Edit: It looks like this issue is the root cause. The site in question is a http site, but it redirects to https automatically, so I decided to install an SSL cert to see the outcome. /end edit.
I followed the answer here to create a local SSL cert for my WampServer 3.1.0 64-bit.
I have made a local copy of our site, migrated the database to a new local URL (www.superiorit.dev), create an entry in httpd-vhosts.conf, and added a <VirtualHost www.superiorit.dev:443> entry in C:\wamp64\bin\apache\apache2.4.27\conf\extra\httpd-ssl.conf which contains the correct path to the .cert and .key files.
When I try to load https://www.superiorit.dev in the browser, I receive the error:
This site can’t be reached
www.superiorit.dev refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
This is the entry in http-vhosts.conf:
<VirtualHost www.superiorit.dev:8080>
ServerName www.superiorit.dev
ServerAlias www.superiorit.dev
DocumentRoot "C:/wamp64/www/superiorit"
<Directory "C:/wamp64/www/superiorit">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
</VirtualHost>
This is the entry in http-ssl.conf:
<VirtualHost www.superiorit.dev:443>
DocumentRoot "c:/wamp64/www/superiorit"
ServerName www.superiorit.dev:443
ServerAdmin steve.doig#superiorit.dev
ErrorLog "c:/wamp64/logs/error.log"
TransferLog "c:/wamp64/logs/access.log"
SSLEngine on
SSLCertificateFile "C:/wamp64/bin/apache/apache2.4.27/conf/demoCA/cacert.cert"
SSLCertificateKeyFile "C:/wamp64/bin/apache/apache2.4.27/conf/demoCA/private/cacert.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "c:/Apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "c:/Apache24/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Help appreciated.
Related
Everytime I try to access https://sub.myproject.test/ this message pops up:
Object not found!
The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.
If you think this is a server error, please contact the webmaster.
Error 404
sub.myproject.test
Apache/2.4.38 (Unix) OpenSSL/1.0.2q PHP/7.2.15 mod_perl/2.0.8-dev Perl/v5.16.3
On httpd-vhosts.conf I have:
<VirtualHost *:80>
DocumentRoot "/mnt/data/myproject/sub.myproject.com/public_html"
ServerName sub.myproject.test
ServerAlias www.sub.myproject.test
<Directory "/mnt/data/myproject/sub.myproject.com/public_html/">
AllowOverride All
Require local
</Directory>
</VirtualHost>
and on httpd-ssl.conf I have:
# catalog config
<VirtualHost *:443>
DocumentRoot "/mnt/data/myproject/sub.myproject.com/public_html"
ServerName sub.myproject.test:443
ServerAlias www.sub.myproject.test:443
ErrorLog "/opt/lampp/logs/error_log"
TransferLog "/opt/lampp/logs/access_log"
SSLEngine on
SSLCertificateFile "/opt/lampp/etc/ssl.crt/server.crt"
SSLCertificateKeyFile "/opt/lampp/etc/ssl.key/server.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/mnt/data/myproject/sub.myproject.com/public_html/">
SSLOptions +StdEnvVars +FakeBasicAuth
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Allow from all
Require all granted
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/opt/lampp/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
And of course in /mnt/data/myproject path I have the sub.myproject.com folder
If you could help me fix this, it'd be very appreciated
Your VirtualHost is ok (except you do not need to put :443 in ServerName and ServerAlias directives), but you never tell Apache which page to display by default, when not specified in the request.
Define DirectoryIndex in each VirtualHost.
Ex: DirectoryIndex index.html
When the request is https://example.com/
,hence nothing after the domain name, Apache will display index.html, from the DocumentRoot directory.
Unrelated to your question, you should put ServerTokens Prod and ServerSignature Off in your configuration, your error message is displaying way to much information.
I'm trying to install SSL certificate on Wamp. I'm following this tutorial here, everything was done without errors, just fine. But when I try to access https://localhost nothing happens. The page shows an error saying it's an insecure connection. If I continue anyway, then I get the https on the address but marked with red alert.
Also, I'm trying to access only the localhost, but usually I'm working with multiple webpages via virtual host, so instead of accessing localhost I would access something like mysite.me or https://mysite.me
Note: I'm using Windows 10.
Edited: As requested in the comments, I'm adding my httpd-ssl.conf file
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:E:/Install/wamp64/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot "E:/Install/wamp64/www"
ServerName localhost:443
ServerAdmin admin#example.com
ErrorLog "E:/Install/wamp64/logs/ssl_error.log"
TransferLog "E:/Install/wamp64/logs/ssl_access.log"
SSLEngine on
SSLCertificateFile "E:/Install/wamp64/bin/apache/apache2.4.23/conf/certificate.crt"
SSLCertificateKeyFile "E:/Install/wamp64/bin/apache/apache2.4.23/conf/private.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "E:\Install\wamp64\www">
SSLOptions +StdEnvVars
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require local
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "E:/Install/wamp64/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
I have a domain which is mapped to an ip address.
http://test.main.com works FINE. https://test.main.com DOES NOT works, getting 404 error.
