This site can’t provide a secure connection LAMP on EC2


Show the one that breaks things.
Maybe we can all learn something from it…


Yep, not quite sure what is wrong in it yet; other than the fact that the certs are commented out…

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin webmaster@localhost


    <Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride FileInfo
        Order allow,deny
        allow from all

    DocumentRoot /var/www/
    ErrorLog /var/www/apache2/.log/error.log
    CustomLog /var/www/apache2/.log/access.log combined
#Include /etc/letsencrypt/options-ssl-apache.conf
#SSLCertificateFile /etc/letsencrypt/live/
#SSLCertificateKeyFile /etc/letsencrypt/live/

Thanks a MILLION for your help though, @rg305 and @_az !


Glad to see you found the problem.
I can’t see how this would break Apache in the way it broke another vhost.
What command did you use to stop/start/restart Apache?


I tried a bunch:

sudo service apache2 restart
sudo service apache2 stop
sudo service apache2 start
sudo service apache2 reload
sudo service apache2 graceful
sudo /etc/init.d/apache2 restart
sudo /etc/init.d/apache2 stop
sudo /etc/init.d/apache2 start
sudo /etc/init.d/apache2 reload
sudo /etc/init.d/apache2 graceful

I even rebooted the server completely from the EC2 console


Consider that you are telling Apache two contradictory things:

  1. Here’s a VirtualHost on port 443 that does not have HTTPS enabled (because you commented out the inclusion of options-ssl-apache.conf)
  2. Then, you have a bunch of VirtualHosts on port 443 that DO have HTTPS enabled.

One port in Apache can’t mux for two separate protocols (HTTP and HTTPS). So Apache has to resolve the situation by choosing one or the other.

Perhaps Apache decided “welp, gonna go with HTTP” which acts to disable HTTPS for all port 443 VirtualHosts.

Edit: ideally Apache should refuse to start when it encounters configurations like this that make no sense, but unfortunately it accepts a wide range of nonsense configs that confuse users at runtime (duplicate ServerNames are another common one).


Thanks for the explanation - that makes sense. It should at least throw a warning when I do apachectl -t. Oh well. Thanks again for your help!

closed #27

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.