httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "@lbutlr" <krem...@kreme.com>
Subject [users@httpd] Setting up Apache 2.4 with Letsencrypt
Date Tue, 13 Feb 2018 04:54:11 GMT
I have dehydrate properly renewing certs from Let's Encrypt (which I am using successfully
for mail authentication) and I ma trying to get them working for Apache 2.4, but no luck so
far.

I created aliases in /usr/local/etc/apache24/ pointing to the files in /usr/local/etc/dehydrated/certs/domain.tld/fullchain.pem
and privkey.pem

in httpd.conf I have:

LoadModule ssl_module libexec/apache24/mod_ssl.so

Include etc/apache24/extra/httpd-ssl.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

 /etc/httpd/extra//httpd-ssl.conf:
Listen 443
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLPassPhraseDialog  builtin
SSLSessionCache         "dbm:/var/run/ssl_scache"
SSLSessionCacheTimeout  300

<VirtualHost _default_:443>
  DocumentRoot "/usr/local/www/roundcube"
  ServerName www.covisp.net:443
  ServerAdmin admin@covisp.net
  ErrorLog "/var/log/httpd-error.log"
  TransferLog "/var/log/httpd-access.log"
  SSLEngine on
  SSLCertificateFile "/usr/local/etc/apache24/ssl.pem"
  SSLCertificateKeyFile "/usr/local/etc/apache24/ssl.key"
  <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
  </FilesMatch>
  <Directory "/usr/local/www/apache24/cgi-bin">
    SSLOptions +StdEnvVars
  </Directory>
  CustomLog "/var/log/httpd-ssl_request.log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>    

 # apachectl -S shows at the end:
*:443                  is a NameVirtualHost
         default server www.covisp.net (/usr/local/etc/apache24/extra/httpd-vhosts.conf:32)
         port 443 namevhost www.covisp.net (/usr/local/etc/apache24/extra/httpd-vhosts.conf:32)
                 alias covisp.net
                 alias mail.covisp.net
                 alias webmail.covisp.net
         port 443 namevhost www.covisp.net (/usr/local/etc/apache24/extra/httpd-ssl.conf:83)

But I just get a failed to load error and I don't see anything helpful in the logs.

I tried removing the links in the apache24 folder and copying the .pem files (privkey.pem
to ssl.key), but still get an unable to establish secure connection error.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message