# apache2 update ssl not working [solved]

## carpman

Hello, ok updated apache2 over weekend and having issues as so many changes to config files.

Have got it working as non ssl but when trying as ssl i get 'unable to connect' message?

/etc/conf.d/apache

```

APACHE2_OPTS="-D DEFAULT_VHOST -D SSL_DEFAULT_VHOST -D PHP5"

```

grep -v "#" /etc/apache2/vhosts.d/00_default_vhost.conf

```

<IfDefine DEFAULT_VHOST>

Listen 80

NameVirtualHost *:80

<VirtualHost *:80>

        <IfModule mpm_peruser_module>

                ServerEnvironment apache apache

        </IfModule>

</VirtualHost>

 <VirtualHost 192.168.1.3:80>

        ServerName mydomain.co.uk

        DocumentRoot /var/www/localhost/htdocs

        <Directory "/var/www/localhost/htdocs">

          Options MultiViews Indexes Includes FollowSymLinks

          AllowOverride All

          Order allow,deny

          Allow from all

        </Directory>

</VirtualHost>

</IfDefine>

```

grep -v "#" /etc/apache2/httpd.conf

```

ServerRoot "/usr/lib/apache2"

LoadModule actions_module modules/mod_actions.so

LoadModule alias_module modules/mod_alias.so

LoadModule auth_basic_module modules/mod_auth_basic.so

LoadModule auth_digest_module modules/mod_auth_digest.so

LoadModule authn_anon_module modules/mod_authn_anon.so

LoadModule authn_dbd_module modules/mod_authn_dbd.so

LoadModule authn_dbm_module modules/mod_authn_dbm.so

LoadModule authn_default_module modules/mod_authn_default.so

LoadModule authn_file_module modules/mod_authn_file.so

LoadModule authz_dbm_module modules/mod_authz_dbm.so

LoadModule authz_default_module modules/mod_authz_default.so

LoadModule authz_groupfile_module modules/mod_authz_groupfile.so

LoadModule authz_host_module modules/mod_authz_host.so

LoadModule authz_owner_module modules/mod_authz_owner.so

LoadModule authz_user_module modules/mod_authz_user.so

LoadModule autoindex_module modules/mod_autoindex.so

<IfDefine CACHE>

LoadModule cache_module modules/mod_cache.so

</IfDefine>

LoadModule cgi_module modules/mod_cgi.so

<IfDefine DAV>

LoadModule dav_module modules/mod_dav.so

</IfDefine>

<IfDefine DAV>

LoadModule dav_fs_module modules/mod_dav_fs.so

</IfDefine>

<IfDefine DAV>

LoadModule dav_lock_module modules/mod_dav_lock.so

</IfDefine>

LoadModule dbd_module modules/mod_dbd.so

LoadModule deflate_module modules/mod_deflate.so

LoadModule dir_module modules/mod_dir.so

<IfDefine CACHE>

LoadModule disk_cache_module modules/mod_disk_cache.so

</IfDefine>

LoadModule env_module modules/mod_env.so

LoadModule expires_module modules/mod_expires.so

LoadModule ext_filter_module modules/mod_ext_filter.so

<IfDefine CACHE>

LoadModule file_cache_module modules/mod_file_cache.so

</IfDefine>

LoadModule filter_module modules/mod_filter.so

LoadModule headers_module modules/mod_headers.so

LoadModule ident_module modules/mod_ident.so

LoadModule imagemap_module modules/mod_imagemap.so

LoadModule include_module modules/mod_include.so

<IfDefine INFO>

LoadModule info_module modules/mod_info.so

</IfDefine>

LoadModule log_config_module modules/mod_log_config.so

LoadModule logio_module modules/mod_logio.so

<IfDefine CACHE>

LoadModule mem_cache_module modules/mod_mem_cache.so

</IfDefine>

LoadModule mime_module modules/mod_mime.so

LoadModule mime_magic_module modules/mod_mime_magic.so

LoadModule negotiation_module modules/mod_negotiation.so

<IfDefine PROXY>

LoadModule proxy_module modules/mod_proxy.so

</IfDefine>

<IfDefine PROXY>

LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

</IfDefine>

<IfDefine PROXY>

LoadModule proxy_balancer_module modules/mod_proxy_balancer.so

</IfDefine>

<IfDefine PROXY>

LoadModule proxy_connect_module modules/mod_proxy_connect.so

</IfDefine>

<IfDefine PROXY>

LoadModule proxy_http_module modules/mod_proxy_http.so

</IfDefine>

LoadModule rewrite_module modules/mod_rewrite.so

LoadModule setenvif_module modules/mod_setenvif.so

LoadModule speling_module modules/mod_speling.so

<IfDefine SSL>

LoadModule ssl_module modules/mod_ssl.so

</IfDefine>

<IfDefine INFO>

LoadModule status_module modules/mod_status.so

</IfDefine>

<IfDefine SUEXEC>

LoadModule suexec_module modules/mod_suexec.so

</IfDefine>

LoadModule unique_id_module modules/mod_unique_id.so

<IfDefine USERDIR>

LoadModule userdir_module modules/mod_userdir.so

</IfDefine>

LoadModule usertrack_module modules/mod_usertrack.so

LoadModule vhost_alias_module modules/mod_vhost_alias.so

User apache

Group apache

Include /etc/apache2/modules.d/*.conf

Include /etc/apache2/vhosts.d/*.conf

