b1663r
By:
b1663r

SSL Certificate causing warnings in error.log and not working properly. https// does not work.

April 18, 2015 20.7k views
Apache Security Ubuntu

I am in the process of migrating a clients e-commerce store away from godaddy and to my servers here at digital ocean... everything is now set up, but I have been having issues getting the SSL cert to install properly. After re-keying the cert (based on a .csr built on this server) I modified the .conf file as per one of your tutorials. Please find some more information below.

Ubuntu 14.04
Apache 2.4.7

cert files located in /etc/apache2/ssl folder.

/var/www/mittenvapors.com.conf:

<VirtualHost *:80>
  ServerName mittenvapors.com
  ServerAlias www.mittenvapors.com
  Redirect permanent / https://mittenvapors.com/
</VirtualHost>
<VirtualHost *:443>
  ServerAdmin lee.allen.sc@gmail.com
  ServerName mittenvapors.com
  DocumentRoot /var/www/mittenvapors.com/public_html
  ErrorLog ${APACHE_LOG_DIR}/error.mittenvapors.dev.log
  CustomLog ${APACHE_LOG_DIR}/access.mittenvapors.dev.log combined
  SSLEngine on
  SSLCertificateFile /etc/apache2/ssl/mittenvapors.com.crt
  SSLCertificateKeyFile /etc/apache2/ssl/mittenvapors.com.key
  SSLCertificateChainFile /etc/apache2/ssl/intermediate.crt
</VirtualHost>

I am also getting the following errors when restarting the server:

Sat Apr 18 01:46:54.577441 2015] [mpm_prefork:notice] [pid 23002] AH00169: caught SIGTERM, shutting down
[Sat Apr 18 01:46:55.650745 2015] [ssl:warn] [pid 23069] AH01909: RSA certificate configured for localhost:443 does NOT include an ID which matches the server name
[Sat Apr 18 01:46:55.651210 2015] [ssl:warn] [pid 23069] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Sat Apr 18 01:46:55.726140 2015] [ssl:warn] [pid 23070] AH01909: RSA certificate configured for localhost:443 does NOT include an ID which matches the server name
[Sat Apr 18 01:46:55.726395 2015] [ssl:warn] [pid 23070] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Sat Apr 18 01:46:55.730860 2015] [mpm_prefork:notice] [pid 23070] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.4 OpenSSL/1.0.1f configured -- resuming normal operations
[Sat Apr 18 01:46:55.735974 2015] [core:notice] [pid 23070] AH00094: Command line: '/usr/sbin/apache2'

I'm at my wits end, and for once the Google maschine has failed me. Any help would be greatly appreciated!

1 comment
3 Answers

This question was answered by @asb:

Could you share the command you ran to generate the CSR? What did you enter for the "Common Name?" This tutorial should be of some help:

You can see the comment here.

This tutorial will show you how to acquire and install an SSL certificate from a trusted, commercial Certificate Authority (CA). SSL certificates allow web servers to encrypt their traffic, and also offer a mechanism to validate server identities to their visitors. The...

I am too facing the same problem, any solution to it, I have followed the same tutorial as given above.

Please help.

Have another answer? Share your knowledge.