Solved

Why can't I restart my apache2 server on ubuntu 14 after installing an SSL certificate for one of my hosted domains?

Posted on 2014-12-29
3
606 Views
Last Modified: 2014-12-29
Hi all,

I have a VPS on Linode with Ubuntu 14 and apache2 running on it. For one of the domains I host I need to use the HTTPS protocol so I followed the steps listed below to create and configure an SSL certificate issued by StartSSL. However, after doing so I can't restart apache server anymore. All steps and errors explained below:

The tutorial that I followed is on Linode SSL tutorial

I followed all the steps mentioned there to generate mydomain.com.key and mydomain.com.csr in the /etc/apache2/ssl folder. Then using the CSR I got myself a signed certificate from StartSSL which I saved in the same folder as mydomain.com.crt. I got the startssl.cer from StartSSL - StartCom Root CA (DER encoded) - which also I saved in the same folder.

Then in the /etc/apache2/sites-enabled/mydomain.com.conf
I pasted the following (full contents of file below):

<VirtualHost *:443>
  SSLEngine On
  SSLCertificateFile /etc/apache2/ssl/mydomain.com.crt
  SSLCertificateKeyFile /etc/apache2/ssl/mydomain.com.key
  SSLCACertificateFile /etc/apache2/ssl/startssl.cer

  # Admin email, Server Name (domain name), and any aliases
  ServerAdmin info@mydomain.com
  ServerName  www.mydomain.com
  ServerAlias mydomain.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.htm index.php
  DocumentRoot /home/basedir/public/mydomain.com/public

  # Log file locations
  LogLevel warn
  ErrorLog  /home/basedir/public/mydomain.com/log/error.log
  CustomLog /home/basedir/public/mydomain.com/log/access.log combined
</VirtualHost>

Open in new window



Now when I restart the apache server I get this error:
basedir@octane:~$ sudo service apache2 restart
 * Restarting web server apache2                                                Action 'start' failed.
The Apache error log may have more information.

Open in new window


The apache error log says:
[Mon Dec 29 22:16:38.002012 2014] [ssl:emerg] [pid 14453] AH02311: Fatal error initialising mod_ssl, exiting. See /home/basedir/public/mifujiclark.com/log/error.log for more information

Open in new window


The contents of file /home/basedir/public/mydomain.com/log/error.log are:
[Mon Dec 29 22:16:38.001962 2014] [ssl:emerg] [pid 14453] AH01895: Unable to configure verify locations for client authentication

Open in new window


SOME NOTES:

1

When I ran the command mentioned in the tutorial (seel link):
openssl req -newkey rsa:2048 -days 365 -nodes -keyout mydomain.com.key -out mydomain.com.csr

There was a step that asked me my
FQDN (Fully Qualified Domain Name) or Common Name (eg, YOUR name) []:

There I put in octane.myotherdomain.com (which is my server's principal domain)
Since when I installed my VPS that was the FQDN I used for several other things. Is that responsible for the mess?
Did I need to put in "mydomain.com" instead of "octane.myotherdomain.com" in that field when I ran the command?

2

at present my ports.conf looks like this:
Listen 80
#Listen 8888

<IfModule ssl_module>
Listen 443
</IfModule>

<IfModule mod_gnutls.c>
Listen 443
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
# NameVirtualHost *:80
# NameVirtualHost *:443

By the way I don't think gnutls is installed as I did not find it in the /etc/apache2/mods-available/ folder

Looking on the internet I found some information regarding NameBasedSSLVHostsWithSNI here.
Is this relevant for my case? Do you think I need the server configuration shown on this link? And if so, in which file do I put it?


Sorry about the muddled question but basically the problem is that since I created the SSL certificated and installed it I can't restart my apache server and I've looked everywhere but I can't figure out what I am doing wrong.

Please help. All assistance will be highly appreciated.

thanks
0
Comment
Question by:badwolfff
  • 2
3 Comments
 
LVL 58

Expert Comment

by:Gary
Comment Utility
Sounds like your cert is malformed - maybe extra characters or CR's or you are referencing the wrong files.
0
 

Author Comment

by:badwolfff
Comment Utility
How do I fix it?
thanks
0
 
LVL 58

Accepted Solution

by:
Gary earned 500 total points
Comment Utility
Double check the files have the correct content i.e. the key is in key file, the cert is in the cert file etc and they are correctly formatted
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now