SSL Installation Help
I'm a LAMP newbie, working with Debian. I have 3 websites, each on a unique IP addresses. I'm trying to set up a subdomain with SSL on the 3rd website. In other words, I have example1.com, example2.com, and example3.com, all with unique ips. I'm trying to set up SSL on subdomain.example3.com.
I've followed the instructions herehere
When I restart the web server, I get an error message that says "Restarting web server: apache2 failed!" When I look in the Apache error log, I'm sometimes seeing: "[notice] caught SIGTERM, shutting down." That's it.
I can get the web server to restart properly by editing the VirtualHost and commenting the line that says "SSLEngine On." But then SSL obviously doesn't work.
It's possible I've made a silly mistake, or several mistakes. I have no idea what I'm doing. Here's what my config files look like:
/etc/apache2/ports.conf
NameVirtualHost 11.111.111.111:80
NameVirtualHost 22.222.222.222:80
NameVirtualHost 33.333.333.333:80
NameVirtualHost 33.333.333.333:443
Listen 80
<ifmodule mod_ssl.c="">Listen 443</ifmodule>
/etc/apache2/sites-available/example3.com
<virtualhost 33.333.333.333:80="">ServerAdmin hostmaster@example3.com
ServerName example3.com
ServerAlias www.example3.com
DocumentRoot /srv/www/example3.com/public_html/
ErrorLog /srv/www/example3.com/logs/error.log
CustomLog /srv/www/example3.com/logs/access.log combined</virtualhost>
/etc/apache2/sites-available/subdomain.example3.com
<virtualhost 33.333.333.333:80="">ServerAdmin hostmaster@example3.com
ServerName subdomain.example3.com
DocumentRoot /srv/www/subdomain.example3.com/public_html/
ErrorLog /srv/www/subdomain.example3.com/logs/error.log
CustomLog /srv/www/subdomain.example3.com/logs/access.log combined</virtualhost>
<virtualhost 33.333.333.333:443="">ServerAdmin hostmaster@example3.com
ServerName subdomain.example3.com
DocumentRoot /srv/www/subdomain.example3.com/public_html/
ErrorLog /srv/www/subdomain.example3.com/logs/error.log
CustomLog /srv/www/subdomain.example3.com/logs/access.log combined
SSLEngine On
SSLCertificateFile /etc/ssl/localcerts/subdomain.example3.com.crt
SSLCertificateKeyFile /etc/ssl/localcerts/subdomain.example3.com.key
SSLCACertificateFile /etc/ssl/geotrust.cer</virtualhost>
I have confirmed that the paths are correct for the certificate files, but I notice that the tutorials recommend different paths. One says to use /etc/apache2/… The other says /etc/ssl/. I'm using the latter. Could this be part of the problem?
/etc/network/interfaces
auto eth0 eth0:0 eth0:1
# eth0 - This is the main IP address that will be used for most outbound connec$
# The address, netmask and gateway are all necessary.
iface eth0 inet static
address 33.333.333.333
netmask 255.255.255.0
gateway 33.333.333.1
# eth0:0
iface eth0:0 inet static
address 11.111.111.11
netmask 255.255.255.0
#eth0:1
iface eth0:1 inet static
address 22.222.222.222
netmask 255.255.255.0
I'm using a RapidSSL certificate I bought from NameCheap. The Common Name is in the form of 'subdomain.example3.com'. Please let me know if there's any other information I can provide. I'm stumped.
5 Replies
httpd -t
to check the syntax of your apache config files, if it checks out ok drop your LogLevel to either debug or info and try restarting again, see if it spurts out something more useful.
