4

I was all the day searching in google and here, and nothing works to me.

I have a Ubuntu 16.04 server with Apache 2.4 with multiple virtual hosts. I am trying to configure a Self-Signed SSL Certificate for one of my sites. I follow this two tutorials:

https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04

https://www.digitalocean.com/community/tutorials/how-to-set-up-multiple-ssl-certificates-on-one-ip-with-apache-on-ubuntu-12-04

But right know, if I try to enter my site, it's not visible. In Firefox, throw me a error like this:

Secure Connection Failed

The connection to the server was reset while the page was loading.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

If I tail the /var/log/apache2/error.log after run service apache2 restart I find this errors:

[ssl:error] [pid 14916] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=user@emial.com,CN=example.com,OU=Example,O=Example,L=Test,ST=Test,C=MX / issuer: emailAddress=user@emial.com,CN=example.com,OU=Example,O=Test,L=Test,ST=Test,C=MX / serial: 9AD648D7C9AD4A03 / notbefore: May  3 22:28:46 2017 GMT / notafter: May  3 22:28:46 2018 GMT]
[ssl:error] [pid 14916] AH02604: Unable to configure certificate example.com:443:0 for stapling

And I don´t understand what is wrong. My Virtual Hosts look like this:

<VirtualHost *:80>
    DocumentRoot /var/inetpub/example.com

    ServerName example.com
    ServerAdmin user@email.com

    ErrorLog "${APACHE_LOG_DIR}/example-error.log"
    CustomLog "${APACHE_LOG_DIR}/example-access.log" common

</VirtualHost>

<IfModule mod_ssl.c>
        <VirtualHost *:443>

        ServerAdmin user@email.com
        ServerName example.com
        DocumentRoot /var/inetpub/example.com

        SSLEngine on

        SSLCertificateFile /etc/apache2/ssl/example.com/apache-selfsigned.crt
        SSLCertificateKeyFile /etc/apache2/ssl/dexample.com/apache-selfsigned.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
             SSLOptions +StdEnvVars
        </FilesMatch>

        <Directory /usr/lib/cgi-bin>
             SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch "MSIE [2-6]" \
                      nokeepalive ssl-unclean-shutdown \
                      downgrade-1.0 force-response-1.0

        </VirtualHost>

</IfModule>

<Directory /var/inetpub/example.com>
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
#       Require all granted
</Directory>

The files /etc/apache2/ssl/example.com/apache-selfsigned.crt and /etc/apache2/ssl/dexample.com/apache-selfsigned.key exists. I don´t understand what is the problem... What should I check?

Thanks.

EDIT 1:

In the virtualhost I added this line:

SSLUseStapling off

And the error no longer appears in error.log, but I still can´t enter the site with https in the browser. I don´t if this help, but if directly in the server I use enlinks:

elinks https://www.example.com

This load me the site correctly. But if I try to enter in my computer browser, I can´t see it. The url without https works fine in both.

Eliacim Azor Dávila García
  • 225
  • 1
  • 2
  • 10
  • Did you actually follow the guide all the way through or stop at Step 2: Modify the Default Apache SSL Virtual Host File? There is plenty more to the guide you posted. Additionally, why are you using OCSP? That was established mainly to see if a certificate was revoked to reduce negotiation times. I recommend just following this guide: http://www.techrepublic.com/article/how-to-create-a-self-signed-certificate-to-be-used-for-apache2/ – falconspy May 03 '17 at 23:33
  • I follow the guide, but I want only one site to use SSL, not all the server, so I follow after the second guide, to use the configuration in the virtualhost. I don´t know what is OCSP, but I change in virtualhost `SSLUseStapling off` and the error in log disappear. But I still can't see the site with https in browser. – Eliacim Azor Dávila García May 04 '17 at 14:04
  • What do the error logs for Apache and the website show? – falconspy May 05 '17 at 18:51
  • 1
    Setting SSLUseStapling to off in the virtual host did not solve the problem. I found SSLUseStapling was set on in /etc/apache2/conf-available/ssl-params.conf. Turning it off in ssl-params.conf did solve the problem. – Rick Graves Nov 29 '20 at 04:45

1 Answers1

0

To turn SSLUseStapling off as suggested from above DOSE NOT work, at least for my case. The web server apache2 suddenly went down.

I have to comment out these lines in 000-ispconfig.vhost, and it works with http

#SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt #SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key

Dat TT
  • 2,850
  • 2
  • 16
  • 18