We have a dedicated server with GoDaddy running Plesk that requires SSL.
I've generated the certificate files and I created a vhost_ssl.conf (since I can't edit the default plesk apache configuration http.include, vhost_ssl.conf gets Included to httpd.include) that tells apache where to find the certificate files:
SSLCertificateFile /usr/local/psa/var/certificates/domain.com.crt
SSLCertificateKeyFile /usr/local/psa/var/certificates/domain.com.key
SSLCertificateChainFile /usr/local/psa/var/certificates/sub.class1.server.ca.pem
When I stop/start apache, it refuses to start up. The error_log does not have anything on it either (which is strange).
Then I opened up httpd.include and found this bit:
<VirtualHost 208.xxx.xxx.xxx:443>
ServerName domain.com:443
ServerAlias www.domain.com
UseCanonicalName Off
SSLEngine on
SSLVerifyClient none
SSLCertificateFile /usr/local/psa/var/certificates/certagC9054
Include /var/www/vhosts/domain.com/conf/vhost_ssl.conf
Then I commented out
SSLCertificateFile /usr/local/psa/var/certificates/certagC9054
(which is plesk's SSL certificate) and restarted apache and it worked perfectly fine.
It seems that Apache does not like multiple SSLCertificateFile within the same VirtualHost directive?
As anyone who worked with plesk knows, I can't just remove SSLCertificateFile directive in httpd.include as plesk will overwrite my changes when someone uses it - which is why it's in vhost_ssl.conf.
So I'm stuck and this is beyond my meager admin skills. Would appreciate someone who knows what (s)he's doing to tell me whats going on.
Thanks in advance.
It has nothing to do with Plesk. The problem is with the way SSL and HTTP work. Basically, SSL doesn't know the name of your server before it starts, and so Apache can't pick which set of certs to use. See http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47 for more detail on this chicken-and-egg problem.
In my experience with Plesk, things have generally worked out better when I've used the Plesk Admin site to manage my sites, as opposed to manually editing the config file. Plesk's built-in support for SSL certificates is pretty good -- you can easily add a certificate that you've obtained from a third party and associate it with one of the sites you have configured in Plesk.
If you choose to modify the config files directly, the red flag that I see in your post is that you're attempting to apply two different certificates to the same Virtual Host. In my experience, SSL certificates generally only work when there is a 1:1 relationship between IP address and SSL certificate. My suggestion would be to remove one of the SSL certificates, or to break the virtual host into two separate sites on different IP addresses.