Debian – Unable to set up SSL support for Apache 2 on Debian

apache-2.2debiandebian-squeezessl

I am trying to set up ssl support for Apache 2 on Debian. Versions are:

Debian GNU/Linux 6.0
apache2 2.2.16-6+squeeze1

I followed a lot of how-tos for days but I couldn't make it work. Here are my steps and configuration files (ServerName and DocumentRoot are changed for privacy, in case tell me):

# mkdir /etc/apache2/ssl
# openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem

at this point I've a doubt about permissions on apache.pem, at this step they are 

-rw-r--r-- 1 root root

Maybe it has to belong to www-data?
Then I enable ssl-mod with

# a2enmod ssl
# /etc/init.d/apache2 restart

I modify /etc/apache2/sites-available/default-ssl in this way (I put port 8080 because I need port 443 for another purpose):

<VirtualHost *:8080>
SSLEngine on
SSLCertificateFile    /etc/apache2/ssl/apache.pem
SSLCertificateKeyFile /etc/apache2/ssl/apache.pem

ServerAdmin webmaster@localhost

    DocumentRoot /var/www
    <Directory />
            Options Indexes FollowSymLinks
            AllowOverride All
    </Directory>
    <Directory /var/www/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
            AllowOverride None
            Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
            Order allow,deny
            Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log


    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

</VirtualHost>


<VirtualHost *:8080>
DocumentRoot /home/user1/public_html/
ServerName first.server.org

# Other directives here

</VirtualHost>

<VirtualHost *:8080>

DocumentRoot /home/user2/public_html/
ServerName second.server.org

# Other directives here

</VirtualHost>

I have to point out that the same configuration works on http (it is a copy of /etc/apache2/sites-available/default with some differences -> port and ssl support).
My /etc/apache2/ports.conf is the following:

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

#NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
#NameVirtualHost *:8080
Listen 8080
</IfModule>

<IfModule mod_gnutls.c>
Listen 8080
</IfModule>

Any suggestion?

Best Answer

According to your config you have several virtual hosts on the same port that you want to use ssl on - and apparently only one of them is configured for ssl.

  1. A port is either ssl enabled or not, you can't have both on the same port.
  2. You can't have several virtual hosts on a port that you're using ssl on.

Remove all other virtual host definitions or change their port or ip address and test it again.

Related Topic