On Ubuntu 10.04

• Got SSL for domain name.
• Install failed.
• On phone for over an hour with SSL supplier, using "view my screen" so we could see the same thing.
• According to him, our system was never configured to run SSL to begin with.

• httpd.conf is empty
• no ssl.conf exists
• ports.conf referenced in help page Only has this:

The certs all in place, and tried referencing them as per the above help page, as well as using the httpd.conf that the SSL provider recommended. All efforts lead simply to a crashed site.

Lil' help?


-------EDIT-------
ADDED FROM POST BELOW SO IT"S NOT MISSED

Tried adding this to ports.conf already
<VirtualHost *.*.*.*:443>
ServerName http://www.*.com
SSLEngine On
SSLCertificateFile /etc/ssl/private/public.crt
SSLCertificateKeyFile /etc/ssl/private/our.key
SSLCACertificateFile /etc/ssl/private/intermediate.crt
</VirtualHost>

Site died a quick death.
-------/EDIT-------

via IRC:

_________________
うるさいうるさいうるさい！

Tried adding this to ports.conf already
<VirtualHost *.*.*.*:443>
ServerName http://www.*.com
SSLEngine On
SSLCertificateFile /etc/ssl/private/public.crt
SSLCertificateKeyFile /etc/ssl/private/our.key
SSLCACertificateFile /etc/ssl/private/intermediate.crt
</VirtualHost>

Site died a quick death.

Any particular errors in the logs?

Also, you probably want "ServerName www.example.com" there. And you probably don't want that in ports.conf, either.

_________________

/* TODO: need to add signature to posts */

The error logs don't seem to provide any help, other then PHP hits a fatal error (basically try/catch header("HTTP/1.0 404 Not Found");) just when going to the site on regular http. (This occurs after I add the VirtualHost argument. Otherwise, the site's up and running just fine.)


Already did the ServerName part if you see what I wrote above. Also tried listing it on the ports.conf and httpd.conf just in case.

Site still dies.

Don't redact your logs, your conf, or anything like that. You're making it an absolute pain to troubleshoot effectively.

_________________
うるさいうるさいうるさい！

Sorry, I'll try to give better info. Here's the error from the site.error.log:

[Mon Jun 18 01:44:53 2012] [error] [client *.*.*.*] PHP Fatal error: Uncaught exception 'Zend_Controller_Router_Exception' with message 'No route, document, custom route or redirect is matching the request: /favicon.ico' in /var/www/pimcore/lib/Pimcore.php:241\nStack trace:\n#0 /var/www/site.com/index.php(19): Pimcore::run()\n#1 {main}\n thrown in /var/www/pimcore/lib/Pimcore.php on line 241

Here's my ports.conf:
NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 443
</IfModule>

<IfModule mod_gnutls.c>
Listen 443
</IfModule>

And my httpd.conf is completely empty. Nothing in it.

httpd.conf, under ubuntu, is used for custom stuff. apache.conf (or is it apache2.conf?) contains the normal apache directives.

_________________
うるさいうるさいうるさい！

All I know is that the SSL company's install directions said to add the info to the http.conf, and Linodes docs says to use ports.conf. Tried both. Doesn't work. Are you saying I need to try to add it to apache2.conf instead?

Check to see if anything conflicts within apache.conf.

That error message though is interesting - it leads me to think that something is odd within your site's configuration, which may or may not be related. Try adding a favicon file for your site, at least, even if it's an empty icon file.

_________________
うるさいうるさいうるさい！

Doubt there's any real conflicts, as the site's been up for over a year. Only dies when trying to connect this SSL issue.


Tried adding favicon. Same thing. Death.

The bizarre thing is that the error logs say the same thing.

I'll be back in an hour.

Unfortunately my Ouija board is at the dry cleaners, and there's an injunction preventing me from playing 20 questions (long story), so good luck with getting people to guess at solving YOUR problem.

Here's a hint: Provide REAL DETAILS instead of all this ******** stealth crap.

_________________
Either provide enough details for people to help, or sit back and listen to the crickets chirp.
Security thru obscurity is a myth - and really really annoying.

My apologies, however I don't see what good knowing the IP or domain name would do in solving the issue. (Perhaps I'm just being too paranoid about getting hacked. Yes I keep things updated/upgraded, and have strong passwords, but...) If I'm not giving the correct information needed to help narrow down the problem let me know. I've been asked for the errors, conf files etc. and I gave those. Well, not the apache2.conf. However, that was never mentioned in any of the SSL install docs I've seen.

Yes, I'm inexperienced in Apache2 and inherited this funky site. So... What logs/conf/etc files have I not given yet that you folks will find useful in helping me?

Here's my entire ports.conf
--------
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 443
</IfModule>

<IfModule mod_gnutls.c>
Listen 443
</IfModule>
--------

And my entire httpd.conf
--------

--------
Like I said. Empty.