Please help me to find out the problem
Below is my httpd-ssl.con file
<VirtualHost *:443>
DocumentRoot "D:/ews/liveenergy/myapp"
ServerName test.main.com:443
ServerAdmin admin#localhost
ErrorLog "C:/wamp32/wamp/bin/apache/apache2.4.9/logs/apache_error.log"
TransferLog "C:/wamp32/wamp/bin/apache/apache2.4.9/logs/access.log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "C:/wamp32/wamp/bin/apache/apache2.4.9/conf/ssl.crt/ServerCertificate.crt"
SSLCertificateKeyFile "C:/wamp32/wamp/bin/apache/apache2.4.9/conf/ssl.key/rms_bldgot_com.key"
SSLCertificateChainFile "C:/wamp32/wamp/bin/apache/apache2.4.9/conf/ssl.crt/ChainBundle1.crt"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "D:/ews/liveenergy/myapp">
SSLOptions +StdEnvVars
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order Deny,Allow
Allow from 127.0.0.1
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "C:/wamp/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
It is also possible that some other service is running on port 80. A solution could be to change the port on which is being listened
So change the port on which Wamp listens:
Click on Wamp server -> Apache -> httpd.conf
Change Listen 80 to something else, eg: Listen 81
I would also change Server Name localhost:80 to ServerName localhost:81
If you've done this, and saved httpd.conf, you have to restart the Wamp server. Then use localhost:81 as your root url.
So the urls will then look like
localhost:81/phpmyadmin
localhost:81/mysite_directory
i have installed ssl to my apache2 and created https for port of 443, its working. when i tried to install ssl to Flask i could not make it as successful. here are things i have done so far.
i have created file using sudo nano /etc/apache2/sites-available/flask.conf
VirtualHost *:80>
ServerName example.com
ServerAdmin admin#example.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:5000>
ServerName example.com
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/STAR_file.crt
SSLCertificateKeyFile /etc/apache2/ssl/STAR_file.key
SSLCertificateChainFile /etc/apache2/ssl/STAR_file_bundle.pem
<Location />
SSLRequireSSL On
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +StrictRequire
</Location>
ErrorLog ${APACHE_LOG_DIR}/sslerror.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/sslaccess.log combined
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>'
then i have done the enable example.com and restarted the apache2
but when i am check in browser its not working for the port 5000 and get error as
An error occurred during a connection
SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
I suggest separating the 2 virtual hosts (port 80 and port 5000) to different virtual host files, such as /etc/apache2/sites-available/flask.conf and /etc/apache2/sites-available/flask-ssl.conf. I suspect apache is confused and is serving an HTTP response to an HTTPS request, which can cause that error. It is also possible that you might have a local proxy that's misconfigured, if you use a proxy.
I didn't notice anything wrong with the config file other than that.
So I got an SSL from GoDaddy.
It works for my public site mysite.com.
I would like now to have an SSL connection for my administrator.mysite.com
So I created a self signed certificate using openssl because I don't mind managing my own site with a red mark on the lock.
inside httpd-ssl.conf
<VirtualHost *:443>
ServerName mysite.com:443
ServerAlias www.mysite.com
DocumentRoot /opt/lampp/htdocs/MySite/
ServerAdmin admin#mysite.com
ErrorLog /opt/lampp/htdocs/MySite/logfiles/ssl_errors.log
TransferLog /opt/lampp/htdocs/MySite/logfiles/ssl_access.log
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /opt/lampp/etc/ssl.crt/mysite.com.crt
SSLCertificateKeyFile /opt/lampp/etc/ssl.key/server_nopwd.key
SSLCertificateChainFile /opt/lampp/etc/ssl.crt/gd_bundle.crt
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /opt/lampp/htdocs/MySite/logfiles/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/opt/lampp/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
<VirtualHost *:443>
ServerName administrator.mysite.com:443
DocumentRoot "/opt/lampp/htdocs/"
ServerAdmin admin#mysite.com
ErrorLog /opt/lampp/htdocs/MySite/logfiles/ssl_errors_admin.log
TransferLog /opt/lampp/htdocs/MySite/logfiles/ssl_access_admin.log
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /opt/lampp/etc/ssl.crt/admin.crt
SSLCertificateKeyFile /opt/lampp/etc/ssl.key/admin.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /opt/lampp/htdocs/MySite/logfiles/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/opt/lampp/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
And I get this warning:
[warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
What happens is that the administrator host is redirected to the regular host, which is very annoying
I had the same issue. Strangely some report it works for them like a charm but for others not. I even tried using SNI via SSLStrictSNIVHostCheck apache directive but no luck.
When using the ServerAlias directive with a wildcard domain like eg. *.snakeoil.com then order of the VirtualHost configs matters. If the VirtualHost with the wildcard domain alias:
ServerAlias *.snakeoil.com
is the first one it will be processed first and avoids resolution of other vhosts. Try to reverse vhosts so that this catch all is the last one eg.
<IfModule mod_ssl.c>
# first vhost
<VirtualHost *:443>
ServerName vhost1.snakeoil.com
[...]
</VirtualHost>
# second vhost
<VirtualHost *:443>
ServerName vhost2.snakeoil.com
[...]
</VirtualHost>
# Attention!
# All other vhost requests end up here
# Order matters, keep this entry to be the last one
# as a last resort if any of the above don't apply
<VirtualHost *:443>
ServerName snakeoil.com
ServerAlias *.snakeoil.com
[...]
</VirtualHost>
</IfModule>
Worked for me at least with with apache 2.2.14
That should work fine for newer browsers, although it might be worth checking your htaccess rules incase one of them is inadvertently redirecting admin.mysite.com to mysite.com.
The warning message you're getting is explained more here: https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI (essentially older browsers can only view the default virtualhost).