My ssl config arent working now. I just move a site from one host (I moved the certs files.
When I try access I have this error. (Chrome and Firefox say to me that SSL protocol is invalid)
Solved: Finally I forgottednto enable the site :( Sorry and thanks for the help with the SSL config.
I see this in my apache log (I think that is when I enter usin my http route)
[09/Apr/2016:16:54:05 +0000] "GET /homepage/ HTTP/1.1" 302 560 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36"
Here my SSL virtualhost file in sites-enable (I replaced name site to my-site):
Edited after the responses:
- Commented SSLCertificateChainFile line.
ErrorLog from ssl virtualhost changed to /home/my-site/logs/my-site.com-error-ssl.log
LogLevel setted to debug
CustomLog from ssl virtualhost changed to /home/my-site/logs/my-site.com.com-access-ssl.log combined
The new logs files are missing, I really can't see any ssl error.
I tested too that ssl module is enabled
Testing normal and private session in Chrome results in the same
NON-SSL
ServerAdmin webmaster@my-site.com
ServerName my-site.com
ServerAlias www.my-site.com
DocumentRoot /home/my-site/www/my-site.com/current/public/
Options FollowSymLinks
AllowOverride None
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Require all granted
ErrorLog /home/my-site/logs/my-site.com-error.log
LogLevel warn
CustomLog /home/my-site/logs/my-site.com.com-access.log combined
Alias /doc/ "/usr/share/doc/"
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Require all denied
Allow from 127.0.0.0/255.0.0.0 ::1/128
SSL
ServerAdmin webmaster@my-site.com
ServerName my-site.com
ServerAlias www.my-site.com
DocumentRoot /home/my-site/www/my-site.com/current/public
Allow from All
Require all granted
Options FollowSymLinks
AllowOverride All
ErrorLog /home/my-site/logs/my-site.com-error-ssl.log
LogLevel debug
CustomLog /home/my-site/logs/my-site.com.com-access-ssl.log combined
SSLEngine on
SSLCertificateFile /home/my-site/www/my-site.com/current/ssl/www.my-site.com.crt
SSLCertificateKeyFile /home/my-site/www/my-site.com/current/ssl/www.my-site.com.key
#SSLCertificateChainFile /home/my-site/www/my-site.com/current/ssl/my-site.com.crt
SSLCACertificateFile /home/my-site/www/my-site.com/current/ssl/my-site.com.crt
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
No comments:
Post a Comment