I'm trying to set up https service on my VirtualBox guest instance running Debian Squeeze and Apache 2.
When trying to load my virtual host's test page in a browser from my Win7 host machine, I'm getting an error "ssl_error_rx_record_too_long". At the same time, the Apache error log says "Invalid method in request \x16\x03\x01" for this request. The issue is probably unrelated to the fact that I'm running Apache inside a VirtualBox guest, but wanted to paint you the whole picture.
The really interesting part is that I already got to the point where the site loads properly, but only for requests coming from localhost (i.e. from within the VirtualBox Debian Guest) . I've verified this with lynx and wget, they work as expected:
wget https://ssltest.intra/ssl.html
--2013-09-13 07:26:49-- https://ssltest.intra/ssl.html
Resolving ssltest.intra (ssltest.intra)... 127.0.0.1
Connecting to ssltest.intra (ssltest.intra)|127.0.0.1|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 122 [text/html]
Saving to: `ssl.html.1'
100%[======================================>] 122 --.-K/s in 0s
2013-09-13 07:26:49 (1.94 MB/s) - `ssl.html.1' saved [122/122]
Content of the saved file is exactly as expected.
Moreover, if I try to talk to the server via plain text HTTP, it rightfully sends me to a better place:
telnet ssltest.intra 443
Trying 127.0.0.1...
Connected to ssltest.intra.
Escape character is '^]'.
GET /ssl.html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
<blockquote>Hint: <a href="https://ssltest.intra/"><b>https://ssltest.intra/</b></a></blockquote></p>
<hr>
<address>Apache/2.2.22 (Debian) Server at ssltest.intra Port 443</address>
</body></html>
Connection closed by foreign host.
Configuration files below (I've stripped everything from config except the bare minimum for this SSL site to work)
ports.conf:
Listen 443
httpd.conf: empty
ssltest.intra: (the virtualhost configuration)
<VirtualHost *:443>
ServerName ssltest.intra
ServerAdmin webmaster@ssltest.org
SSLEngine On
SSLCertificateFile /etc/ssl/certs/ssltest.intra.crt
SSLCertificateKeyFile /etc/ssl/certs/ssltest.intra.key
DocumentRoot /var/www/ssltest.intra
Options FollowSymLinks
<Directory /var/www/ssltest.intra/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
php_value error_log /var/www/ssltest.intra/php_errors.log
ErrorLog /var/log/apache2/ssltest.intra.error.log
LogLevel warn
CustomLog /var/log/apache2/ssltest.intra.access.log combined
</VirtualHost>
I verified that cert keys are at the indicated location and they are valid (non-expired) keys for the domain. The above virtual host configuration was enabled by a2ensite ssltest.intra
. mod_ssl was enabled, apache2 restarted (several times). When I start apache, this is the entry in the log:
Apache/2.2.22 (Debian) PHP/5.3.3-7+squeeze14 with Suhosin-Patch mod_ssl/2.2.22
OpenSSL/1.0.1e mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations
There are no firewall rules that would prevent any communication over 443.
What am I missing?
EDIT Apparently this has something to do with the VirtualBox network setup. When I try reaching the site locally as 127.0.0.1, everything works as expected. When I try to connect (also locally) via the other NAT-ed interface (192.168.56.10), the request is rejected. Any tips on how to resolve that?
Best Answer
I suspect my case is the same as user242156, and very possibly, the original poster. The issue was that my configuration files in sites-enabled/ were not in fact being read, because the distro's apache2.conf only included sites-enabled/*.conf and my files did not use that extension, as it is not required on, e.g., Ubuntu.
So the correct solution is rename ssltest.intra to ssltest.intra.conf, or if that's really unacceptable, modify apache2.conf to add the line
IncludeOptional sites-enabled/*
.