```

grep -v "#" /etc/apache2/vhosts.d/00_default_ssl_vhost.conf

```

<IfDefine SSL>

<IfDefine SSL_DEFAULT_VHOST>

<IfModule ssl_module>

Listen 443

<VirtualHost _default_:443>

        Include /etc/apache2/vhosts.d/default_vhost.include

        ErrorLog /var/logs/ssl_error_log

        <IfModule log_config_module>

                TransferLog /var/log/apache2/ssl_access_log

        </IfModule>

        SSLEngine on

        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile /etc/apache2/ssl/new.cert.cert

        SSLCertificateKeyFile /etc/apache2/ssl/new.cert.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">

                SSLOptions +StdEnvVars

        </FilesMatch>

        <Directory "/var/www/localhost/cgi-bin">

                SSLOptions +StdEnvVars

        </Directory>

        <IfModule setenvif_module>

                BrowserMatch ".*MSIE.*" \

                        nokeepalive ssl-unclean-shutdown \

                        downgrade-1.0 force-response-1.0

        </IfModule>

        <IfModule log_config_module>

                CustomLog /var/log/apache2/ssl_request_log \

                        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

        </IfModule>

</VirtualHost>

</IfModule>

</IfDefine>

</IfDefine>

```

logs show no ssl errors?

any ideas what is amiss, worked fine before update!!

many thanks

----------

## RayDude

```
APACHE2_OPTS="-D DEFAULT_VHOST -D SSL_DEFAULT_VHOST -D PHP5" 
```

Shouldn't this read:

```
APACHE2_OPTS="-D SSL -D DEFAULT_VHOST -D SSL_DEFAULT_VHOST -D PHP5"
```

Raydude

----------

## jexxie

I would agree with RayDude, you need '-D SSL' in the /etc/conf.d/apache2 file to have Apache start it up for domains beyond the default localhost vhost.

Cheers.

----------

## carpman

thanks for replies but still the same problem even with -D SSL ?

----------

## RayDude

 *carpman wrote:*   

> thanks for replies but still the same problem even with -D SSL ?

 

Did you restart apache with:

```
/etc/init.d/apache2 stop

/etc/init.d/apache2 start
```

I don't think restart or reload will work here. restart might but I wouldn't risk it.

Do you have ssl installed?

Have you run revdep-rebuild to insure all libraries are up to date?

When you start apache it should tell you that ssl is initializing in the apache log, is it?

If not what's the error message?

Raydude

----------

## carpman

 *RayDude wrote:*   

>  *carpman wrote:*   thanks for replies but still the same problem even with -D SSL ? 
> 
> Did you restart apache with:
> 
> ```
> ...

 

Yep yep yep and no

Things were working fine until update and config changes, there are no error messages but apache error logs show following on restart:

```

/var/log/apache2/error_log:[Wed Oct 31 17:03:24 2007] [notice] Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.8f configured -- resuming normal operations

```

----------

## RayDude

Okay lets step back a bit.

How do you know ssl isn't working?

What address are you hitting? http://...

What does your vhost look like for your ssl website?

Raydude

----------

## carpman

 *RayDude wrote:*   

> Okay lets step back a bit.
> 
> How do you know ssl isn't working?
> 
> What address are you hitting? http://...
> ...

