2

I'm trying to install SSL certificates on my Google Compute Engine server where I have a LAMP stack installed.

I have enabled tcp traffic on port 443 for https. I have enabled HTTPS on the instance controls.

I have modified /etc/apache2/sites-enabled/lamp-server.conf as follows:

<VirtualHost *:80>
  ServerAdmin webmaster@localhost
  DocumentRoot /var/www/html
  <Directory />
    Options FollowSymLinks
    AllowOverride None
  </Directory>
  <Directory /var/www/html/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
  </Directory>
  ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
  <Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
  </Directory>
  ErrorLog ${APACHE_LOG_DIR}/error.log
  # Possible values include: debug, info, notice, warn, error, crit,
  # alert, emerg.
  LogLevel warn
  CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost MYINSTANCESTATICIP:443>
ServerAdmin webmaster@localhost

DocumentRoot /var/www/html
ServerName www.MYDOMAIN.com
SSLEngine on
SSLCertificateFile /var/www/ssl/SSLCertificateFile.crt
SSLCertificateKeyFile /var/www/ssl/SSLCertificateKeyFile.key
SSLCertificateChainFile /var/www/ssl/SSLCertificateChainFile.crt
</VirtualHost>
</IfModule>

Why is this not working? It should work....

Amy Neville
  • 10,067
  • 13
  • 58
  • 94
  • 2
    Please explain what "not working" looks like. Also look in your ErrorLog file: `${APACHE_LOG_DIR}/error.log` for clues. – John Hascall Jan 20 '16 at 14:54
  • I visit the page with http and it works. I visit the page with https and I get ERR_CONNECTION_REFUSED – Amy Neville Jan 20 '16 at 14:55
  • [Wed Jan 20 06:33:46.667547 2016] [mpm_prefork:notice] [pid 950] AH00163: Apache/2.4.10 (Debian) configured -- resuming normal operations – Amy Neville Jan 20 '16 at 14:58
  • 1
    I see `` but I see no `LoadModule ssl_module /some/path/mod_ssl.so` – John Hascall Jan 20 '16 at 14:58
  • I added that tag because when I just had it stopped all access from working on both http and https – Amy Neville Jan 20 '16 at 14:59
  • By the way, I've contacted the certificate authority and they say all my certificates check out and are fine... – Amy Neville Jan 20 '16 at 15:01
  • 1
    Pretty sure you need to load the SSL module. Can you do `apachectl -t -D DUMP_MODULES` and look for `ssl_module` in the output? – John Hascall Jan 20 '16 at 15:36
  • I entered that in SSH and got this "-bash: apachectl: command not found" – Amy Neville Jan 20 '16 at 15:39
  • The command may be located in a directory not on your normal "PATH" for locating commands. See if `locate apachectl` can find the full command path for you to use. BTW, you may find several of the pages here http://httpd.apache.org/docs/current/ under the "Users Guide" heading quite helpful as you setup your web server. – John Hascall Jan 20 '16 at 17:17
  • I posted a more detailed answer in this thread: http://stackoverflow.com/questions/34963308/how-to-install-ssl-on-gce-wordpress-apache/ – Kamran Jan 23 '16 at 23:19

1 Answers1

0

You can use sudo apachectl configtest to see configuration errors.

Your configuration file looks good. Try these steps:

  1. Run sudo a2enmod ssl command to enable Apache's SSL mod.
  2. Restart the Apache service: sudo service apache2 restart
  3. Using Developers Console, go to Compute Engine -> VM instances click on your LAMP VM and make sure the VM instance is tagged by both http-server and https-server which are target tags for tcp:80 and tcp:443 GCE firewall rules.
Kamran
  • 3,397
  • 26
  • 40
  • 1
    I posted a more detailed answer in this thread: http://stackoverflow.com/questions/34963308/how-to-install-ssl-on-gce-wordpress-apache/ – Kamran Jan 23 '16 at 23:19