Ssl – How to enable SSL on ubuntu apache2 ec2 instance correctly

apache-2.4sslssl-certificate

I have set up a ubuntu (14.04.2) apache2 (2.4.7) server for SSL, but the certificate doesnt seem to be found. Ubuntu is running on an EC2 instance with static IP, enabled 443 port and domain name theaudioserver.com with DNS record to that static IP. Here is how I set up my server:

  • Created key: openssl genrsa 2048 > privatekey.pem
  • Generated certificate request: openssl req -new -key privatekey.pem -out csr.pem
  • bought a CA SSL certificate with the csr and saved keys to server.crt and server_bundle.crt
  • added ssl.conf file in /etc/apache2/sites-available, which is configured for SSL:
    SSLStaplingCache shmcb:/tmp/stapling_cache(128000) <VirtualHost *:443>
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder On Header always set
    Strict-Transport-Security "max-age=63072000; includeSubdomains;
    preload" Header always set X-Frame-Options DENY Header always set
    X-Content-Type-Options nosniff
    SSLCompression off SSLUseStapling on
    ServerName theaudioserver.com
    SSLEngine on
    SSLCertificateFile /home/ubuntu/certs/server.crt
    SSLCertificateKeyFile /home/ubuntu/certs/privatekey.pem
    SSLCertificateChainFile /home/ubuntu/certs/server_bundle.crt

    DocumentRoot /var/www/html/
</VirtualHost>
  • added SSL with sudo a2enmod ssl
  • restarted apache2 successfully (without any error in the log)
  • I also checked if apache2 is listening to 443 and it seems to listen correclty: sudo netstat -anp | grep apache gives: tcp6 0 0 :::443 :::* LISTEN 3138/apache2

But when I test my domain, the certificate doesn't seem to be found.

On ssllabs.com, I get No SSL certificates were found on theaudioserver.com. Make sure that the name resolves to the correct server and that the SSL port (default is 443) is open on your server's firewall.

When accessing the server via https://52.24.39.220, I get a name mismatch error since I am not accessing via the domain name, but this shows that the server firewall on EC2 seems to be set up correctly.

What am I doing wrong here?

Best Answer

I am not getting any connection at all to your server on port 443 it feels like a firewall issue. Have you opened port 443 in you EC2 security group firewall. Have you opened it in your host's firewall ?

Update;

Your DNS is setup incorrectly

dig +short theaudioserver.com
52.25.39.220

Whereas you say you can connect via 52.24.39.220.

Related Topic