Well I must be missing something because every time I try and restart apache it returns with [fail] but it doesn't tell me what the error was. I've checked and rechecked my file paths to the various SSL files, but I'm stumped. I'm still very new to server administration and this is the first time I've tried getting a commercial SSL certificate to work. I have two other sites enabled using self-signed certificates and they seem to work just fine. Any idea where I've gone wrong with this commercial certificate? It's from Comodo if that makes any difference.
My server
Ubuntu 10.04 with Apache 2
What seems like relevant info from my /var/log/apache2/error.log
Code:
[error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] (/etc/apache2/sites-enabled/domain.com:60)
[warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
My /etc/apache2/ports.confCode:
NameVirtualHost xxx.xxx.xxx.xxx:443
NameVirtualHost xxx.xxx.xxx.xxx:80
Listen 80
<IfModule mod_ssl.c>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
My /etc/apache2/sites-available/mydomain.comCode:
<VirtualHost xxx.xxx.xxx.xxx:80>
ServerAdmin webmaster@localhost
ServerName www.domain.com
ServerAlias domain.com
DocumentRoot /var/www/domain.com/public
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/domain.com/public>
Options -Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from All
</Directory>
<Directory /usr/share/phpmyadmin>
Options -Indexes FollowSymLinks MultiViews
AllowOverride None
Order deny,allow
Deny from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</IfModule>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost xxx.xxx.xxx.xxx:443>
ServerAdmin webmaster@localhost
ServerName www.domain.com
ServerAlias domain.com
DocumentRoot /var/www/domain.com/public/ssl
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/domain.com/public/ssl>
Options -Indexes FollowSymLinks MultiViews
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory /usr/share/phpmyadmin>
Options -Indexes FollowSymLinks MultiViews
AllowOverride None
Order deny,allow
Deny from all
Allow from XXX.XXX.XXX.XXX
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# Server Certificate Chain:
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
SSLCertificateChainFile /etc/ssl/localcerts/ssl.domain.com/www.domain.ca-bundle
# Certificate Authority (CA):
#SSLCACertificatePath /etc/ssl/certs/
SSLCACertificatePath /etc/ssl/localcerts/ssl.domain.com
SSLCACertificateFile /etc/ssl/localcerts/ssl.domain.com/www.domain.com.crt
SSLCACertificateFile /etc/ssl/localcerts/ssl.domain.com/www.domain.com.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>