Question

Install SSL certificate manually on serverpilot for Apache

Posted June 8, 2015 6.6k views
UbuntuApachePHP

Hi all,

As a serverpilot free user, I’m struggling to config ssl to use https on my Ubuntu server.

  1. I followed this tutorial to prepare the key/certs:
    https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-with-a-free-signed-ssl-certificate-on-a-vps

  2. I configured /etc/apache-sp/vhosts.d/app-domain.conf:

    <VirtualHost 127.0.0.1:81>
        Define DOCUMENT_ROOT /srv/users/serverpilot/apps/app-domain/public
        Define PHP_PROXY_URL unix:/srv/users/serverpilot/run/app-domain.php-fpm.sock|fcgi://localhost

        ServerAdmin webmaster@
        DocumentRoot ${DOCUMENT_ROOT}
        ServerName app-domain
        ServerAlias app-domain.com
        ServerAlias www.app-domain.com

        ErrorLog "/srv/users/serverpilot/log/app-domain/app-domain_apache.error.log"
        CustomLog "/srv/users/serverpilot/log/app-domain/app-domain_apache.access.log" common

        RemoteIPHeader X-Real-IP
        SetEnvIf X-Forwarded-SSL on HTTPS=on

        IncludeOptional /etc/apache-sp/vhosts.d/app-domain.d/*.conf
    </VirtualHost>

    <VirtualHost 127.0.0.1:443>
        Define DOCUMENT_ROOT /srv/users/serverpilot/apps/app-domain/public

        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

        SSLCertificateFile /etc/apache-sp/certs/app-domain/app-domain.cert
        SSLCertificateKeyFile /etc/apache-sp/certs/app-domain/private.key
            SSLCertificateChainFile /etc/apache-sp/certs/app-domain/sub.class1.server.ca.pem

        ServerAdmin webmaster@
        DocumentRoot ${DOCUMENT_ROOT}
        ServerName app-domain.com
        ServerAlias app-domain.com
        ServerAlias www.app-domain.com

        ErrorLog "/srv/users/serverpilot/log/app-domain/https_app-domain_apache.error.log"
        CustomLog "/srv/users/serverpilot/log/app-domain/https_app-domain_apache.access.log" common

    </VirtualHost>


but it doesn’t work and i cannot find any error message.

many thanks in advance.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Welcome to DigitalOcean.

Just one question to be clear, do you even have an SSL/TSL Certificate? This tutorial is for using the Certificate from StartSSL.

You should change this line:
<VirtualHost 127.0.0.1:81>
to <VirtualHost 127.0.0.1:80>
Remove this line ServerAlias app-domain.com
Don’t forget to restart your Server service apache2 restart

  • Hi eldin,

    Thanks for your help.

    I changed port to 80 and removed server alias and then restart apache2, but https still not works.

    more information:

    • the necessary keys and certs are there
    • irtualHost port actually generated by ServerPilot - so 81 should be fine

@liang2 ok,ok.
How about you remove apache and install it your own ?

sudo cp -r  /etc/apache-sp /etc/apache_old
apt-get purge apache2

You can follow the tutorial, I wouldn’t do something else, in the way of explaining.

I hope that a fresh install can help you. As it’s most of the time.

  • Thanks eldin!

    I followed your advice, installed apache manually in another instance — and it works!

    After it working in a new apache, I modified my apahce which is managed by Serverpilot, added ‘Listen 443’, it works too. (I’m too lazy to maintain apache myself… )

    *Here is my solution for adding ssl support for apache-sp: *

    Add app-name-for-https.conf under: /etc/apache-sp/vhosts.d

    Listen 443
    
    <VirtualHost *:443>
        Define DOCUMENT_ROOT /srv/users/serverpilot/apps/app-domain/public
    
        SSLEngine on
    
        SSLCertificateFile /etc/apache-sp/certs/app-domain/app-domain.cert
        SSLCertificateKeyFile /etc/apache-sp/certs/app-domain/private.key
            SSLCertificateChainFile /etc/apache-sp/certs/app-domain/sub.class1.server.ca.pem
    
        ServerAdmin webmaster@
        DocumentRoot ${DOCUMENT_ROOT}
            ServerName app-domain
        ServerAlias app-domain.com
        ServerAlias www.app-domain.com
    
    
        RemoteIPHeader X-Real-IP
        SetEnvIf X-Forwarded-SSL on HTTPS=on
        IncludeOptional /etc/apache-sp/vhosts.d/app-domain.d/*.conf
    
        ErrorLog "/srv/users/serverpilot/log/app-domain/https_app-domain_apache.error.log"
        CustomLog "/srv/users/serverpilot/log/app-domain/https_app-domain_apache.access.log" common
    </VirtualHost>
    
    
Submit an Answer