can't get https to work

Thanks for your help, it’s all sorted now!

heres pastebin of the files: <br> <br>http://pastebin.com/KpxMuKBF <br> <br>http://pastebin.com/npiWTnAQ

my default-ssl looks like this <br> <br><IfModule mod_ssl.c> <br><VirtualHost :443> <br> ServerAdmin webmaster@localhost <br>ServerName effectris.com:443 <br> DocumentRoot /var/www <br> <Directory /> <br> Options FollowSymLinks <br> AllowOverride None <br> </Directory> <br> <Directory /var/www/> <br> Options Indexes FollowSymLinks MultiViews <br> AllowOverride None <br> Order allow,deny <br> allow from all <br> </Directory> <br> <br> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <br> <Directory “/usr/lib/cgi-bin”> <br> AllowOverride None <br> Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch <br> Order allow,deny <br> Allow from all <br> </Directory> <br> <br> ErrorLog ${APACHE_LOG_DIR}/error.log <br> <br> # Possible values include: debug, info, notice, warn, error, crit, <br> # alert, emerg. <br> LogLevel warn <br> <br> CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined <br> <br> # SSL Engine Switch: <br> # Enable/Disable SSL for this virtual host. <br> SSLEngine on <br> <br> # A self-signed (snakeoil) certificate can be created by installing <br> # the ssl-cert package. See <br> # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. <br> # If both key and certificate are stored in the same file, only the <br> # SSLCertificateFile directive is needed. <br> SSLCertificateFile /etc/apache2/ssl/apache.crt <br>SSLCertificateKeyFile /etc/apache2/ssl/apache.key <br> <br> # Server Certificate Chain: <br> # Point SSLCertificateChainFile at a file containing the <br> # concatenation of PEM encoded CA certificates which form the <br> # certificate chain for the server certificate. Alternatively <br> # the referenced file can be the same as SSLCertificateFile <br> # when the CA certificates are directly appended to the server <br> # certificate for convinience. <br> #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt <br> <br> # Certificate Authority (CA): <br> # Set the CA certificate verification path where to find CA <br> # certificates for client authentication or alternatively one <br> # huge file containing all of them (file must be PEM encoded) <br> # Note: Inside SSLCACertificatePath you need hash symlinks <br> # to point to the certificate files. Use the provided <br> # Makefile to update the hash symlinks after changes. <br> #SSLCACertificatePath /etc/ssl/certs/ <br> #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt <br> <br> # Certificate Revocation Lists (CRL): <br> # Set the CA revocation path where to find CA CRLs for client <br> # authentication or alternatively one huge file containing all <br> # of them (file must be PEM encoded) <br> # Note: Inside SSLCARevocationPath you need hash symlinks <br> # to point to the certificate files. Use the provided <br> # Makefile to update the hash symlinks after changes. <br> #SSLCARevocationPath /etc/apache2/ssl.crl/ <br> #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl <br> <br> # Client Authentication (Type): <br> # Client certificate verification type and depth. Types are <br> # none, optional, require and optional_no_ca. Depth is a <br> # number which specifies how deeply to verify the certificate <br> # issuer chain before deciding the certificate is not valid. <br> #SSLVerifyClient require <br> #SSLVerifyDepth 10 <br> <br> # Access Control: <br> # With SSLRequire you can do per-directory access control based <br> # on arbitrary complex boolean expressions containing server <br> # variable checks and other lookup directives. The syntax is a <br> # mixture between C and Perl. See the mod_ssl documentation <br> # for more details. <br> #<Location /> <br> #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/
<br> # and %{SSL_CLIENT_S_DN_O} eq “Snake Oil, Ltd.”
<br> # and %{SSL_CLIENT_S_DN_OU} in {“Staff”, “CA”, “Dev”}
<br> # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5
<br> # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 )
<br> # or %{REMOTE_ADDR} =~ m/^192.76.162.[0-9]+$/ <br> #</Location> <br> <br> # SSL Engine Options: <br> # Set various options for the SSL engine. <br> # o FakeBasicAuth: <br> # Translate the client X.509 into a Basic Authorisation. This means that <br> # the standard Auth/DBMAuth methods can be used for access control. The <br> # user name is the one line' version of the client's X.509 certificate. <br> # Note that no password is obtained from the user. Every entry in the user <br> # file needs this password: xxj31ZMTZzkVA’. <br> # o ExportCertData: <br> # This exports two additional environment variables: SSL_CLIENT_CERT and <br> # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the <br> # server (always existing) and the client (only existing when client <br> # authentication is used). This can be used to import the certificates <br> # into CGI scripts. <br> # o StdEnvVars: <br> # This exports the standard SSL/TLS related `SSL_’ environment variables. <br> # Per default this exportation is switched off for performance reasons, <br> # because the extraction step is an expensive operation and is usually <br> # useless for serving static content. So one usually enables the <br> # exportation for CGI and SSI requests only. <br> # o StrictRequire: <br> # This denies access when “SSLRequireSSL” or “SSLRequire” applied even <br> # under a “Satisfy any” situation, i.e. when it applies access is denied <br> # and no other module can change it. <br> # o OptRenegotiate: <br> # This enables optimized SSL connection renegotiation handling when SSL <br> # directives are used in per-directory context. <br> #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire <br> <FilesMatch “.(cgi|shtml|phtml|php)$”> <br> SSLOptions +StdEnvVars <br> </FilesMatch> <br> <Directory /usr/lib/cgi-bin> <br> SSLOptions +StdEnvVars <br> </Directory> <br> <br> # SSL Protocol Adjustments: <br> # The safe and default but still SSL/TLS standard compliant shutdown <br> # approach is that mod_ssl sends the close notify alert but doesn’t wait for <br> # the close notify alert from client. When you need a different shutdown <br> # approach you can use one of the following variables: <br> # o ssl-unclean-shutdown: <br> # This forces an unclean shutdown when the connection is closed, i.e. no <br> # SSL close notify alert is send or allowed to received. This violates <br> # the SSL/TLS standard but is needed for some brain-dead browsers. Use <br> # this when you receive I/O errors because of the standard approach where <br> # mod_ssl sends the close notify alert. <br> # o ssl-accurate-shutdown: <br> # This forces an accurate shutdown when the connection is closed, i.e. a <br> # SSL close notify alert is send and mod_ssl waits for the close notify <br> # alert of the client. This is 100% SSL/TLS standard compliant, but in <br> # practice often causes hanging connections with brain-dead browsers. Use <br> # this only for browsers where you know that their SSL implementation <br> # works correctly. <br> # Notice: Most problems of broken clients are also related to the HTTP <br> # keep-alive facility, so you usually additionally want to disable <br> # keep-alive for those clients, too. Use variable “nokeepalive” for this. <br> # Similarly, one has to force some clients to use HTTP/1.0 to workaround <br> # their broken HTTP/1.1 implementation. Use variables “downgrade-1.0” and <br> # “force-response-1.0” for this. <br> BrowserMatch “MSIE [2-6]”
<br> nokeepalive ssl-unclean-shutdown
<br> downgrade-1.0 force-response-1.0 <br> # MSIE 7 and newer should be able to use keepalive <br> BrowserMatch “MSIE [17-9]” ssl-unclean-shutdown <br> <br></VirtualHost> <br> <br></IfModule>

