I am new to debian, new to the forum so please bear with me I did not give a more specific topic since I am unsure of where the problem actually lies
I am working for a non profit organization that had at one point commissioned a web development agency to setup a counselling platform. They set "us" (I wasn't working here yet) up with a root server and started programming. Alas they defaulted and now I was stuck with a half finished platform and a root server I did not have access to until earlier this week when I was enabled by my boss to talk to our IaaS provider regarding a rescue that brought me ssh access, yay. Why bother accessing the server I hear you asking ... well, that's because they didn't install a ssl cert and we can't very well have that given nature and (intended) design of the platform. So even though I have super user access to the CMS and could potentially finish the platform, I had to do something about the ssl. So i created a .key like so https://search.thawte.com/support/ssl-d ... &id=SO2614 . Then i ordered a ssl cert at our IaaS provider got word back from them and here we are
Since the IaaS' page I had access to did not even tell me the exact version of Debian I did a
Code: Select all
# uname -a
Linux Debian-85-jessie-64-minimal 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08) x86_64 GNU/Linux
Code: Select all
# dpkg -l | grep apache
rc apache2 2.4.10-10+deb8u8 amd64 Apache HTTP Server
rc apache2-bin 2.4.10-10+deb8u8 amd64 Apache HTTP Server (modules and other binary files)
I would show you the output for tree but if you are experienced with apache2 2.4 you probably know the configs and their respective locations and if you did not i doubt you would still be reading
I found a guide https://hallard.me/enable-ssl-for-apach ... 5-minutes/ (I promise it is not the only one i looked at but it's described configs were the only ones that matched mine - unlike the guides I found at Thawte or digicert).
So I created a directory and put in a .crt file with my intermediate keys and one containing the certificate and the .key file in there (btw do the names of the .crt files matter?).
Code: Select all
-rw-r--r-- 1 root staff 3.2K Feb 28 09:05 intermediate.crt
-rw-r--r-- 1 root staff 2.3K Feb 28 09:06 public.crt
-rw-r--r-- 1 root root 1.8K Feb 23 09:25 www.mydomain.country.key
Code: Select all
# less ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
#Listen 80
Listen 443
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Code: Select all
a2enmod ssl
Code: Select all
# ls -l mods-enabled/ | grep ssl
lrwxrwxrwx 1 root root 26 Mar 2 15:44 ssl.conf -> ../mods-available/ssl.conf
lrwxrwxrwx 1 root root 26 Mar 2 15:44 ssl.load -> ../mods-available/ssl.load
Code: Select all
# ls -l sites-enabled/
total 0
lrwxrwxrwx 1 root root 39 Mar 2 15:46 000-default.ssl.conf -> ../sites-available/000-default-ssl.conf
lrwxrwxrwx 1 root root 35 Mar 2 16:03 000-default.conf -> ../sites-available/000-default.conf
SSLCertificateFile to match the cert i received
SSLCertificateKeyFile to match the key i created
SSLCertificateChainFile to match the intermediate certs i received
unlike the guide I did the syntax test
Code: Select all
# apachectl configtest
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using *.*.*.*. Set the 'ServerName' directive globally to suppress this message
Syntax OK
Code: Select all
# /etc/init.d/apache2 restart
[....] Starting apache2 (via systemctl): apache2.serviceEnter passphrase for SSL/TLS keys for *.*.*.*:443 (RSA): ***************
. ok
I did neither edit the apache2.conf nor mods-available/ssl.conf nor .load. I thought that would not be necessary since I changed the config for the site and used the apache binaries to activate the module and site. So either I did something wrong so far or I neglected to do something else? Let me know if I need to provide more information but right know I do not know what would be helpful at this point, sorry.
p.s.: have to get home now but I will check the firewall settings first thing tomorrow though it would not surprise me if it was not activated ...
[Update]
It's not a firewall issue. I am wondering why port 80 still seems to work when port 443 does not.
As i understand it, these parts of my apache2.conf
Code: Select all
# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
# Include list of ports to listen on
Include ports.conf
# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf
# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
Code: Select all
# less sites-enabled/000-default.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Code: Select all
# less sites-enabled/000-default-ssl.conf
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
Am i missing something really obvious? Maybe someone would please show me the forest for I can not seem to find it amidst the tress.