Ok, so I'm trying to configure my server to accept SSL connections and I cannot get it working. I'm aware there are a lot of similar questions on the site, but each one I have come across so far doesn't seem to help.
I'll post as much information as possible and hopefully you'll be able to help.
My apache version is: 2.2.14 (running on Ubuntu). The information below seems to show that SSL is configured and running fine, but when I try to access https://website.com the request times out.
I got an SSL certificate through GoDaddy, and followed the process to generate the .crt file.
I have the following files:
/home/ubuntu/ssl/website.com.crt
/home/ubuntu/ssl/website.com.key
/home/ubuntu/ssl/gd_bundle.crt
As per my configuration files:
/etc/apache2/ports.conf
NameVirtualHost *:80
NameVirtualHost *:443
Listen 80
Listen 443
/etc/apache2/sites-enabled/000-default-ssl
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName website.com
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
SSLEngine on
SSLCertificateFile /home/ubuntu/ssl/website.com.crt
SSLCertificateKeyFile /home/ubuntu/ssl/website.com.key
SSLCertificateChainFile /home/ubuntu/ssl/gd_bundle.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
The website is working fine over normal HTTP so I won't post the configuration for that (I can if you wish to see it!)
- Apache restarts without errors.
- Doesn't appear to be any errors in the error log file.
The netstat command shows apache listening on the correct port:
netstat -tap | grep https
tcp 0 0 *:https *:* LISTEN 24840/apache2
It may also be useful that I came across the s_client command.
openssl s_client -connect localhost:443
When using localhost, everything appears to be normal (can't say I know what normal is, but there is a lot of relevant information output and doesn't appear to be any errors).
openssl s_client -connect <ip-address>:443
openssl s_client -connect website.com:443
Both of the above output errors:
connect: Connection timed out
connect:errno=110
I came across a lot of the diagnostic information above while trying to get SSL working, but Im not sure what to make of the information and now I am stuck.
If you need any more information just ask!
Thanks, Tom.
Best Answer
The error
Indicates that
openssl
can't even complete a TCP handshake on port 443 of your server.The most likely problem is either with your
iptables
configuration or an external firewall run by your hosting provider.