[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Why can't I restart my apache2 server on ubuntu 14 after installing an SSL certificate for one of my hosted domains?

Posted on 2014-12-29
3
Medium Priority
?
843 Views
Last Modified: 2014-12-29
Hi all,

I have a VPS on Linode with Ubuntu 14 and apache2 running on it. For one of the domains I host I need to use the HTTPS protocol so I followed the steps listed below to create and configure an SSL certificate issued by StartSSL. However, after doing so I can't restart apache server anymore. All steps and errors explained below:

The tutorial that I followed is on Linode SSL tutorial

I followed all the steps mentioned there to generate mydomain.com.key and mydomain.com.csr in the /etc/apache2/ssl folder. Then using the CSR I got myself a signed certificate from StartSSL which I saved in the same folder as mydomain.com.crt. I got the startssl.cer from StartSSL - StartCom Root CA (DER encoded) - which also I saved in the same folder.

Then in the /etc/apache2/sites-enabled/mydomain.com.conf
I pasted the following (full contents of file below):

<VirtualHost *:443>
  SSLEngine On
  SSLCertificateFile /etc/apache2/ssl/mydomain.com.crt
  SSLCertificateKeyFile /etc/apache2/ssl/mydomain.com.key
  SSLCACertificateFile /etc/apache2/ssl/startssl.cer

  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin info@mydomain.com
  ServerName  www.mydomain.com
  ServerAlias mydomain.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.htm index.php
  DocumentRoot /home/basedir/public/mydomain.com/public

  # Log file locations
  LogLevel warn
  ErrorLog  /home/basedir/public/mydomain.com/log/error.log
  CustomLog /home/basedir/public/mydomain.com/log/access.log combined
</VirtualHost>

Open in new window



Now when I restart the apache server I get this error:
basedir@octane:~$ sudo service apache2 restart
 * Restarting web server apache2                                                Action 'start' failed.
The Apache error log may have more information.

Open in new window


The apache error log says:
[Mon Dec 29 22:16:38.002012 2014] [ssl:emerg] [pid 14453] AH02311: Fatal error initialising mod_ssl, exiting. See /home/basedir/public/mifujiclark.com/log/error.log for more information

Open in new window


The contents of file /home/basedir/public/mydomain.com/log/error.log are:
[Mon Dec 29 22:16:38.001962 2014] [ssl:emerg] [pid 14453] AH01895: Unable to configure verify locations for client authentication

Open in new window


SOME NOTES:

1

When I ran the command mentioned in the tutorial (seel link):
openssl req -newkey rsa:2048 -days 365 -nodes -keyout mydomain.com.key -out mydomain.com.csr

There was a step that asked me my
FQDN (Fully Qualified Domain Name) or Common Name (eg, YOUR name) []:

There I put in octane.myotherdomain.com (which is my server's principal domain)
Since when I installed my VPS that was the FQDN I used for several other things. Is that responsible for the mess?
Did I need to put in "mydomain.com" instead of "octane.myotherdomain.com" in that field when I ran the command?

2

at present my ports.conf looks like this:
Listen 80
#Listen 8888

<IfModule ssl_module>
Listen 443
</IfModule>

<IfModule mod_gnutls.c>
Listen 443
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
# NameVirtualHost *:80
# NameVirtualHost *:443

By the way I don't think gnutls is installed as I did not find it in the /etc/apache2/mods-available/ folder

Looking on the internet I found some information regarding NameBasedSSLVHostsWithSNI here.
Is this relevant for my case? Do you think I need the server configuration shown on this link? And if so, in which file do I put it?


Sorry about the muddled question but basically the problem is that since I created the SSL certificated and installed it I can't restart my apache server and I've looked everywhere but I can't figure out what I am doing wrong.

Please help. All assistance will be highly appreciated.

thanks
0
Comment
Question by:badwolfff
  • 2
3 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 40522909
Sounds like your cert is malformed - maybe extra characters or CR's or you are referencing the wrong files.
0
 

Author Comment

by:badwolfff
ID: 40522917
How do I fix it?
thanks
0
 
LVL 58

Accepted Solution

by:
Gary earned 2000 total points
ID: 40522940
Double check the files have the correct content i.e. the key is in key file, the cert is in the cert file etc and they are correctly formatted
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month10 days, 22 hours left to enroll

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question