when I add NameVirtualHost *:443 like this; <br> <br># If you just change the port or add more ports here, you will likely also <br># have to change the VirtualHost statement in <br># /etc/apache2/sites-enabled/000-default <br># This is also true if you have upgraded from before 2.2.9-3 (i.e. from <br># Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and <br># README.Debian.gz <br> <br>NameVirtualHost *:443 <br>NameVirtualHost *:80 <br>Listen 80 <br> <br><IfModule mod_ssl.c> <br> # If you add NameVirtualHost *:443 here, you will also have to change <br> # the VirtualHost statement in /etc/apache2/sites-available/default-ssl <br> # to <VirtualHost *:443> <br> # Server Name Indication for SSL named virtual hosts is currently not <br> # supported by MSIE on Windows XP. <br> NameVirtualHost *:443 <br> Listen 443 <br></IfModule> <br> <br>I get: <br># sudo service apache2 restart <br> * Restarting web server apache2 [Fri Jan 03 15:54:16 2014] [warn] NameVirtualHost *:443 has no VirtualHosts <br> … waiting [Fri Jan 03 15:54:17 2014] [warn] NameVirtualHost *:443 has no VirtualHosts <br>

Weird, I can telnet to port 80 on 185.14.185.182 and get Apache. Anyway, do you have <code>NameVirtualHost *:443 </code> in ports.conf? <br> <br>Is your virtualhost listening on *:443?

http://pastebin.com/eHxLXL5u <br> <br>Maybe it has something to do with the fact that my domainname is with a swedish provider and points through a “@ A 185.14.185.182” pointer?

Hmm, odd. Doesn’t seem like it’s listening on IPv4 0.0.0.0? Can you paste the output of the netstat command on Pastebin? Some lines might have been filtered out by the site or something.

<br>tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 9256/sendmail: MTA: <br>tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 3480/mysqld <br>tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN 9256/sendmail: MTA: <br>tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 909/sshd <br>tcp6 0 0 :::443 :::* LISTEN 11044/apache2 <br>tcp6 0 0 :::80 :::* LISTEN 11044/apache2 <br>tcp6 0 0 :::22 :::* LISTEN 909/sshd <br> <br>and if I now try to access the site via https I get this errorcode: ERR_SSL_PROTOCOL_ERROR <br> <br>Ps. I really appreciate you taking time helping me! <br>Cheers

Delete one of them, restart apache, and run the netstat command again—is apache listening on port 443?

Yes, this is what the ports.conf looks like: <br> <br>NameVirtualHost *:80 <br>Listen 80 <br> <br><IfModule mod_ssl.c> <br> # If you add NameVirtualHost *:443 here, you will also have to change <br> # the VirtualHost statement in /etc/apache2/sites-available/default-ssl <br> # to <VirtualHost *:443> <br> # Server Name Indication for SSL named virtual hosts is currently not <br> # supported by MSIE on Windows XP. <br> Listen 443 <br></IfModule> <br> <br><IfModule mod_gnutls.c> <br> Listen 443 <br></IfModule>