My SSL configuration aren't working. Ubuntu apache 2.4

Question

My ssl config arent working now. I just move a site from one host (I moved the certs files.

When I try access I have this error. (Chrome and Firefox say to me that SSL protocol is invalid)

Solved: Finally I forgottednto enable the site :( Sorry and thanks for the help with the SSL config.

I see this in my apache log (I think that is when I enter usin my http route)

[09/Apr/2016:16:54:05 +0000] "GET /homepage/ HTTP/1.1" 302 560 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36"

Here my SSL virtualhost file in sites-enable (I replaced name site to my-site):

Edited after the responses: - Commented SSLCertificateChainFile line.

ErrorLog from ssl virtualhost changed to /home/my-site/logs/my-site.com-error-ssl.log
LogLevel setted to debug
CustomLog from ssl virtualhost changed to /home/my-site/logs/my-site.com.com-access-ssl.log combined

The new logs files are missing, I really can't see any ssl error. I tested too that ssl module is enabled

Testing normal and private session in Chrome results in the same

NON-SSL

    <VirtualHost *:80>
        ServerAdmin webmaster@my-site.com
        ServerName my-site.com
        ServerAlias www.my-site.com
        DocumentRoot /home/my-site/www/my-site.com/current/public/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /home/my-site/www/my-site.com/current/public/ >
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Require all granted
        </Directory>
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Require all granted
        </Directory>
        ErrorLog /home/my-site/logs/my-site.com-error.log
        LogLevel warn
        CustomLog /home/my-site/logs/my-site.com.com-access.log combined
    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Require all denied
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
</VirtualHost>

SSL

<IfModule mod_ssl.c>

ServerAdmin webmaster@my-site.com ServerName my-site.com ServerAlias www.my-site.com DocumentRoot /home/my-site/www/my-site.com/current/public

    <Directory /home/my-site/www/my-site.com/current/public >
            Allow from All
            Require all granted
            Options FollowSymLinks
            AllowOverride All
    </Directory>
    ErrorLog /home/my-site/logs/my-site.com-error-ssl.log
    LogLevel debug
    CustomLog /home/my-site/logs/my-site.com.com-access-ssl.log combined
    SSLEngine on
    SSLCertificateFile /home/my-site/www/my-site.com/current/ssl/www.my-site.com.crt
    SSLCertificateKeyFile /home/my-site/www/my-site.com/current/ssl/www.my-site.com.key
    #SSLCertificateChainFile /home/my-site/www/my-site.com/current/ssl/my-site.com.crt
    SSLCACertificateFile  /home/my-site/www/my-site.com/current/ssl/my-site.com.crt
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
             SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
             SSLOptions +StdEnvVars
    </Directory>
    BrowserMatch "MSIE [2-6]" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

score 1 · Answer 1 · answered Apr 09 '16 at 18:03

you will see more in your logs with debug level warnings

LogLevel debug

you are defining the CA certificate twice here:

 SSLCertificateChainFile /home/my-site/www/my-site.com/current/ssl/sf_bundle_my-site.com.crt
 SSLCACertificateFile  /home/my-site/www/my-site.com/current/ssl/sf_bundle_my-site.com.crt

a Chained certificate file can contain, the root certificate issuer, intermediate trusted issuers and your certificate. the CA certificate should be enough here since your are referring to your own certificate individually.

try commenting out the SSLCertificateChainFile line.

and also put your https url into an online checker for better error reports

https://www.sslshopper.com/ssl-checker.html

I can't use the online checker because I have to work in the "cloned" new host site using my hosts custom config — user1422434, Apr 09 '16 at 20:08
start a private browsing session to see if you have the same error - it may be you cache — Sum1sAdmin, Apr 09 '16 at 20:12

My SSL configuration aren't working. Ubuntu apache 2.4

1 Answers1