I set the LogLevel to debug, and this is what I got:
[Tue Jun 29 13:12:23 2010] [info] Init: Seeding PRNG with 648 bytes of entropy
[Tue Jun 29 13:12:23 2010] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Jun 29 13:12:23 2010] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Jun 29 13:12:23 2010] [info] Init: Initializing (virtual) servers for SSL
[Tue Jun 29 13:12:23 2010] [info] mod_ssl/2.2.9 compiled against Server: Apache/2.2.9, Library: OpenSSL/0.9.8g
[Tue Jun 29 13:12:23 2010] [info] mod_fcgid: Process manager 2830 started
[Tue Jun 29 13:12:23 2010] [info] Init: Seeding PRNG with 648 bytes of entropy
[Tue Jun 29 13:12:23 2010] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Jun 29 13:12:23 2010] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(383): shmcb_init allocated 512000 bytes of shared memory
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(563): entered shmcb_init_memory()
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(585): for 512000 bytes, recommending 4266 indexes
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(628): shmcb_init_memory choices follow
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(630): division_mask = 0x1F
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(632): division_offset = 64
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(634): division_size = 15998
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(636): queue_size = 1604
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(638): index_num = 133
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(640): index_offset = 8
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(642): index_size = 12
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(644): cache_data_offset = 8
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(646): cache_data_size = 14386
[Tue Jun 29 13:12:23 2010] [debug] ssl_scache_shmcb.c(659): leaving shmcb_init_memory()
[Tue Jun 29 13:12:23 2010] [info] Shared memory session cache initialised
[Tue Jun 29 13:12:23 2010] [info] Init: Initializing (virtual) servers for SSL
[Tue Jun 29 13:12:23 2010] [info] mod_ssl/2.2.9 compiled against Server: Apache/2.2.9, Library: OpenSSL/0.9.8g
[Tue Jun 29 13:12:23 2010] [notice] Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny8 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g configu$
[Tue Jun 29 13:12:23 2010] [info] Server built: Apr 19 2010 19:57:58
[Tue Jun 29 13:12:23 2010] [debug] prefork.c(1032): AcceptMutex: sysvsem (default: sysvsem)
[Tue Jun 29 13:12:32 2010] [info] removed PID file /var/run/apache2.pid (pid=2827)
[Tue Jun 29 13:12:32 2010] [notice] caught SIGTERM, shutting down
[Tue Jun 29 13:12:32 2010] [info] mod_fcgid: Process manager 2830 stopped
[Tue Jun 29 13:12:33 2010] [info] Init: Seeding PRNG with 648 bytes of entropy
[Tue Jun 29 13:12:33 2010] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Jun 29 13:12:33 2010] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Jun 29 13:12:33 2010] [info] Init: Initializing (virtual) servers for SSL
[Tue Jun 29 13:12:33 2010] [info] mod_ssl/2.2.9 compiled against Server: Apache/2.2.9, Library: OpenSSL/0.9.8g
[Tue Jun 29 13:12:33 2010] [info] mod_fcgid: Process manager 2871 started
[Tue Jun 29 13:12:33 2010] [info] Init: Seeding PRNG with 648 bytes of entropy
[Tue Jun 29 13:12:33 2010] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Jun 29 13:12:34 2010] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(383): shmcb_init allocated 512000 bytes of shared memory
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(563): entered shmcb_init_memory()
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(585): for 512000 bytes, recommending 4266 indexes
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(628): shmcb_init_memory choices follow
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(630): division_mask = 0x1F
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(632): division_offset = 64
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(634): division_size = 15998
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(636): queue_size = 1604
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(638): index_num = 133
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(640): index_offset = 8
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(642): index_size = 12
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(644): cache_data_offset = 8
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(646): cache_data_size = 14386
[Tue Jun 29 13:12:34 2010] [debug] ssl_scache_shmcb.c(659): leaving shmcb_init_memory()
[Tue Jun 29 13:12:34 2010] [info] Shared memory session cache initialised
[Tue Jun 29 13:12:34 2010] [info] Init: Initializing (virtual) servers for SSL
[Tue Jun 29 13:12:34 2010] [info] mod_ssl/2.2.9 compiled against Server: Apache/2.2.9, Library: OpenSSL/0.9.8g
[Tue Jun 29 13:12:34 2010] [notice] Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny8 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g configu$
[Tue Jun 29 13:12:34 2010] [info] Server built: Apr 19 2010 19:57:58
[Tue Jun 29 13:12:34 2010] [debug] prefork.c(1032): AcceptMutex: sysvsem (default: sysvsem)
[Tue Jun 29 13:12:59 2010] [info] removed PID file /var/run/apache2.pid (pid=2869)
[Tue Jun 29 13:12:59 2010] [notice] caught SIGTERM, shutting down
[Tue Jun 29 13:12:59 2010] [info] mod_fcgid: Process manager 2871 stopped
[Tue Jun 29 13:13:00 2010] [info] Init: Seeding PRNG with 648 bytes of entropy
[Tue Jun 29 13:13:00 2010] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Tue Jun 29 13:13:00 2010] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Tue Jun 29 13:13:00 2010] [info] Init: Initializing (virtual) servers for SSL
@blitzer:
Okay, everything's fixed. I'm not going to say exactly what I did wrong because it's embarrassing.
:oops:
Your input may help others.:D
@BrianJM:
Your input may help others.
:D
When I created the certificate files, I omitted the beginning and end tags. In other words, I left out the lines that said "–---BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----".
Palm, meet forehead.