I have just purchased an SSL certificate from Go Daddy. I setup the certificate to be:
www.mydomainname.com (I changed the domain as you can tell.)
I setup Apache and it is working. So when I type https://www.mydomainname.com
it all works.
HOWEVER:
When I type http://www.mydomainname.com
I get this error from Apache:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
I was hoping I could type
http://www.mydomainname.com
for HTTP requests
and
https://www.mydomainname.com
when I want secure requests.
What have I done wrong?
Here is my Apache configuration:
Under sites-enabled (I am using Ubuntu's Apache setup)
I have file called ssl
<IfModule mod_ssl.c>;
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/www.mydomainname.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/www.mydomainname.com.key
</IfModule>
and another called webapp
:
<IfModule mod_proxy_ajp.c>
ProxyRequests On
ProxyVia On
<Location />
Order allow,deny
Allow from all
AuthType Basic
AuthName "Restricted area"
AuthUserFile /etc/apache2/passwd/access
Require valid-user
ProxyPass ajp://localhost:9999/
ProxyPassReverse ajp://localhost:9999/
</Location>
<Location /uploader>
Order allow,deny
Satisfy Any
Allow from all
ProxyPass ajp://localhost:9999/uploader
ProxyPassReverse ajp://localhost:9999/uploader
</Location>
</IfModule>
Check your Apache configuration to make sure you're listening on port 80 for HTTP and port 443 for HTTPS.
In your
/etc/httpd/conf/httpd.conf
, you should have "Listen 80". You should also have an/etc/httpd/conf.d/ssl.conf
file (probably) with "Listen 443" specified in it.You need virtual hosts configured, one for *:80 and one for *:443. The *:443 needs to have the SSL specification in it, the *:80 should not have the SSL stuff in it.
You did not buy the wrong SSL certification.
You actually need to configuer 2 VHosts, the SSL VHost and the non-SSL VHost differ only by the SSL part you actually place in the VHost since you could have a multitude of SSL VHosts (listening on different ports) it doesn't actually make sense to provide this in a server wide context which I think is what you are doing.
OK, I fixed it. I got mixed up with not having
Virtualhost
earlier. This is the end configuration:ssl configuration is:
Webapp configuration is:
If you TRULY bought the wrong cert and its not just a configuration issue then the best plan is usually to cancel/revoke your certificate and have it reissued.
Most CA's have a policy that they will do this for free for a certain period of time (ie 1 week).
Hope this helps.