Unable to connect (trying to set up SSL in ubuntu) - apache

I purchased an SSL certificate and had it validated. The vendor then sent me the files.
This is my first time adding an SSL to ubuntu.
In my sites enabled folder in Apache I added a new conf file example-ssl.conf
I then added the following
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin info#example.ie
ServerName example.ie
ServerAlias www.example.ie
DocumentRoot /var/www/html/example/
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/example.crt
SSLCertificateKeyFile /etc/ssl/private/example_private.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
I then ran sudo a2ensite example-ssl.conf
But got an error...
Site example-ssl not properly enabled: /etc/apache2/sites-enabled/example-ssl.conf is a real file, not touching it
So I decided to change default-ssl.conf with the same information as above,
I then ran sudo a2ensite default-ssl.conf which worked.
I restarted apache,
but when I go to https://www.example.com , I get an unable to connect error as if the site doesnt exist at all. "Firefox can't establish a connection to the server at www.example.ie."
Thank you
EDIT: A bit of background, I set this up using Digital Ocean. I've now realised this is happening with all my droplets when I try to use https. So perhaps its a more generic setting on linux I need to enable

You don't show any "Listen 443" directive. That's step one if you expect Apache to listen for connections on a new port.
Also everything you posted is a no-op if mod_ssl isn't loaded due to your ifModule.

Related

local WampServer https: ERR_CONNECTION_REFUSED

Edit: It looks like this issue is the root cause. The site in question is a http site, but it redirects to https automatically, so I decided to install an SSL cert to see the outcome. /end edit.
I followed the answer here to create a local SSL cert for my WampServer 3.1.0 64-bit.
I have made a local copy of our site, migrated the database to a new local URL (www.superiorit.dev), create an entry in httpd-vhosts.conf, and added a <VirtualHost www.superiorit.dev:443> entry in C:\wamp64\bin\apache\apache2.4.27\conf\extra\httpd-ssl.conf which contains the correct path to the .cert and .key files.
When I try to load https://www.superiorit.dev in the browser, I receive the error:
This site can’t be reached
www.superiorit.dev refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
This is the entry in http-vhosts.conf:
<VirtualHost www.superiorit.dev:8080>
ServerName www.superiorit.dev
ServerAlias www.superiorit.dev
DocumentRoot "C:/wamp64/www/superiorit"
<Directory "C:/wamp64/www/superiorit">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
</VirtualHost>
This is the entry in http-ssl.conf:
<VirtualHost www.superiorit.dev:443>
DocumentRoot "c:/wamp64/www/superiorit"
ServerName www.superiorit.dev:443
ServerAdmin steve.doig#superiorit.dev
ErrorLog "c:/wamp64/logs/error.log"
TransferLog "c:/wamp64/logs/access.log"
SSLEngine on
SSLCertificateFile "C:/wamp64/bin/apache/apache2.4.27/conf/demoCA/cacert.cert"
SSLCertificateKeyFile "C:/wamp64/bin/apache/apache2.4.27/conf/demoCA/private/cacert.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "c:/Apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "c:/Apache24/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Help appreciated.

Apache2 SSL Configuration with Virtual Hosts on Ubuntu 14.x

I would like to have ONLY https traffic. I want all of it to be driven to https://example.com and https://www.example.com.
At present this is what works and doesn't work:
https://www.example.com - ok!
http://www.example.com - shows a list of files in my webroot for some reason
https://example.com - This site can’t be reached / example.com refused to connect.
http://example.com - The example.com page isn’t working. example.com didn’t send any data.
I am using Ubuntu 14 (trusty) and here is my current enabled virtual host config:
<IfModule mod_ssl.c>
<VirtualHost xxx.xxx.xxx.xxx:443>
ServerAdmin info#example.com
ServerName www.example.com:443
ServerAlias example.com:443
DocumentRoot /var/www/example.com/public_html
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
Any help much appreciated as going nuts!
Did you tried made permanent redirect? https://wiki.apache.org/httpd/RedirectSSL

enable https on a GCE VM

I am trying to install a certificate for all my subdomain on GCE VM, here is what I've done so far:
Allow HTTPS traffic is enabled in the VM settings.
I enabled the certificate on apache and default-ssl.conf looks like this
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin fadi#domain.com
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
ProxyPreserveHost On
ProxyPass /console https://0.0.0.0:8080/console
ProxyPassReverse /console https://0.0.0.0:8080/console
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
But still I can not reach my server on https but am still able to access it via http, even though I enabled ssl using
sudo a2ensite default-ssl.conf
sudo service apache2 restart
Can someone help me please figure out this issue! the app is actually running on apache tomcat but proxied through apache if that make any difference!
443 is the default port used by Compute Engine for its services . Better you use any other port like 7443 or 8443 , then i guess it will work . I myself faced this issue on Compute Engine with Tomcat , and used other than the default ports . And also don't forget to mention whatever port you choose in the Firewall Rules section in the Networking . Let me know if that works !!

mod_ssl fails to load on apache restart after a2enmod ssl with error undefined symbol: ap_map_http_request_error

I am unable to get my apache2 instance to run on https.
I have a running website that works on http with a couple of aliases. I installed a self signed certificate and added the entries to the conf file. So far so good.
At this juncture apache2ctl configtest says OK.
I run a2enmod ssl and ssl get enabled
apache2ctl configtest or a service apache2 restart both fail with this error
Syntax error on line 140 of /etc/apache2/apache2.conf: Syntax error on line 2 of /etc/apache2/mods-enabled/ssl.load: Cannot load /usr/lib/apache2/modules/mod_ssl.so into server: /usr/lib/apache2/modules/mod_ssl.so: undefined symbol: ap_map_http_request_error
Action 'configtest' failed.
verified that mod_ssl.so is in the specified path
verified that the ln to files in sites-enabled is correct
certificate files exist in the specified path
my ssl conf files look like this:
<IfModule mod_ssl.c>
Listen 443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
ServerName www.myserver.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
How do I fix this?

How to install ssl certificate on Flask in apache2/ubuntu14.04 with different ports

i have installed ssl to my apache2 and created https for port of 443, its working. when i tried to install ssl to Flask i could not make it as successful. here are things i have done so far.
i have created file using sudo nano /etc/apache2/sites-available/flask.conf
VirtualHost *:80>
ServerName example.com
ServerAdmin admin#example.com
WSGIScriptAlias / /var/www/FlaskApp/flaskapp.wsgi
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
Alias /static /var/www/FlaskApp/FlaskApp/static
<Directory /var/www/FlaskApp/FlaskApp/static/>
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:5000>
ServerName example.com
<Directory /var/www/FlaskApp/FlaskApp/>
Order allow,deny
Allow from all
</Directory>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/STAR_file.crt
SSLCertificateKeyFile /etc/apache2/ssl/STAR_file.key
SSLCertificateChainFile /etc/apache2/ssl/STAR_file_bundle.pem
<Location />
SSLRequireSSL On
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars +StrictRequire
</Location>
ErrorLog ${APACHE_LOG_DIR}/sslerror.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/sslaccess.log combined
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>'
then i have done the enable example.com and restarted the apache2
but when i am check in browser its not working for the port 5000 and get error as
An error occurred during a connection
SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
I suggest separating the 2 virtual hosts (port 80 and port 5000) to different virtual host files, such as /etc/apache2/sites-available/flask.conf and /etc/apache2/sites-available/flask-ssl.conf. I suspect apache is confused and is serving an HTTP response to an HTTPS request, which can cause that error. It is also possible that you might have a local proxy that's misconfigured, if you use a proxy.
I didn't notice anything wrong with the config file other than that.