Setting up a Godaddy SSL on CentOS?

Lakitu asked:

I’ve never set up an SSL on Linux before, but have a general idea of how it works. Server specs below if it helps:

Server: CentOS Linux 6
Workstation: Windows 7

So, I have 4 domains all of which share a single Magento installation and IP address. Assume one of my domains is “mywebsite1.com” I am trying to enable SSL just for this one domain for now, but I am running into errors. What am I doing wrong? Here’s my work flow:

  1. I purchased an SSL from Godaddy then generated the csr and key with the command given by them:

    openssl req -new -newkey rsa:2048 -nodes -keyout mywebsite1.key -out mywebsite1.csr

  2. I copy both the files to /etc/pki/tls/private

  3. I open mywebsite1.crs then copy and paste the code to Godaddy.

  4. I generate the crt files and download them from Godaddy, upload to my server, and then move them to /etc/pki/tls/certs

  5. a. 1st try, I opened /etc/httpd/conf.d/ssl.conf and updated the
    default VirtualHost block’s SSLCertificate File, KeyFile, and ChainFile values to point to the correct locations.

    b. 2nd try, following
    http://dev.antoinesolutions.com/apache-server/mod_ssl I modified
    ssl.conf and added this directive:

    NameVirtualHost *:443

    c. Then I removed the entire default VirtualHost block (which was
    quite lengthy).

    Last attempt, I added the following to the modified ssl.conf from


<VirtualHost *:443>

    SSLEngine on

    SSLCertificateFile /etc/pki/tls/certs/mywebsite1.com.crt
    SSLCertificateKeyFile /etc/pki/tls/private/mywebsite1.key
    SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt
    DocumentRoot /var/www/html
    ServerName mywebsite1.com
</VirtualHost>

6.. I restart Apache

7.. I then go to https://mywebsite1.com only to find errors that prevent me from viewing the site in various browsers.


Browser: Firefox

SSL received a record with an unknown content type.

(Error code: ssl_error_rx_unknown_record_type)

Browser: Chrome

Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

Browser: IE …takes me to Google…


httpd.conf:

NameVirtualHost 12.34.567.89

<VirtualHost 12.34.567.89>
    DocumentRoot  /var/www/html
    ServerName website1.com
</VirtualHost>

<VirtualHost 12.34.567.89>
    DocumentRoot  /var/www/html
    ServerName website2.com
</VirtualHost>

<VirtualHost 12.34.567.89>
    DocumentRoot  /var/www/html
    ServerName website3.com
</VirtualHost>

<VirtualHost 12.34.567.90:80>
    DocumentRoot /var/www/html
    ServerName website4.com
</VirtualHost>

Notes:

  1. I’ve read that you must enable ssl with a command called “a2enmod ssl” but that command does not exist for my server.
  2. There are no ssl error logs in /etc/httpd/logs.
  3. As per Godaddy, I was instructed to name the key “mywebsite1” without the extension. However, they give me a crt with the extension, which is odd.
  4. This is only development phase and this change will need to be quickly reproduced with a new SSL and different domains once we launch the production server.

I’ve tried all of the steps 3 times (see 5a-5c), but still no luck in getting the SSL to work for 1 of my domains. How can I get SSL to work?

UPDATE: apachectl -S

12.34.567.90:80 mywebsite4.com (/etc/httpd/conf/httpd.conf:1021)
12.34.567.89:* is a NameVirtualHost
default server mywebsite3.com (/etc/httpd/conf/httpd.conf:1016)
port * namevhost mywebsite3.com (/etc/httpd/conf/httpd.conf:1016)
port * namevhost mywebsite1.com (/etc/httpd/conf/httpd.conf:1026)
port * namevhost mywebsite2.com (/etc/httpd/conf/httpd.conf:1031)
port * namevhost mywebsite5.com (/etc/httpd/conf/httpd.conf:1036)
wildcard NameVirtualHosts and _default_ servers:
*:443 is a NameVirtualHost
default server mywebsite1.com (/etc/httpd/conf.d/ssl.conf:77)
port 443 namevhost mywebsite1.com (/etc/httpd/conf.d/ssl.conf:77)
Syntax OK

UPDATE: Got it working..but..

I managed to get the SSL running by changing the vhost to just point to mywebsite1 instead of *:443

<VirtualHost mywebsite1.com>
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/mywebsite1.com.crt
    SSLCertificateKeyFile /etc/pki/tls/private/mywebsite1.key
    #SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt
    DocumentRoot /var/www/html
    ServerName mywebsite1.com
    ErrorLog logs/ssl_error_log
    TransferLog logs/ssl_access_log
    LogLevel warn
</VirtualHost>

This pulls up the SSL, however… the HTTP protocol returns a “Bad Request”

This change seems to be affecting the non-ssl viewing of the site. I can’t specify the port because restarting apache will give me an error that ports and non-ports can’t be mixed.

UPDATE

Fixed with the suggestion by Michael Hampton. Thanks guys.

My answer:


You have a bunch of <VirtualHost> entries that don’t have a port number defined. Thus, as your apachectl -S output showed, the definition is being applied to all listening ports. Define a port number for each of those <VirtualHost>s.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.