0

OS: Ubuntu Server 20.40.
WebServer: Apache2
SSL: OpenSSL

SSL Module enabled
SSL files copied on server
SSL site configurated (above the code)
Apache Syntax: OK
Firewall: disabled

HTTP request works
HTTPS request do not works (timeout)

I'm missing some steps or what?
Can You help me please?

<VirtualHost *:80>

        ServerName [server name]
        ServerAlias [server alias with 'www' prefix]
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/[website path]/public_html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

<VirtualHost _default_:443>

        ServerName [same server name]
        ServerAlias [same server alias]
        ServerAdmin webmaster@localhost
        DocumentRoot [same root]
        SSLEngine on
        SSLCertificateFile /ssl/website_cert.crt
        SSLCertificateKeyFile /ssl/myserver.key

</VirtualHost>
Katalux
  • 1
  • 1
  • Is the path *really* `/ssl/website_cert.crt`? Does `error.log` show anything? Does `curl https://localhost` work? – vidarlo Jun 29 '22 at 21:20
  • *"... (timeout) ..."* - there is likely a firewall in between so that the connection attempt does not even reach the server - i.e. the problem is outside of the configuration you show. In many environments such firewall exists and is enabled by default, so you need to let the traffic pass through the firewall first. – Steffen Ullrich Jun 29 '22 at 21:24
  • What does `apachectl configtest` say? – Ace Jun 29 '22 at 21:28
  • @vidarlo the path is right. error.log of today: `[Thu Jun 30 07:47:10.497233 2022] [mpm_prefork:notice] [pid 2301] AH00169: caught SIGTERM, shutting down [Thu Jun 30 07:47:15.358462 2022] [mpm_prefork:notice] [pid 32541] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1f configured -- resuming normal operations [Thu Jun 30 07:47:15.358505 2022] [core:notice] [pid 32541] AH00094: Command line: '/usr/sbin/apache2'` culr htts://localhost `curl: (60) SSL certificate problem: unable to get local issuer certificate` Curl from external: `Failed to connect to port 443 after 21050 ms: Timed out` – Katalux Jun 30 '22 at 07:54
  • @Ace this command returns: `Syntax OK` – Katalux Jun 30 '22 at 08:00
  • @SteffenUllrich same unworking result whether ufw is enabled or disabled – Katalux Jun 30 '22 at 08:04
  • @Katalux: I have no idea about your infrastructure and if ufw is the only component there which can block access. In cloud environments there are often additional firewalls in the infrastructure which need to be explicitly configured to allow access. – Steffen Ullrich Jun 30 '22 at 08:29
  • Ah there might be an issue with the certificate. Check it `openssl x509 -in certificate.crt -text -noout` Also check the private key: `openssl rsa -in privateKey.key -check` And check using `openssl s_client -connect www.url.com:443` – Ace Jul 01 '22 at 20:41
  • And install the root/intermediate chains: `apt-get install ca-certificates` – Ace Jul 01 '22 at 20:43

1 Answers1

0

I think your 443 virtualhost is incorrect, try this

<VirtualHost *:443>

        ServerName [same server name]
        ServerAlias [same server alias]
        ServerAdmin webmaster@localhost
        DocumentRoot [same root]
        SSLEngine on
        SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
        SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
        SSLHonorCipherOrder On  
        SSLCertificateFile /ssl/website_cert.crt
        SSLCertificateKeyFile /ssl/myserver.key
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
      
</VirtualHost>
Ace
  • 478
  • 1
  • 6
  • i tried your suggestion but it's not working. – Katalux Jun 30 '22 at 07:52
  • What do the logs say sudo tail -f /var/log/apache2/error . Is this 443 port listening : `netstat -pant | grep httpd`. Have you restarted apache? – Ace Jul 01 '22 at 20:32
  • Is SSL and rewrite enabled? `sudo a2enmod ssl & sudo a2enmod rewrite` – Ace Jul 01 '22 at 20:39