From /var/log/apache2/error.log
--------
[Mon Jun 18 04:02:25 2012] [notice] caught SIGTERM, shutting down
PHP Deprecated: Comments starting with '#' are deprecated in /etc/php5/apache2/conf.d/imagick.ini on line 1 in Unknown on line 0
PHP Deprecated: Comments starting with '#' are deprecated in /etc/php5/apache2/conf.d/mcrypt.ini on line 1 in Unknown on line 0
[Mon Jun 18 04:03:56 2012] [notice] Apache/2.2.14 (Ubuntu) PHP/5.3.2-1ubuntu4.15 with Suhosin-Patch configured -- resuming normal operations
--------
Which I believe is just the normal blah blah when I reboot.

What else can I show you that may help?

OK, so I don't think it's me. Been on tech support again w/ SSL provider and here's what occurred.

SSL Tech Support: Welcome to support, how can I help?
Me: Hello, I need SSL installation support from someone with good Apache2 knowledge.
Me: I've been dealing w/ support via chat and phone a few times, but there's obviously some issue buried deep that's preventing properinstaltion.
SSL Tech Support: what seems to be the issue your having?
Me: Added the *.crt files & *.key to the proper /etc/ssl/ folders, but when I add the <VirtualHost argument to either the httpd.conf or ports.cnf files, my site dies completely.
Me: removing the <VirtualHost lines of course brings my site back up.
SSL Tech Support: can you paste the virtualhost here please
Me: tried using both SSLCACertificateFile & SSLCertificateChainFile arguments. No good.
Me: <VirtualHost _default_:443>
ServerName site.com
SSLEngine On
SSLCertificateFile /etc/ssl/certs/public.crt
SSLCertificateKeyFile /etc/ssl/private/this.key
SSLCACertificateFile /etc/ssl/certs/intermediate.crt
</VirtualHost>
SSL Tech Support: can you paste the contents of public.crt 5 lines at a time in this window
Me: 1 sec.
[edited]
Me: done
SSL Tech Support: thanks
SSL Tech Support: checking the contents now
Me: ty
SSL Tech Support: can you check the apache log for any errors ?
Me: /var/log/apache2/error.log just shows this, which I beleive is from when I reboot the system.
Me: [Mon Jun 18 06:27:47 2012] [notice] caught SIGTERM, shutting down
PHP Deprecated: Comments starting with '#' are deprecated in /etc/php5/apache2/conf.d/imagick.ini on line 1 in Unknown on line 0
PHP Deprecated: Comments starting with '#' are deprecated in /etc/php5/apache2/conf.d/mcrypt.ini on line 1 in Unknown on line 0
[Mon Jun 18 06:31:35 2012] [notice] Apache/2.2.14 (Ubuntu) PHP/5.3.2-1ubuntu4.15 with Suhosin-Patch configured -- resuming no
Me: resuming normal operations
SSL Tech Support: this is not related to SSL though..
Me: nope
SSL Tech Support: can you enable the virtualhost then restart apache
SSL Tech Support: then check the error
Me: 1 sec.
Me: [Mon Jun 18 06:49:10 2012] [notice] caught SIGTERM, shutting down

Me: when I removed the virtualhost and reboot, I get the other 3 lines I already pasted.
Me: and the site is running fine in http mode.
SSL Tech Support: I think this is more of an apache system issue than an SSL issue
SSL Tech Support: your config is fine and this is not normal behavior for apache to shutdown unexpectedly without meaningful errors in the log
SSL Tech Support: even if the keys are invalid, apache should normally report it.. your not even getting that far.
SSL Tech Support: I would try re-installing the apache package
Me: Bit of a huge response. The site has been running for over a year and I don't like the idea of destroying it.
SSL Tech Support: well its been working fine in http mode, doesnt looking https is working though.
SSL Tech Support: we cant really troubleshoot this issue, only make recommendations.
Me: Besides, not sure if reinstalling apache is an option. It's kind of a pacage deal wit our hoster.
SSL Tech Support: but normally speaking even if the key files are corrupt, apache should say something.. it almost sounds like there are missing modules which is crashing apache..
SSL Tech Support: i understand.. you will definetly need to report this to the host.
SSL Tech Support: at least its in good hands for them to check for you.
Me: That was what another tech mentioned. He said it was like the htpS mod doesn't even exist. If not, how can I install that part?
Me: Sorry, Apache n00b that inherited a crazy system. Not the best situation, i understand, but have to do what I can here.
SSL Tech Support: yeah, understand that but leave that to your host to sort out.. we cant even advise on that, bit out of our scope too.
Me: K if you can't help, not sure what I can do. I knew it is an Apache issue. Just having trouble finding help.
SSL Tech Support: your host should be responsible
SSL Tech Support: not sure how you can reach them though
Me: However I understand you can't help. Thaks for your time.
SSL Tech Support: sorry I couldnt help any further
SSL Tech Support: good luck
SSL Tech Support: good day
Me: ty u2

Well, the good news is that you ARE your host, so you know how to reach them.

What does your site's configuration normally look like? You should have a file, /etc/apache2/sites-available/*.com, which contains its configuration. Also, what does 'apache2ctl -S' say?

_________________

/* TODO: need to add signature to posts */