This site can’t provide a secure connection LAMP on EC2

rg305 · January 12, 2019, 3:26am

Show the one that breaks things.
Maybe we can all learn something from it…

liste · January 12, 2019, 3:34am

Yep, not quite sure what is wrong in it yet; other than the fact that the certs are commented out...

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin webmaster@localhost

    ServerName anotherrandomsite.com
    ServerAlias www.anotherrandomsite.com

    <Directory /var/www/anotherrandomsite.com>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride FileInfo
        Order allow,deny
        allow from all
    </Directory>

    DocumentRoot /var/www/anotherrandomsite.com
    ErrorLog /var/www/apache2/.log/error.log
    CustomLog /var/www/apache2/.log/access.log combined
#Include /etc/letsencrypt/options-ssl-apache.conf
#SSLCertificateFile /etc/letsencrypt/live/anotherrandomsite.com/fullchain.pem
#SSLCertificateKeyFile /etc/letsencrypt/live/anotherrandomsite.com/privkey.pem
</VirtualHost>
</IfModule>

Thanks a MILLION for your help though, @rg305 and @_az !

rg305 · January 12, 2019, 3:38am

Glad to see you found the problem.
I can’t see how this would break Apache in the way it broke another vhost.
What command did you use to stop/start/restart Apache?

liste · January 12, 2019, 3:43am

I tried a bunch:

sudo service apache2 restart
sudo service apache2 stop
sudo service apache2 start
sudo service apache2 reload
sudo service apache2 graceful
sudo /etc/init.d/apache2 restart
sudo /etc/init.d/apache2 stop
sudo /etc/init.d/apache2 start
sudo /etc/init.d/apache2 reload
sudo /etc/init.d/apache2 graceful

I even rebooted the server completely from the EC2 console

_az · January 12, 2019, 4:05am

Consider that you are telling Apache two contradictory things:

Here's a VirtualHost on port 443 that does not have HTTPS enabled (because you commented out the inclusion of options-ssl-apache.conf)
Then, you have a bunch of VirtualHosts on port 443 that DO have HTTPS enabled.

One port in Apache can't mux for two separate protocols (HTTP and HTTPS). So Apache has to resolve the situation by choosing one or the other.

Perhaps Apache decided "welp, gonna go with HTTP" which acts to disable HTTPS for all port 443 VirtualHosts.

Edit: ideally Apache should refuse to start when it encounters configurations like this that make no sense, but unfortunately it accepts a wide range of nonsense configs that confuse users at runtime (duplicate ServerNames are another common one).

liste · January 14, 2019, 11:40pm

Thanks for the explanation - that makes sense. It should at least throw a warning when I do apachectl -t. Oh well. Thanks again for your help!

system · February 13, 2019, 11:40pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.