SSL Installation Help

Hi everyone,

I'm a LAMP newbie, working with Debian. I have 3 websites, each on a unique IP addresses. I'm trying to set up a subdomain with SSL on the 3rd website. In other words, I have example1.com, example2.com, and example3.com, all with unique ips. I'm trying to set up SSL on subdomain.example3.com.

I've followed the instructions here and here as best I can, but no luck.

When I restart the web server, I get an error message that says "Restarting web server: apache2 failed!" When I look in the Apache error log, I'm sometimes seeing: "[notice] caught SIGTERM, shutting down." That's it.

I can get the web server to restart properly by editing the VirtualHost and commenting the line that says "SSLEngine On." But then SSL obviously doesn't work.

It's possible I've made a silly mistake, or several mistakes. I have no idea what I'm doing. Here's what my config files look like:

/etc/apache2/ports.conf

NameVirtualHost 11.111.111.111:80
NameVirtualHost 22.222.222.222:80
NameVirtualHost 33.333.333.333:80
NameVirtualHost 33.333.333.333:443

Listen 80

 <ifmodule mod_ssl.c="">Listen 443</ifmodule> 

/etc/apache2/sites-available/example3.com

 <virtualhost 33.333.333.333:80="">ServerAdmin hostmaster@example3.com
     ServerName example3.com
     ServerAlias www.example3.com
     DocumentRoot /srv/www/example3.com/public_html/
     ErrorLog /srv/www/example3.com/logs/error.log
     CustomLog /srv/www/example3.com/logs/access.log combined</virtualhost> 

/etc/apache2/sites-available/subdomain.example3.com

 <virtualhost 33.333.333.333:80="">ServerAdmin hostmaster@example3.com
     ServerName subdomain.example3.com
     DocumentRoot /srv/www/subdomain.example3.com/public_html/
     ErrorLog /srv/www/subdomain.example3.com/logs/error.log
     CustomLog /srv/www/subdomain.example3.com/logs/access.log combined</virtualhost> 

 <virtualhost 33.333.333.333:443="">ServerAdmin hostmaster@example3.com
     ServerName subdomain.example3.com
     DocumentRoot /srv/www/subdomain.example3.com/public_html/
     ErrorLog /srv/www/subdomain.example3.com/logs/error.log
     CustomLog /srv/www/subdomain.example3.com/logs/access.log combined

     SSLEngine On
     SSLCertificateFile /etc/ssl/localcerts/subdomain.example3.com.crt
     SSLCertificateKeyFile /etc/ssl/localcerts/subdomain.example3.com.key
     SSLCACertificateFile /etc/ssl/geotrust.cer</virtualhost> 

I have confirmed that the paths are correct for the certificate files, but I notice that the tutorials recommend different paths. One says to use /etc/apache2/… The other says /etc/ssl/. I'm using the latter. Could this be part of the problem?

/etc/network/interfaces

auto eth0 eth0:0 eth0:1

# eth0 - This is the main IP address that will be used for most outbound connec$
# The address, netmask and gateway are all necessary.
iface eth0 inet static
 address 33.333.333.333
 netmask 255.255.255.0
 gateway 33.333.333.1

# eth0:0
iface eth0:0 inet static
 address 11.111.111.11
 netmask 255.255.255.0

#eth0:1
iface eth0:1 inet static
address 22.222.222.222
netmask 255.255.255.0

I'm using a RapidSSL certificate I bought from NameCheap. The Common Name is in the form of 'subdomain.example3.com'. Please let me know if there's any other information I can provide. I'm stumped.

5 Replies

run

httpd -t

to check the syntax of your apache config files, if it checks out ok drop your LogLevel to either debug or info and try restarting again, see if it spurts out something more useful.

Hi obs. Thanks for replying

I set the LogLevel to debug, and this is what I got:

