Manual Apache setup

Hello,

I have my site locally and I am trying to configure https connection with full encryption from Cloudflare with that. I need to do it manually and I don’t know how I should modify my server

I am using a Centos 8 machine with HTTPD (Apache). I created the certificates from Cloudflare (crt, key) and installed them on /etc/ssl/certs modifying my httpd.conf file as follow:

DocumentRoot /var/www/html ServerName portal.xxx.com

SSLEngine on
SSLCertificateFile /etc/ssl/certs/xxx.crt
SSLCertificateKeyFile /etc/ssl/certs/private/xxx.key
SSLCertificateChainFile /etc/ssl/certs/cloudflare.crt

At that momment I cannot even start httpd as service. I would like to know whether could be an issue with cloudflare certificates and any suggestion on how I can solve the problem.

Following the errors messages from apache - error_log and ssl_error_log:

[Tue Mar 02 20:41:58.963052 2021] [mpm_event:notice] [pid 228143:tid 140678595569984] AH00492: caught SIGWINCH, shutting down gracefully
[Tue Mar 02 20:42:00.034933 2021] [core:notice] [pid 228369:tid 140194438072640] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Mar 02 20:42:00.035917 2021] [suexec:notice] [pid 228369:tid 140194438072640] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Mar 02 20:42:00.035995 2021] [ssl:warn] [pid 228369:tid 140194438072640] AH10085: Init: portal.vationcy.com:443 will respond with ‘503 Service Unavailable’ for now. There are no SSL certificates configured and no other module contr$
[Tue Mar 02 20:42:00.036335 2021] [ssl:emerg] [pid 228369:tid 140194438072640] AH02572: Failed to configure at least one certificate and key for portal.xxx.com:443
[Tue Mar 02 20:42:00.036351 2021] [ssl:emerg] [pid 228369:tid 140194438072640] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Mar 02 20:42:00.036355 2021] [ssl:emerg] [pid 228369:tid 140194438072640] AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed

[Tue Mar 02 20:06:24.189453 2021] [ssl:emerg] [pid 224158:tid 139976602437952] AH02562: Failed to configure certificate vationcy.com:443:0 (with chain), check /etc/ssl/certs/vation.crt
[Tue Mar 02 20:06:24.189471 2021] [ssl:emerg] [pid 224158:tid 139976602437952] SSL Library Error: error:0200100D:system library:fopen:Permission denied (fopen(’/etc/ssl/certs/vation.crt’,‘r’))
[Tue Mar 02 20:06:24.189508 2021] [ssl:emerg] [pid 224158:tid 139976602437952] SSL Library Error: error:20074002:BIO routines:file_ctrl:system lib
[Tue Mar 02 20:06:24.189518 2021] [ssl:emerg] [pid 224158:tid 139976602437952] SSL Library Error: error:140DC002:SSL routines:use_certificate_chain_file:system lib
[Tue Mar 02 20:40:34.437343 2021] [ssl:warn] [pid 227450:tid 139775357438272] AH01909: vation-vm.internal.cloudapp.net:443:0 server certificate does NOT include an ID which matches the server name
[Tue Mar 02 20:40:34.461369 2021] [ssl:warn] [pid 227450:tid 139775357438272] AH01909: vation-vm.internal.cloudapp.net:443:0 server certificate does NOT include an ID which matches the server name
[Tue Mar 02 20:41:07.696020 2021] [ssl:warn] [pid 227680:tid 140076624955712] AH01909: vation-vm.internal.cloudapp.net:443:0 server certificate does NOT include an ID which matches the server name
[Tue Mar 02 20:41:07.733778 2021] [ssl:warn] [pid 227680:tid 140076624955712] AH01909: vation-vm.internal.cloudapp.net:443:0 server certificate does NOT include an ID which matches the server name
[Tue Mar 02 20:41:23.857514 2021] [ssl:warn] [pid 227912:tid 139798876248384] AH01909: vation-vm.internal.cloudapp.net:443:0 server certificate does NOT include an ID which matches the server name
[Tue Mar 02 20:41:23.881425 2021] [ssl:warn] [pid 227912:tid 139798876248384] AH01909: xxx.internal.cloudapp.net:443:0 server certificate does NOT include an ID which matches the server name
[Tue Mar 02 20:41:47.195150 2021] [ssl:warn] [pid 228143:tid 140678595569984] AH01909: xxx.internal.cloudapp.net:443:0 server certificate does NOT include an ID which matches the server name
[Tue Mar 02 20:41:47.239298 2021] [ssl:warn] [pid 228143:tid 140678595569984] AH01909: xxx.internal.cloudapp.net:443:0 server certificate does NOT include an ID which matches the server name

I have already disabled SELINUX

Thanks in advance.

Would not seem like it.

That message seems to be pretty clear

These messages also seem to hint at issues

Your SSL configuration seems to be broken. You best double check that and make sure everything is place and accessible for your webserver. Unfortunately server administration itself is beyond the scope of the forum and best asked in a forum dedicated to that topic, such as StackExchange for example. Reddit might work too.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.