2

I am trying to configure apache virtual host for ssl.

mywebsite.conf

<VirtualHost *:80>
        ServerAdmin info@mywebsite.com
        ServerName mywebsite.com
        ServerAlias www.mywebsite.com

        DocumentRoot /opt/tomcat/webapps/mywebsite
        <Directory /opt/tomcat/webapps/mywebsite>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride all
                Order allow,deny
                allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/access.log combined[L,NE,R=permanent]
</VirtualHost>

mywebsite-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin info@mywebsite.com
        ServerName mywebsite.com
        ServerAlias www.mywebsite.com

        DocumentRoot /opt/tomcat/webapps/mywebsite
        <Directory /opt/tomcat/webapps/mywebsite>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride all
                Order allow,deny
                allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLCertificateFile /certs/mywebsite_ssl_certificate.crt
        SSLCertificateKeyFile /certs/_.mywebsite_private_key.key
        SSLCertificateChainFile /certs/_.mywebsite_ssl_certificate_INTERMEDIATE.crt
</VirtualHost>
</IfModule>

I enabled both of sites with a2ensite command.

And disabled all other sites.

Also mod ssl is enabled.

/etc/hosts file looks like this:

# nameserver config
# IPv4
127.0.0.1 localhost
127.0.0.1 mywebsite.com
#
# IPv6
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

And if I try access to http://mywebsite.com via browser I am able to see my application. But if I try access to https://mywebsite.com via browser, there is an error:

this site can’t be reached the webpage at might be temporarily down or it may have moved permanently to a new web address

I need help where could be a mistake in my configuring.

slava
  • 3,887
Ante Ereš
  • 121
  • Sorry for the question, but have you restarted or reloaded Apache afterward? Have you tried another browser, although unlikely but maybe the browser cached the "website unavailable" for some reason? – Dan Feb 19 '19 at 15:16
  • Yes, i reloaded my apache and try to access with differenet browsers. Same thing. – Ante Ereš Feb 19 '19 at 15:18
  • There is a typo in the SSL config file, it should say </IfModule>at the end instead of <IfModule>. Reloading may have been skipped since it found an error in the config. You can try running apachectl configtest to validate the configs. – Dan Feb 19 '19 at 15:24
  • my mistake on question part, there is no typo in mywebsite-ssl.conf. I checked syntax already. I'll edit my question right now. Sorry for that, but it's not mistake there. – Ante Ereš Feb 19 '19 at 15:26
  • IMO, the problem is due to a permissions issue. Try to chmod 700 /certs and chmod 600 /certs/*. – pa4080 Feb 19 '19 at 16:07
  • Just tried, same thing again. This site can't be reached – Ante Ereš Feb 19 '19 at 16:10
  • Hi, @AnteEreš, are you sure your certificate files are okay? Please read this answer according to that. – pa4080 Feb 19 '19 at 19:19

1 Answers1

0

Your configurations seem fine. However, it seems that Apache may not be listening to the 443 port.

You may need to instruct Apache to listen to that port by adding the following to a config file.

Listen 443

The line should exist outside a <VirtualHost> tag.

You easily try it by adding to the top of the mywebsite-ssl.conf file or have a standalone config file for it.

If you are using Apache 2.4:

echo "Listen 443" | sudo tee /etc/apache2/conf-available/ssl-port.conf
sudo a2enconf ssl-port
# I'm not sure if graceful will be enough here
# you may need to fully restart the apache2 service
sudo apache2ctl restart
Dan
  • 13,119