 

Hello and thanks for reply, i am using https://site here

Look at first post for vhost config.

----------

## kpswalin

I am having the exact same issue. I upgraded Apache and it required several config changes to the vhosts for the HTTP sites I host, which are all now working. HTTPS however is not functioning. I appear to get in the site but get the following error in my browser:

```
Forbidden

You don't have permission to access /"Directory Name" on this server.

Apache Server at "FQDN" Port 443
```

I have verified that the permissions have not changed during the upgrade and the site was functional prior to the upgrade.

I am guessing it has something to do with the default vhost for SSL.

Here are my results for the vhosts:

grep -v "#" /etc/apache2/vhosts.d/00_default_vhost.conf 

```
NameVirtualHost *:80

<IfDefine DEFAULT_VHOST>

<VirtualHost *:80>

    DocumentRoot "/var/www"

    <Directory "/var/www">

        Options Indexes FollowSymLinks

        AllowOverride All

        Order allow,deny

        Allow from all

    </Directory>

    <IfModule peruser.c>

        ServerEnvironment apache apache

        MinSpareProcessors 4

        MaxProcessors 20

    </IfModule>

    <IfModule itk.c>

        AssignUserID apache apache

        MaxClientsVHost 50

    </IfModule>

</VirtualHost>

</IfDefine>

```

grep -v "#" /etc/apache2/modules.d/41_mod_ssl.default-vhost.conf

```
<IfDefine SSL>

  <IfDefine SSL_DEFAULT_VHOST>

<IfModule mod_ssl.c>

<VirtualHost _default_:443>

DocumentRoot "/var/www/localhost/htdocs"

ServerName "FQDN"

ServerAdmin webmaster@"Domain Name"

ErrorLog logs/ssl_error_log

<IfModule mod_log_config.c>

        TransferLog logs/ssl_access_log

</IfModule>

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /etc/apache2/ssl/new.cert.cert

SSLCertificateKeyFile /etc/apache2/ssl/new.cert.key

<Files ~ "\.(cgi|shtml|phtml|php?)$">

    SSLOptions +StdEnvVars

</Files>

<Directory "/var/www/localhost/cgi-bin">

    SSLOptions +StdEnvVars

</Directory>

<IfModule mod_setenvif.c>

    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \

    downgrade-1.0 force-response-1.0

</IfModule>

<IfModule mod_log_config.c>

CustomLog logs/ssl_request_log \

          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</IfModule>

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteOptions inherit

</IfModule>

</VirtualHost>

</IfModule>

  </IfDefine>

</IfDefine>

```

[/list][/post]Last edited by kpswalin on Thu Nov 01, 2007 4:05 am; edited 1 time in total

----------

## bunder

-D SSL before -D SSL_DEFAULT_VHOST   :Wink: 

cheers

----------

## kpswalin

In my case "-D SSL" is before "-D SSL_DEFAULT_VHOST" and the problem still exists.

/etc/conf.d/apache2

```
APACHE2_OPTS="-D DEFAULT_VHOST -D PHP5 -D SSL -D SSL_DEFAULT_VHOST"
```

----------

## carpman

 *bunder wrote:*   

> -D SSL before -D SSL_DEFAULT_VHOST  
> 
> cheers

 

Happy now, that worked for apache, have following in 

/etc/conf.d/apache2

```

APACHE2_OPTS="-D DEFAULT_VHOST -D SSL -D SSL_DEFAULT_VHOST -D PHP5"

```

The above works fine.

Should note that i did have -D SSL before SSL_DEFAULT_VHOST but also in front of DEFAULT_VHOST like this:

```

APACHE2_OPTS=" -D SSL -D DEFAULT_VHOST -D SSL_DEFAULT_VHOST -D PHP5"

```

This did not work.

cheers

----------

## kpswalin

I realized as I continued to work this issue that my Directory settings in the 41_mod_ssl.default-vhost.conf were gone after the upgrade. I added the following and all is well.

```
   <Directory "/var/www/localhosts/htdocs">

        Options Indexes FollowSymLinks

        AllowOverride All

        Order allow,deny

        Allow from all

    </Directory> 
```

Last edited by kpswalin on Thu Nov 01, 2007 6:31 pm; edited 1 time in total

----------

## RayDude

Glad you guys got it all working.

OP can you please put [solved] in the subject?

Thanks,

Raydude

----------

