I've never set up an SSL on Linux before, but have a general idea of how it works. Server specs below if it helps:
Server: CentOS Linux 6
Workstation: Windows 7
So, I have 4 domains all of which share a single Magento installation and IP address. Assume one of my domains is "mywebsite1.com" I am trying to enable SSL just for this one domain for now, but I am running into errors. What am I doing wrong? Here's my work flow:
-
I purchased an SSL from Godaddy then generated the csr and key with the command given by them:
openssl req -new -newkey rsa:2048 -nodes -keyout mywebsite1.key -out mywebsite1.csr
-
I copy both the files to /etc/pki/tls/private
-
I open mywebsite1.crs then copy and paste the code to Godaddy.
-
I generate the crt files and download them from Godaddy, upload to my server, and then move them to /etc/pki/tls/certs
-
a. 1st try, I opened /etc/httpd/conf.d/ssl.conf and updated the
default VirtualHost block's SSLCertificate File, KeyFile, and ChainFile values to point to the correct locations.b. 2nd try, following
http://dev.antoinesolutions.com/apache-server/mod_ssl I modified
ssl.conf and added this directive:NameVirtualHost *:443
c. Then I removed the entire default VirtualHost block (which was
quite lengthy).Last attempt, I added the following to the modified ssl.conf from
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/mywebsite1.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/mywebsite1.key
SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt
DocumentRoot /var/www/html
ServerName mywebsite1.com
</VirtualHost>
6.. I restart Apache
7.. I then go to https://mywebsite1.com only to find errors that prevent me from viewing the site in various browsers.
Browser: Firefox
SSL received a record with an unknown content type.
(Error code: ssl_error_rx_unknown_record_type)
Browser: Chrome
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.
Browser: IE …takes me to Google…
httpd.conf:
NameVirtualHost 12.34.567.89
<VirtualHost 12.34.567.89>
DocumentRoot /var/www/html
ServerName website1.com
</VirtualHost>
<VirtualHost 12.34.567.89>
DocumentRoot /var/www/html
ServerName website2.com
</VirtualHost>
<VirtualHost 12.34.567.89>
DocumentRoot /var/www/html
ServerName website3.com
</VirtualHost>
<VirtualHost 12.34.567.90:80>
DocumentRoot /var/www/html
ServerName website4.com
</VirtualHost>
Notes:
- I've read that you must enable ssl with a command called "a2enmod ssl" but that command does not exist for my server.
- There are no ssl error logs in /etc/httpd/logs.
- As per Godaddy, I was instructed to name the key "mywebsite1" without the extension. However, they give me a crt with the extension, which is odd.
- This is only development phase and this change will need to be quickly reproduced with a new SSL and different domains once we launch the production server.
I've tried all of the steps 3 times (see 5a-5c), but still no luck in getting the SSL to work for 1 of my domains. How can I get SSL to work?
UPDATE: apachectl -S
12.34.567.90:80 mywebsite4.com (/etc/httpd/conf/httpd.conf:1021)
12.34.567.89:* is a NameVirtualHost
default server mywebsite3.com (/etc/httpd/conf/httpd.conf:1016)
port * namevhost mywebsite3.com (/etc/httpd/conf/httpd.conf:1016)
port * namevhost mywebsite1.com (/etc/httpd/conf/httpd.conf:1026)
port * namevhost mywebsite2.com (/etc/httpd/conf/httpd.conf:1031)
port * namevhost mywebsite5.com (/etc/httpd/conf/httpd.conf:1036)
wildcard NameVirtualHosts and _default_ servers:
*:443 is a NameVirtualHost
default server mywebsite1.com (/etc/httpd/conf.d/ssl.conf:77)
port 443 namevhost mywebsite1.com (/etc/httpd/conf.d/ssl.conf:77)
Syntax OK
UPDATE: Got it working..but..
I managed to get the SSL running by changing the vhost to just point to mywebsite1 instead of *:443
<VirtualHost mywebsite1.com>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/mywebsite1.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/mywebsite1.key
#SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt
DocumentRoot /var/www/html
ServerName mywebsite1.com
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
</VirtualHost>
This pulls up the SSL, however… the HTTP protocol returns a "Bad Request"
This change seems to be affecting the non-ssl viewing of the site. I can't specify the port because restarting apache will give me an error that ports and non-ports can't be mixed.
UPDATE
Fixed with the suggestion by Michael Hampton. Thanks guys.
Best Answer
You have a bunch of
<VirtualHost>
entries that don't have a port number defined. Thus, as yourapachectl -S
output showed, the definition is being applied to all listening ports. Define a port number for each of those<VirtualHost>
s.