About 2 weeks ago I bought a new wildcard SSL certificate for all of my servers, and immediately tried to set it up on a server by replacing the old self-signed certificate settings. So, I put in the new details, restarted apache, and refresh my browser, and it's still complaining about having a self-signed SSL certificate. So I investigate further, and confirm it's not my browser or local cache by testing it from a remote windows server, but it is still serving the old self-signed certificate (but the chainfile has updated successully). I even tried rebooting the server to attempt to clear apache's SSL cache or whatever is going on, but no luck there either.
And for some crazy reason, it works fine on port 444, if I edit that site and change it to port 443, it goes back to the old certificate …. 🙁 what's going on?
it's not just port 443 that doesn't work by the way, i've tested ports 92XX (as thats what my services run on) and it gets the same errors, even after creating a new site on a new port.
I also tried copying one of the sites to another (new, never had ssl before) server and it works fine there :/
How do I clear apache's "SSL cache" or whatever is going on here (running Ubuntu 12.10 Server)?
Configuration of one of the sites:
<IfModule mod_ssl.c>
<VirtualHost *:9207>
DocumentRoot /var/www/ssl/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/ssl/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
ProxyPass /tr http://localhost:9107/tr
ProxyPassReverse /tr http://localhost:9107/tr
SSLEngine on
SSLCertificateFile /etc/ssl/crt/STAR_mysite_net.crt
SSLCertificateKeyFile /etc/ssl/crt/server.key
SSLCertificateChainFile /etc/ssl/crt/STAR_mysite_net.ca-bundle
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
Best Answer
Run this function as root on your linux server:
works for me on debian. If that is not working you can try parameter -k
error messages in dutch chrome: Fout met SSL-verbinding
error message in english chrome: Error with SSL connection