"Server should be SSL-aware but has no certificate configured"

Question

Ubuntu 14.04 Apache 2.4.7 w/mod_ssl

I'm trying to install a (single) domain certificate. For some reason, apache does not accept it and refuses to start if the related website is enabled. Despite heavy googling, I can't make sense of the error messages. Why does it says that there are no certificate configured? It's set in the virtualhost, and it points to the crt file in the right location.

Error_log

[Tue May 19 18:11:08.123857 2015] [ssl:emerg] [pid 10040:tid 140146576725888] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
[Tue May 19 18:11:08.123894 2015] [ssl:emerg] [pid 10040:tid 140146576725888] AH02312: Fatal error initialising mod_ssl, exiting.

What I have tried:

• doublechecked virtualhost syntax and path to certificate and key
• doublechecked certificate are chmoded 644 and key is chmoded 600
• doublechecked certificate is valid. Redownloaded from my provider. Opened it in editor

Here is the virtualhost

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName www.domain.tld
        RedirectMatch (.*) https://domain.tld$1
    </VirtualHost>

    <VirtualHost _default_:443>
        ServerAdmin admin@localhost
        ServerName domain.tld
        DocumentRoot /home/user/www/domain.tld/public

        # SSL CERTIFICATES

        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/domain.tld.crt
        SSLCertificateKeyFile /etc/ssl/private/domain.tld.key
        SSLCertificateChainFile /etc/ssl/certs/GandiStandardSSLCA2.pem
        SSLVerifyClient None
        # SSLProtocol all -SSLv2 -SSLv3

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown


        <Directory /home/user/www/domain.tld/public>
            Require all granted
        </Directory>

        LogLevel error
        ErrorLog ${APACHE_LOG_DIR}/user-eu-error.log
        CustomLog ${APACHE_LOG_DIR}/user-eu-access.log combined

        ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/home/user/www/domain.tld/public/$1

        ErrorDocument 404 /missing.php

        # Mod_status
        <location /server-status> 
            SetHandler server-status 
            Order Allow,Deny
            Allow from all
        </location>
    </VirtualHost>
</IfModule>

Any suggestion as to what could be wrong?

Answer 1

I think eltrai is on the right path but I would remove the first <VirtualHost> block and use ServerAlias in the second

<VirtualHost _default_:443>
    ServerAdmin admin@localhost
    ServerName domain.tld
    ServerAlias www.domain.tld

You can add your RedirectMatch later in that same block to redirect from www to non.

Answer 2

One more thing to check that wasn't mentioned in the previous answers.

If you have "SSLEngine on" anywhere in your global config (basically anywhere outside of the VirtualHost and similar blocks) and you do not have a SSLCertificateFile directive also defined globally, apache will choke on this before it even gets to the virtual host and you will get this error.

The error message is actually correct, but doesn't mention WHICH server has no certificate.

Answer 3

Your first virtualhost (for the www.domain.tld) does not have SSL enabled, even though it's on port 443.

You need to add SSLEngine, SSLCertificateFile, ... as in the second one, otherwise no https access will be possible for www.domain.tld.

I'm not too sure it should cause a flat refusal to start, however...