0

I´m having problems setting up a SSL cert. It seems Apache2 does not serve the cert defined in the vhost but the one in default-ssl (which seems to be expired)

default-ssl

<VirtualHost _default_:443>
    ServerAdmin webmaster@localhost
    ServerName 70.127.153.111
     ...
    SSLEngine on
    SSLCertificateFile    /etc/ssl/certs/webserver.pem
    SSLCertificateKeyFile /etc/ssl/private/webserver.key
    ...

Vhost Setup

   <VirtualHost *:443>
        ServerName sub.mydomain.com
        DocumentRoot /var/www/
        SSLEngine on
        SSLCertificateFile /etc/ssl/private/mydomain.crt
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-mydomain-snakeoil.key
        SSLCertificateChainFile /etc/apache2/mydomain.crt
        SetEnvIf User-Agent ".*MSIE.*" \
          nokeepalive ssl-unclean-shutdown \
          downgrade-1.0 force-response-1.0
    </VirtualHost>

Happy for any hint what I´m doing wrong.

Thanks!

toni
  • 139
  • 6
  • You don't have .pem in your vhost setup – Froggiz Nov 12 '15 at 15:22
  • .pem can have a variety of extensions (.pem, .key, .cer, .cert, more) [link](http://serverfault.com/a/9717/234507) – toni Nov 12 '15 at 15:30
  • So did you checked if you didn't messed with your two same named .crt files ? – Froggiz Nov 12 '15 at 15:41
  • mhh mhh mhh true, but never had problems with this on identical machines … I assumed it has something to do with the wildcard, that´s why I tried every combination IP, Domainname,… no change – toni Nov 12 '15 at 15:44
  • Try to change `_default_` by `*`, i got almost the same conf on my apache and SSL works fine – Froggiz Nov 12 '15 at 15:47
  • This sounds promising unfortunately no change I still get the self signed from default-ssl. Would it work that I disable vhost in default-ssl at all? – toni Nov 12 '15 at 15:56
  • If you don't have `DocumentRoot` in default virtual host, try to add one. If the SSL still doen't work after this change, you can try to comment your default virtual host to test if the main SSL works. By the way if you still have errors after, you can check your apache log (and maybe increase log level). And i didn't mention but i hope you did, after each change you need to restart apache `apache2ctl restart` – Froggiz Nov 12 '15 at 16:01
  • Froggiz, thanks a million for your help! I´m embarrassed to say I found the error. The A-Record which were set to point to the machine was simple not populated yet and pointing to another box. Means all my changes could not show any effect. Sorry for this! – toni Nov 12 '15 at 18:01
  • It happend ^_^ ! – Froggiz Nov 12 '15 at 18:27

0 Answers0