liang2
By:
liang2

Install SSL certificate manually on serverpilot for Apache

June 8, 2015 2.8k views
Apache PHP Ubuntu

Hi all,

As a serverpilot free user, I'm struggling to config ssl to use https on my Ubuntu server.

  1. I followed this tutorial to prepare the key/certs:
    https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-with-a-free-signed-ssl-certificate-on-a-vps

  2. I configured /etc/apache-sp/vhosts.d/app-domain.conf:

    <VirtualHost 127.0.0.1:81>
        Define DOCUMENT_ROOT /srv/users/serverpilot/apps/app-domain/public
        Define PHP_PROXY_URL unix:/srv/users/serverpilot/run/app-domain.php-fpm.sock|fcgi://localhost

        ServerAdmin webmaster@
        DocumentRoot ${DOCUMENT_ROOT}
        ServerName app-domain
        ServerAlias app-domain.com
        ServerAlias www.app-domain.com

        ErrorLog "/srv/users/serverpilot/log/app-domain/app-domain_apache.error.log"
        CustomLog "/srv/users/serverpilot/log/app-domain/app-domain_apache.access.log" common

        RemoteIPHeader X-Real-IP
        SetEnvIf X-Forwarded-SSL on HTTPS=on

        IncludeOptional /etc/apache-sp/vhosts.d/app-domain.d/*.conf
    </VirtualHost>

    <VirtualHost 127.0.0.1:443>
        Define DOCUMENT_ROOT /srv/users/serverpilot/apps/app-domain/public

        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

        SSLCertificateFile /etc/apache-sp/certs/app-domain/app-domain.cert
        SSLCertificateKeyFile /etc/apache-sp/certs/app-domain/private.key
            SSLCertificateChainFile /etc/apache-sp/certs/app-domain/sub.class1.server.ca.pem

        ServerAdmin webmaster@
        DocumentRoot ${DOCUMENT_ROOT}
        ServerName app-domain.com
        ServerAlias app-domain.com
        ServerAlias www.app-domain.com

        ErrorLog "/srv/users/serverpilot/log/app-domain/https_app-domain_apache.error.log"
        CustomLog "/srv/users/serverpilot/log/app-domain/https_app-domain_apache.access.log" common

    </VirtualHost>


but it doesn't work and i cannot find any error message.

many thanks in advance.

3 Answers

Welcome to DigitalOcean.

Just one question to be clear, do you even have an SSL/TSL Certificate? This tutorial is for using the Certificate from StartSSL.

You should change this line:
<VirtualHost 127.0.0.1:81>
to <VirtualHost 127.0.0.1:80>
Remove this line ServerAlias app-domain.com
Don't forget to restart your Server service apache2 restart

  • Hi eldin,

    Thanks for your help.

    I changed port to 80 and removed server alias and then restart apache2, but https still not works.

    more information:

    • the necessary keys and certs are there
    • irtualHost port actually generated by ServerPilot - so 81 should be fine

@liang2 ok,ok.
How about you remove apache and install it your own ?

sudo cp -r  /etc/apache-sp /etc/apache_old
apt-get purge apache2

You can follow the tutorial, I wouldn't do something else, in the way of explaining.

I hope that a fresh install can help you. As it's most of the time.

  • Thanks eldin!

    I followed your advice, installed apache manually in another instance --- and it works!

    After it working in a new apache, I modified my apahce which is managed by Serverpilot, added 'Listen 443', it works too. (I'm too lazy to maintain apache myself... )

    *Here is my solution for adding ssl support for apache-sp: *

    Add app-name-for-https.conf under: /etc/apache-sp/vhosts.d

    Listen 443
    
    <VirtualHost *:443>
        Define DOCUMENT_ROOT /srv/users/serverpilot/apps/app-domain/public
    
        SSLEngine on
    
        SSLCertificateFile /etc/apache-sp/certs/app-domain/app-domain.cert
        SSLCertificateKeyFile /etc/apache-sp/certs/app-domain/private.key
            SSLCertificateChainFile /etc/apache-sp/certs/app-domain/sub.class1.server.ca.pem
    
        ServerAdmin webmaster@
        DocumentRoot ${DOCUMENT_ROOT}
            ServerName app-domain
        ServerAlias app-domain.com
        ServerAlias www.app-domain.com
    
    
        RemoteIPHeader X-Real-IP
        SetEnvIf X-Forwarded-SSL on HTTPS=on
        IncludeOptional /etc/apache-sp/vhosts.d/app-domain.d/*.conf
    
        ErrorLog "/srv/users/serverpilot/log/app-domain/https_app-domain_apache.error.log"
        CustomLog "/srv/users/serverpilot/log/app-domain/https_app-domain_apache.access.log" common
    </VirtualHost>
    
    
Have another answer? Share your knowledge.