Home / server / Questions / 980609
Accepted
Michael restore Monica Cellio
Asked: 2019-08-26 02:21:45 +0800 CST

Apache2 SSL HTTPS not working despite my following the guides

  • 772

I'm trying to configure https support for Apache2 running in an Ubuntu instance in AWS. I've enabled SSL support in /etc/apache2/sites-enabled/default-ssl.conf:

# grep -v '^[   ]*#' /etc/apache2/sites-enabled/default-ssl.conf | grep -v '^$'
<VirtualHost *:443>
    ServerName miit.co
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    SSLEngine on
    SSLCertificateFile      /etc/ssl/certs/miit_co.crt
    SSLCertificateKeyFile /etc/ssl/private/miit-co.key
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
            SSLOptions +StdEnvVars
    </Directory>
</VirtualHost>

and the configuration as a whole is valid:

# apachectl configtest
Syntax OK

The file /etc/ssl/private/miit-co.key is a "PEM RSA private key" which I generated (can't remember how exactly now) and /etc/ssl/certs/miit_co.crt is one of two files I received back from my non-technical boss, the other being miit_co.pem which I don't know what do with. I also have a csr.pem (PEM certificate request) which I generated and sent to my boss. I did not send him the private key file. Maybe I have to do something with that miit_co.pem file.

When I start Apache (systemctl start apache2) there is nothing in /var/log/apache2/{error,access}.log to indicate that Apache2 is not running normally. However, https://www.digicert.com/help/ when given our site name (miit.co) just spins and spins. I wonder if there is something other than Apache stopping https access, since http://miit.co works as expected (it redirects in fact but that's not relevant here) but https://miit.co just times out. ufw status replies disabled.

/etc/apache2/mods-enabled includes ssl.{conf,load}.

If I try curl on the local machine, it indicates that Apache is being reached by https requests:

# curl https://localhost
curl: (51) SSL: certificate subject name (miit.co) does not match target host name 'localhost'
# curl https://miit.co/michael
(hangs)

Any suggestions as to why https: access just hangs?

ubuntu

1 Answers

  1. Best Answer

    Since you tagged your post with aws-services, I assume your running ubuntu on an AWS EC2 instance. If so, the problem is likely with the security group associated with the instance. I recommend reviewing the EC2 instance's security group and adding a rule to allow inbound HTTPS from everywhere.

    • 1