Linux – Trouble installing SSL Certificate on Apache

apache-2.2linux

We have a dedicated server with GoDaddy running Plesk that requires SSL.

I've generated the certificate files and I created a vhost_ssl.conf (since I can't edit the default plesk apache configuration http.include, vhost_ssl.conf gets Included to httpd.include) that tells apache where to find the certificate files:

SSLCertificateFile /usr/local/psa/var/certificates/domain.com.crt
SSLCertificateKeyFile /usr/local/psa/var/certificates/domain.com.key
SSLCertificateChainFile /usr/local/psa/var/certificates/sub.class1.server.ca.pem

When I stop/start apache, it refuses to start up. The error_log does not have anything on it either (which is strange).

Then I opened up httpd.include and found this bit:

<VirtualHost 208.xxx.xxx.xxx:443>
    ServerName   domain.com:443
    ServerAlias  www.domain.com
    UseCanonicalName Off

    SSLEngine on
    SSLVerifyClient none
    SSLCertificateFile /usr/local/psa/var/certificates/certagC9054

    Include /var/www/vhosts/domain.com/conf/vhost_ssl.conf

Then I commented out

   SSLCertificateFile /usr/local/psa/var/certificates/certagC9054

(which is plesk's SSL certificate) and restarted apache and it worked perfectly fine.

It seems that Apache does not like multiple SSLCertificateFile within the same VirtualHost directive?

As anyone who worked with plesk knows, I can't just remove SSLCertificateFile directive in httpd.include as plesk will overwrite my changes when someone uses it – which is why it's in vhost_ssl.conf.

So I'm stuck and this is beyond my meager admin skills. Would appreciate someone who knows what (s)he's doing to tell me whats going on.

Thanks in advance.

Best Answer

In my experience with Plesk, things have generally worked out better when I've used the Plesk Admin site to manage my sites, as opposed to manually editing the config file. Plesk's built-in support for SSL certificates is pretty good -- you can easily add a certificate that you've obtained from a third party and associate it with one of the sites you have configured in Plesk.

If you choose to modify the config files directly, the red flag that I see in your post is that you're attempting to apply two different certificates to the same Virtual Host. In my experience, SSL certificates generally only work when there is a 1:1 relationship between IP address and SSL certificate. My suggestion would be to remove one of the SSL certificates, or to break the virtual host into two separate sites on different IP addresses.

Related Topic