Okay, so I’ve been fighting with this for a few days and have decided to ask for help. I’m new at this so I hope you don’t think I’m a complete idiot.
I’m on an AWS EC2 instance, with Wordpress installed.
I’m getting ‘Error establishing a database connection’ on the site.
I’ve included what information I have below. Have changed my domain to mydomain.com.
Thank you.
My error logs read:
ssl_error_log:
[Wed Feb 15 15:00:54 2017] [warn] RSA server certificate CommonName (CN) ‘mydomain.com’ does NOT match server name!?
[Wed Feb 15 15:00:54 2017] [warn] RSA server certificate CommonName (CN) ‘mydomain.com’ does NOT match server name!?
error_log:
[Wed Feb 15 14:43:39 2017] [notice] caught SIGTERM, shutting down
[Wed Feb 15 14:43:39 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Feb 15 14:43:39 2017] [notice] Digest: generating secret for digest authentication …
[Wed Feb 15 14:43:39 2017] [notice] Digest: done
[Wed Feb 15 14:43:39 2017] [notice] Apache/2.2.31 (Unix) DAV/2 PHP/5.3.29 mod_ssl/2.2.31 OpenSSL/1.0.1k-fips configured – resuming normal operations
[Wed Feb 15 15:00:54 2017] [notice] caught SIGTERM, shutting down
[Wed Feb 15 15:00:54 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Feb 15 15:00:54 2017] [notice] Digest: generating secret for digest authentication …
[Wed Feb 15 15:00:54 2017] [notice] Digest: done
[Wed Feb 15 15:00:54 2017] [notice] Apache/2.2.31 (Unix) DAV/2 PHP/5.3.29 mod_ssl/2.2.31 OpenSSL/1.0.1k-fips configured – resuming normal operations
My ssl.conf file:
SSL Virtual Host Context
General setup for the virtual host, inherited from global configuration
#DocumentRoot “/var/www/html”
#ServerName mydomain.com:443
Use separate log files for the SSL virtual host; note that LogLevel
is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSL Engine Switch:
Enable/Disable SSL for this virtual host.
SSLEngine on
SSL Protocol support:
List the enable protocol levels with which clients will be able to
connect. Disable SSLv3 access by default:
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSL Cipher Suite:
List the ciphers that the client is permitted to negotiate.
See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
Server Certificate:
Point SSLCertificateFile at a PEM encoded certificate. If
the certificate is encrypted, then you will be prompted for a
pass phrase. Note that a kill -HUP will prompt again. A new
certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
Server Private Key:
If the key is not combined with the certificate, use this
directive to point at the key file. Keep in mind that if
you’ve both a RSA and a DSA private key you can configure
both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Server Certificate Chain:
Point SSLCertificateChainFile at a file containing the
concatenation of PEM encoded CA certificates which form the
certificate chain for the server certificate. Alternatively
the referenced file can be the same as SSLCertificateFile
when the CA certificates are directly appended to the server
certificate for convinience.
#SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/chain.pem
Certificate Authority (CA):
Set the CA certificate verification path where to find CA
certificates for client authentication or alternatively one
huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
My .htaccess file: