Question
Cannot create SSL Certificate on Apache for Ubuntu 12.04
There are two articles that explain how to add SSL:
How To Create a SSL Certificate on Apache for Ubuntu 12.04
https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-12-04
How To Set Up Apache with a Free Signed SSL Certificate on a VPS
https://www.digitalocean.com/community/articles/how-to-set-up-apache-with-a-free-signed-ssl-certificate-on-a-vps
DigitalOcean suggested that I follow the first article, which I did.
When editing /etc/apache2/sites-available/default-ssl, I entered something different for "ServerName" than what I entered for "Common Name" during the key generation. I think this is why I got the following error message when I ran "service apache2 reload":
"Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName"
When I made the names consistent and followed some of the suggestions at http://stackoverflow.com/questions/9541460/httpd-could-not-reliably-determine-the-servers-fully-qualified-domain-name-us (which was suggested by Kamal Nasser on https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-12-04), the error message no longer appeared. However, when I go to my domain on the browser, I still do not see HTTPS.
Does anyone have any suggestions on how to get this to work?
After trying many of the different suggestions, here is what I have. Here is my terminal session from key generation:
root@mydomain:~# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout
/etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
Generating a 2048 bit RSA private key
...........................................................................
............................................................+++
.............+++
writing new private key to '/etc/apache2/ssl/apache.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:.
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:mydomain
Organizational Unit Name (eg, section) []:.
Common Name (e.g. server FQDN or YOUR name) []:mydomain.com
Email Address []:.
Here is what I have in /etc/apache2/sites-available/default-ssl :
ServerAdmin webmaster@localhost
ServerName mydomain.com:443
...
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
...
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Here is what I have in /etc/apache2/httpd.conf
ServerName myhost.mydomain.com
Here is what I have in /etc/apache2/apache2.conf
ServerName localhost
Here is what I have in /etc/hosts
127.0.0.1 localhost myhost.mydomain.com
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback myhost.mydomain.com
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
Here is what I have in /etc/sysconfig/network
HOSTNAME = myhost.mydomain.com
Then I did the following:
root@mydomain:~# a2dissite default-ssl
Site default-ssl disabled.
To activate the new configuration, you need to run:
service apache2 reload
root@mydomain:~# a2ensite default-ssl
Enabling site default-ssl.
To activate the new configuration, you need to run:
service apache2 reload
root@mydomain:~# service apache2 reload
* Reloading web server config apache2
...done.
root@mydomain:~# /etc/init.d/apache2 restart
* Restarting web server apache2
... waiting ...done.
root@mydomain:~#
When I go to mydomain.com on the browser, I still do not get HTTPS.
Can anyone help?
Add a comment
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×