[Tue Jun 29 13:12:23 2010] [info] Init: Seeding PRNG with 648 bytes of entropy
[Tue Jun 29 13:12:23 2010] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Jun 29 13:12:23 2010] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Jun 29 13:12:23 2010] [info] Init: Initializing (virtual) servers for SSL
[Tue Jun 29 13:12:23 2010] [info] mod_ssl/2.2.9 compiled against Server: Apache/2.2.9, Library: OpenSSL/0.9.8g
[Tue Jun 29 13:12:23 2010] [info] mod_fcgid: Process manager 2830 started
[Tue Jun 29 13:12:23 2010] [info] Init: Seeding PRNG with 648 bytes of entropy
[Tue Jun 29 13:12:23 2010] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Jun 29 13:12:23 2010] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(383): shmcb_init allocated 512000 bytes of shared memory
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(563): entered shmcb_init_memory()
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(585): for 512000 bytes, recommending 4266 indexes
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(628): shmcb_init_memory choices follow
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(630): division_mask = 0x1F
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(632): division_offset = 64
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(634): division_size = 15998
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(636): queue_size = 1604
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(638): index_num = 133
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(640): index_offset = 8
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(642): index_size = 12
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(644): cache_data_offset = 8
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(646): cache_data_size = 14386
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(659): leaving shmcb_init_memory()
[Tue Jun 29 13:12:23 2010] [info] Shared memory session cache initialised
[Tue Jun 29 13:12:23 2010] [info] Init: Initializing (virtual) servers for SSL
[Tue Jun 29 13:12:23 2010] [info] mod_ssl/2.2.9 compiled against Server: Apache/2.2.9, Library: OpenSSL/0.9.8g
[Tue Jun 29 13:12:23 2010] [notice] Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny8 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g configu$
[Tue Jun 29 13:12:23 2010] [info] Server built: Apr 19 2010 19:57:58
[Tue Jun 29 13:12:23 2010] [debug] prefork.c(1032): AcceptMutex: sysvsem (default: sysvsem)
[Tue Jun 29 13:12:32 2010] [info] removed PID file /var/run/apache2.pid (pid=2827)
[Tue Jun 29 13:12:32 2010] [notice] caught SIGTERM, shutting down
[Tue Jun 29 13:12:32 2010] [info] mod_fcgid: Process manager 2830 stopped
[Tue Jun 29 13:12:33 2010] [info] Init: Seeding PRNG with 648 bytes of entropy
[Tue Jun 29 13:12:33 2010] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Jun 29 13:12:33 2010] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Jun 29 13:12:33 2010] [info] Init: Initializing (virtual) servers for SSL
[Tue Jun 29 13:12:33 2010] [info] mod_ssl/2.2.9 compiled against Server: Apache/2.2.9, Library: OpenSSL/0.9.8g
[Tue Jun 29 13:12:33 2010] [info] mod_fcgid: Process manager 2871 started
[Tue Jun 29 13:12:33 2010] [info] Init: Seeding PRNG with 648 bytes of entropy
[Tue Jun 29 13:12:33 2010] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Jun 29 13:12:34 2010] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(383): shmcb_init allocated 512000 bytes of shared memory
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(563): entered shmcb_init_memory()
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(585): for 512000 bytes, recommending 4266 indexes
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(628): shmcb_init_memory choices follow
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(630): division_mask = 0x1F
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(632): division_offset = 64
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(634): division_size = 15998
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(636): queue_size = 1604
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(638): index_num = 133
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(640): index_offset = 8
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(642): index_size = 12
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(644): cache_data_offset = 8
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(646): cache_data_size = 14386
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(659): leaving shmcb_init_memory()
[Tue Jun 29 13:12:34 2010] [info] Shared memory session cache initialised
[Tue Jun 29 13:12:34 2010] [info] Init: Initializing (virtual) servers for SSL
[Tue Jun 29 13:12:34 2010] [info] mod_ssl/2.2.9 compiled against Server: Apache/2.2.9, Library: OpenSSL/0.9.8g
[Tue Jun 29 13:12:34 2010] [notice] Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny8 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g configu$
[Tue Jun 29 13:12:34 2010] [info] Server built: Apr 19 2010 19:57:58
[Tue Jun 29 13:12:34 2010] [debug] prefork.c(1032): AcceptMutex: sysvsem (default: sysvsem)
[Tue Jun 29 13:12:59 2010] [info] removed PID file /var/run/apache2.pid (pid=2869)
[Tue Jun 29 13:12:59 2010] [notice] caught SIGTERM, shutting down
[Tue Jun 29 13:12:59 2010] [info] mod_fcgid: Process manager 2871 stopped
[Tue Jun 29 13:13:00 2010] [info] Init: Seeding PRNG with 648 bytes of entropy
[Tue Jun 29 13:13:00 2010] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Jun 29 13:13:00 2010] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Jun 29 13:13:00 2010] [info] Init: Initializing (virtual) servers for SSL

Okay, everything's fixed. I'm not going to say exactly what I did wrong because it's embarrassing. :oops:

@blitzer:

Okay, everything's fixed. I'm not going to say exactly what I did wrong because it's embarrassing. :oops:
Your input may help others. :D

@BrianJM:

Your input may help others. :D

When I created the certificate files, I omitted the beginning and end tags. In other words, I left out the lines that said "–---BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".

Palm, meet forehead.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct