Help troubleshooting why Apache is not serving up SSL website

11 posts / 0 new
Topic locked
Last post
#1 Thu, 05/20/2010 - 13:54
dlenorman

Help troubleshooting why Apache is not serving up SSL website

I set up TLD.COM using VirtualMin. I then chose to setup a SSL website.

When I try to got to "https://TLD.COM" the only error message I can see in FireFox is: "(Error code: ssl_error_ssl2_disabled)"

I have also tried using IE ver. 8 with all the SSL 3.0 and 2.0 options enabled and the pages aren't served up by Apache.

I have only one external IP that TLD is served by. I only have one SSL site and that's for the TLD on the one external IP. Do I have to have a separate IP for the SSL site?

Basically I want to have "http://tld.com" and "https://tld.com". Is this possible with one external IP?

Maybe I've configured something incorrectly... can someone point me in a direction to start troubleshooting why the SSL site doesn't work..?

thanks!

Thu, 05/20/2010 - 14:20
ronald
ronald's picture

on a centos box you could look into /etc/httpd/conf.d/ssl.conf to see if it is configured correctly

Thu, 05/20/2010 - 15:02
dlenorman

Thanks... I looked at the Apache error log and see:

[Thu May 20 11:57:49 2010] [error] [client 192.168.0.1] PHP Notice: Undefined index: HTTP_HOST in /var/www/html/libraries/joomla/environment/uri.php on line 164

I am using Joomla 1.5.17...

Could this be a coding error in Joomla??

Below is the code in URI.PHP that causes the issue:

// IIS uses the SCRIPT_NAME variable instead of a REQUEST_URI variable... thanks, MS $theURI = 'http' . $https . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'];

The section of code is below:

function &getInstance($uri = 'SERVER') { static $instances = array();

    if (!isset ($instances[$uri]))
    {
        // Are we obtaining the URI from the server?
        if ($uri == 'SERVER')
        {
            // Determine if the request was over SSL (HTTPS)
            if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
                $https = 's://';
            } else {
                $https = '://';
            }

            /*
             * Since we are assigning the URI from the server variables, we first need
             * to determine if we are running on apache or IIS.  If PHP_SELF and REQUEST_URI
             * are present, we will assume we are running on apache.
             */
            if (!empty ($_SERVER['PHP_SELF']) && !empty ($_SERVER['REQUEST_URI'])) {

                /*
                 * To build the entire URI we need to prepend the protocol, and the http host
                 * to the URI string.
                 */
                $theURI = 'http' . $https . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];

            /*
             * Since we do not have REQUEST_URI to work with, we will assume we are
             * running on IIS and will therefore need to work some magic with the SCRIPT_NAME and
             * QUERY_STRING environment variables.
             */
            }
             else
             {
                // IIS uses the SCRIPT_NAME variable instead of a REQUEST_URI variable... thanks, MS
                $theURI = 'http' . $https . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'];

                // If the query string exists append it to the URI string
                if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) {
                    $theURI .= '?' . $_SERVER['QUERY_STRING'];
                }
            }

            // Now we need to clean what we got since we can't trust the server var
            $theURI = urldecode($theURI);
            $theURI = str_replace('"', '"',$theURI);
            $theURI = str_replace('<', '&lt;',$theURI);
            $theURI = str_replace('>', '&gt;',$theURI);
            $theURI = preg_replace('/eval\((.*)\)/', '', $theURI);
            $theURI = preg_replace('/[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']/', '""', $theURI);
        }
        else
        {
            // We were given a URI
            $theURI = $uri;
        }

        // Create the new JURI instance
        $instances[$uri] = new JURI($theURI);
    }
    return $instances[$uri];
}
Thu, 05/20/2010 - 20:25
andreychek

No, the error you're getting appears to be at the Apache or browser level, not at the Joomla code level.

Also, you shouldn't need an additional IP address if this is the only SSL site you're hosting on that IP address.

As Ronald mentioned, something may be awry with the SSL settings on your server. If you post your ssl.conf file, we can look it over and see if the problem stands out.

-Eric

Thu, 06/03/2010 - 11:40
dlenorman

Thanks to both Eric and Ronald...

Both the "http.conf" and "ssl.conf" Conf files are attached... I also noticed that the sever is pulling from the "/var/www/html directory" and not the "/home/my-tld/public_html" directory.

I have subtituted "my-tld.com" or "my-tld" for my actual TLD... if that mucks things up then I will send the unedited versions...

Thanks in advance for your assistance....

Thu, 06/03/2010 - 11:46
andreychek

One thing I might try is in your httpd.conf file, there's a line "NameVirtualHost *". What happens if you comment that out?

That line shouldn't be necessary, and may be causing trouble.

After that, restart Apache... then take a peek in /var/log/httpd/error_log, and make sure no errors/warnings show up during the restart process.

And then, see if that does the trick :-)

-Eric

Thu, 06/03/2010 - 19:57
dlenorman

OK.. so i commented out with # the "NameVirtualHost *". in the "edit config files" under Apache in the server section. Saved it and then restarted Apache. I did it a couple times to make sure.

Attached is the error in the /var/log/httpd/error_log. No errors noted after restart but error after I try to access the SSL website. Also still pulls from the /var/www/html directory for the TLD website instead of public_html directory...

the following shows up in the access_log for Apache

201.120.140.213 - - [03/Jun/2010:16:23:24 -0800] "\x16\x03\x01" 200 21834 "-" "-" 201.120.140.213 - - [03/Jun/2010:16:25:15 -0800] "\x16\x03\x01" 200 21842 "-" "-" 201.120.140.213 - - [03/Jun/2010:16:26:08 -0800] "\x16\x03\x01" 200 21842 "-" "-" 201.120.140.213 - - [03/Jun/2010:16:26:13 -0800] "\x16\x03\x01" 200 21834 "-" "-"

I have the SSL site running in /home/my-tld/secure directory I have the Website running in /home/my-tld/public_html directory Apache pulls from the /var/www/html directory

Since neither of the "virtual sites" appears to be noticed by Apache, I am assuming the Apache config files are messed up.

In the var/log/my-tld/error_log it reads:

[Thu Jun 03 16:50:46 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Thu Jun 03 16:50:46 2010] [warn] RSA server certificate CommonName (CN) www.alaskaadjusters.com' does NOT match server name!? [Thu Jun 03 16:50:46 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Thu Jun 03 16:50:46 2010] [warn] RSA server certificate CommonName (CN)www.alaskaadjusters.com' does NOT match server name!? [Thu Jun 03 16:52:46 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Thu Jun 03 16:52:46 2010] [warn] RSA server certificate CommonName (CN) www.alaskaadjusters.com' does NOT match server name!? [Thu Jun 03 16:52:46 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Thu Jun 03 16:52:46 2010] [warn] RSA server certificate CommonName (CN)www.alaskaadjusters.com' does NOT match server name!?

Thanks for your help, BTW... :)

Fri, 06/11/2010 - 13:06
dlenorman

VIRTUAL WEBSITES still not working. I commented out the item you suggested in the http.conf file...

still serving webpages from /var/www/html... I even created a different virtual site and it doesn't work either.

So I'm guessing something's got corrupted in the Apache conf files (posted above) so any assistance would be appreciated...

Thank You....

Thu, 06/17/2010 - 16:42 (Reply to #8)
dlenorman

Help Please..

I included the SSL.CONF and HTTPD.CONF files for review above...

Fri, 06/18/2010 - 12:35 (Reply to #9)
dlenorman

I deleted all the virtual sites. I then added them back.

THEY ARE NOT WORKING... Apache is pulling from the "default" folder...

I attached the http.conf file and ssl.conf files for review.

I respectfully request some assistance in fixing this issue... thanks.

--Dlenorman..

Fri, 06/18/2010 - 14:27
ronald
ronald's picture

you still have these entries in your httpd.conf:
NameVirtualHost *
NameVirtualHost 69.161.20.100:80
NameVirtualHost 69.161.20.100:443
NameVirtualHost 192.168.0.34:80
NameVirtualHost 192.168.0.34:443

those are giving troubles. try comment them out all together.
The IP is in the virtualhost container where it should be

In your ssl.conf is
Listen *:443
the * should be replaced with the IP of the server (69.161.20.100)

then restart apache and look for any errors in the logs.

Also your dns looks like it could use some major tweaking. Are you using some dynamic dns service?
SOA entry isn't correct, you do not have a FQDN
The SOA record is:
Primary nameserver: lenorman
Hostmaster E-mail address: admin

Topic locked