I cannot for the life of me get this to work. I have the server configured to use the certs correctly, and http traffic to the domain works, but https always results in an error_107 being thrown by chrome. No logs anywhere show anything useful. I am running a node.js server for the webapp, and apache is configured as a proxy to the port on localhost, and works correctly for http traffic.
Try running https://www.ssllabs.com/ssltest/ against your domain, usually helps find the underlying issue.
Well, it says no supported secure protocols. Not sure what to do from there.
Could you share your apache config (specifically any vhost with ssl, or any other config file you added ssl directives to), and if possible the site in question?
<VirtualHost *:443> ServerAdmin firstname.lastname@example.org ServerName djbird.tk:443 ServerAlias djbird.tk ProxyPreserveHost on ProxyRequests off <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> ProxyPass http://localhost:2368/ ProxyPassReverse http://localhost:2368/ </Location> RequestHeader set X-Forwarded-Proto "https" # SSLEngine on </VirtualHost>
Other than that, the only changes i have made are to the default ssl.conf, which are the 3 lines for the certs and keys.
The line that enables SSL (or TLS),
SSLEngine on, is commented out. Remove the
# symbol from the start of the line.
As it stands, Apache is simply serving unencrypted HTTP on port 443. See: http://djbird.tk:443/
Yeah, I had that commented out for a reason, it breaks apache badly.
You need that enabled for SSL to work. So you’ll need to find a different way to fix whatever breakage it causes. Perhaps we can help if you describe the breakage in more detail?
Ah, now that I have it on, I can see the real errors.
[Wed Nov 25 22:26:18.195419 2015] [core:notice] [pid 10254] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0 [Wed Nov 25 22:26:18.199048 2015] [ssl:emerg] [pid 10254] AH02572: Failed to configure at least one certificate and key for djbird.tk:443 [Wed Nov 25 22:26:18.199100 2015] [ssl:emerg] [pid 10254] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: DH PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile? [Wed Nov 25 22:26:18.199121 2015] [ssl:emerg] [pid 10254] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: EC PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile? [Wed Nov 25 22:26:18.199192 2015] [ssl:emerg] [pid 10254] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned [Wed Nov 25 22:26:18.199205 2015] [ssl:emerg] [pid 10254] AH02312: Fatal error initialising mod_ssl, exiting. AH00016: Configuration Failed
You might need to put the three lines defining the cert/key/chain inside the VirtualHost definition. I don’t know if it’s necessary, but I’ve never seen them anywhere else, and the second line from your log seems to suggest that.
I have done so, and it throws the same error. If I rename the ssl.conf file ito something else, it starts correctly, but ssl functions never start.
Another possibility, if SELinux is in enforcing mode, it could be blocking apache from reading the certificate files. Does it work if you temporarily disable it with
Got it! I had removed a - from the wrong place
Great, glad you got it working
As am I Thank you very much for your help! This project is freaking amazing.
I am having same issue. Could you tell me from which file and place, you removed “-” .