i.e. the key is in key file, the cert is in the cert file etc and they are correctly formatted
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question