SSL Cert on AWS: database error


#1

Okay, so I’ve been fighting with this for a few days and have decided to ask for help. I’m new at this so I hope you don’t think I’m a complete idiot.

I’m on an AWS EC2 instance, with Wordpress installed.

I’m getting ‘Error establishing a database connection’ on the site.

I’ve included what information I have below. Have changed my domain to mydomain.com.

Thank you.

My error logs read:

ssl_error_log:

[Wed Feb 15 15:00:54 2017] [warn] RSA server certificate CommonName (CN) ‘mydomain.com’ does NOT match server name!?
[Wed Feb 15 15:00:54 2017] [warn] RSA server certificate CommonName (CN) ‘mydomain.com’ does NOT match server name!?

error_log:

[Wed Feb 15 14:43:39 2017] [notice] caught SIGTERM, shutting down
[Wed Feb 15 14:43:39 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Feb 15 14:43:39 2017] [notice] Digest: generating secret for digest authentication …
[Wed Feb 15 14:43:39 2017] [notice] Digest: done
[Wed Feb 15 14:43:39 2017] [notice] Apache/2.2.31 (Unix) DAV/2 PHP/5.3.29 mod_ssl/2.2.31 OpenSSL/1.0.1k-fips configured – resuming normal operations
[Wed Feb 15 15:00:54 2017] [notice] caught SIGTERM, shutting down
[Wed Feb 15 15:00:54 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Feb 15 15:00:54 2017] [notice] Digest: generating secret for digest authentication …
[Wed Feb 15 15:00:54 2017] [notice] Digest: done
[Wed Feb 15 15:00:54 2017] [notice] Apache/2.2.31 (Unix) DAV/2 PHP/5.3.29 mod_ssl/2.2.31 OpenSSL/1.0.1k-fips configured – resuming normal operations

My ssl.conf file:

SSL Virtual Host Context

General setup for the virtual host, inherited from global configuration

#DocumentRoot “/var/www/html”
#ServerName mydomain.com:443

Use separate log files for the SSL virtual host; note that LogLevel

is not inherited from httpd.conf.

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSL Engine Switch:

Enable/Disable SSL for this virtual host.

SSLEngine on

SSL Protocol support:

List the enable protocol levels with which clients will be able to

connect. Disable SSLv3 access by default:

SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3

SSL Cipher Suite:

List the ciphers that the client is permitted to negotiate.

See the mod_ssl documentation for a complete list.

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

Server Certificate:

Point SSLCertificateFile at a PEM encoded certificate. If

the certificate is encrypted, then you will be prompted for a

pass phrase. Note that a kill -HUP will prompt again. A new

certificate can be generated using the genkey(1) command.

SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem

Server Private Key:

If the key is not combined with the certificate, use this

directive to point at the key file. Keep in mind that if

you’ve both a RSA and a DSA private key you can configure

both in parallel (to also allow the use of DSA ciphers, etc.)

SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem

Server Certificate Chain:

Point SSLCertificateChainFile at a file containing the

concatenation of PEM encoded CA certificates which form the

certificate chain for the server certificate. Alternatively

the referenced file can be the same as SSLCertificateFile

when the CA certificates are directly appended to the server

certificate for convinience.

#SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/chain.pem

Certificate Authority (CA):

Set the CA certificate verification path where to find CA

certificates for client authentication or alternatively one

huge file containing all of them (file must be PEM encoded)

#SSLCACertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem

My .htaccess file:

BEGIN WordPress

RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]

END WordPress


#2

establishing a database connection in Wordpress is not usually related to the HTTPS certificate.

Is it working on http ?


#3

Thanks for the reply. Nope, not at all.


#4

OK, then ( as above) I suspect it’s got nothing at all to do with the SSL certificate, and you will probably get a quicker / better response on a Wordpress forum.

I’d suggest starting by checking your settings for the database in your wp-config.php

/** The name of the database for WordPress */
define('DB_NAME', 'your_db_name');

/** MySQL database username */
define('DB_USER', 'your_db_username');

/** MySQL database password */
define('DB_PASSWORD', 'your_db_password');

/** MySQL hostname */
define('DB_HOST', 'localhost');

#5

Okay cool, I’ll do that. Thanks. I did check wp-config and it looks alright.

Are there any tutorials on removing SSL from AWS EC2? I could do that in the meantime.

Thanks again.


#6

Why do you need to remove the SSL ? it has nothing, as far as I can tell, to do with you not being able to connect to your database ( which doesn’t use the SSL cert / port )


#7

Because the error started when I added it - if I can remove it I can make sure it’s not the problem and start again.

But I’ll follow your advice and check out the WP forums first.

Thanks


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.