Home / server / Questions / 588535
Accepted
Don Rhummy
Asked: 2014-04-12 16:04:48 +0800 CST

How add SSL/443 to Apache server without virtual host?

  • 772

I have an apache server set up on CentOS. I am trying to add SSL. I was able to create the certificate and keys and then updated /etc/httpd/conf.d/ssl.conf to have the following configurations:

/etc/httpd/conf.d/ssl.conf

#Where I put my cert
SSLCertificateFile /etc/pki/tls/certs/ca.crt

#where I put my key
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Then I updated /etc/httpd/conf/httpd.conf:

/etc/httpd/conf/httpd.conf

Listen 443
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Then I ran service httpd restart and I get the error:

Stopping httpd:          [OK]
Starting httpd:          (98)Address already in use: make_sock: could not bind to address [::]:443
                         [OK]

What do I need to do to enable SSL?

apache-2.2

3 Answers

  1. Best Answer

    By default, in CentOS, there is a file used by Apache/httpd located at /etc/httpd/conf.d/ssl.conf. This file is read in as a configuration by Apache along with the "httpd.conf" file and anything in it takes precedence over settings in httpd.conf.

    That file (again by default) contains a Listen 443 directive. You cannot call that directive twice (as it will say it's already been bound to that port), so that caused the conflict. After removing that, it works.

    • 7

  2. In case anybody stumbles over this question in 2017...

    There is no need to edit httpd.conf since ssl.conf contains all the directives we need:

    # When we also provide SSL we have to listen to the 
# the HTTPS port in addition.
#
Listen 443 https

    ...

    #   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

    And of course the paths to the certs:

    SSLCertificateFile /etc/pki/tls/certs/<mycert>.crt

SSLCertificateKeyFile /etc/pki/tls/private/<mykey>.key

    In other words, it is enough to add the information in ssl.conf and the restart the httpd service. Of course, this only works if this (the last) line:

    # Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf

    ...is uncommented as per above in the file httpd.conf, which it is in a default installation.

    System info:

    cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.3 (Maipo)
    • 1

  3. On Debian bases Systems or usually on generally other

    Create

    • /etc/apache2/conf-available/default-ssl.conf

      <IfModule mod_ssl.c>
              SSLEngine on
              SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
              SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
              Listen 443

</IfModule>

    This Works out of the Box, in case you want to use the default page i.e. for Reverse-Proxy with NGINX or Other.

    Its not limited to a VHOST.

    Additional Information

    It will not Produce an error due the fact, it only works when Mod-SSL is enabled.

    bash:# a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
  systemctl restart apache2

    Remind to restart Apache

    Bash:# lsof -i :443
COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
apache2 1337       root    6u  IPv6 488893      0t0  TCP *:443 (LISTEN)
apache2 13337  www-data    6u  IPv6 488893      0t0  TCP *:443 (LISTEN)
apache2 133337 www-data    6u  IPv4 488893      0t0  TCP *:443 (LISTEN)

    This works for me since ages.

    • 0