I am struggeling with Apache for a week now...
My Owncloud-Server is a virtual Debian 8 running inside VirtualBox on a physical Debian 7 (Openmediavault). Port forwarding and DynDNS are working great but I struggle with the SSL setup. So far I created a pair of private key and CSR, copied that CSR to Godaddy and downloaded the new certificate with the according cert_bundle. I enabled SSL and added the certificate and key paths to the default-ssl.conf in /sites-availabe. Until this point the apache default site was available on port 80. After reloading apache it fails to start and everything is broken. I tried this several times thanks to the snapshot I created before messing with the SSL settings. Could you please help me? I think there is the one thing that I'm missing but can't figure out what it is.
One more info: I downloaded the two crt-files to my windows machine and just copied the texts from notepad++ to nano (same file names). Was that a bad idea?
Please tell me which further information you need and I will answer immediately.
Thank you so much
- friede
sites-enabled folder:
- Code: Select all
root@Owncloud-Server:/etc/apache2/sites-enabled# ls
000-default.conf default-ssl.conf
default-ssl.conf:
- Code: Select all
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/1efc5505ee0e9b3.crt
SSLCertificateKeyFile /etc/ssl/private/XXXXXX.ddnss.de.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
SSLCACertificateFile /etc/ssl/certs/gd_bundle-g2-g1.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
...
Apache error.log
- Code: Select all
[Sun Nov 22 09:40:07.604521 2015] [ssl:emerg] [pid 14986] AH01895: Unable to configure verify locations for client authentication
[Sun Nov 22 09:40:07.604641 2015] [ssl:emerg] [pid 14986] SSL Library Error: error:0906D066:PEM routines:PEM_read_bio:bad end line
[Sun Nov 22 09:40:07.604665 2015] [ssl:emerg] [pid 14986] SSL Library Error: error:0B084009:x509 certificate routines:X509_load_cert_crl_file:PEM lib
[Sun Nov 22 09:40:07.604678 2015] [ssl:emerg] [pid 14986] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed