How add SSL/443 to Apache server without virtual host?

apache-2.2 ssl httpd httpd.conf apache-2.4

20,759

Solution 1

By default, in CentOS, there is a file used by Apache/httpd located at /etc/httpd/conf.d/ssl.conf. This file is read in as a configuration by Apache along with the "httpd.conf" file and anything in it takes precedence over settings in httpd.conf.

That file (again by default) contains a Listen 443 directive. You cannot call that directive twice (as it will say it's already been bound to that port), so that caused the conflict. After removing that, it works.

Solution 2

In case anybody stumbles over this question in 2017...

There is no need to edit httpd.conf since ssl.conf contains all the directives we need:

# When we also provide SSL we have to listen to the 
# the HTTPS port in addition.
#
Listen 443 https

...

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

And of course the paths to the certs:

SSLCertificateFile /etc/pki/tls/certs/<mycert>.crt

SSLCertificateKeyFile /etc/pki/tls/private/<mykey>.key

In other words, it is enough to add the information in ssl.conf and the restart the httpd service. Of course, this only works if this (the last) line:

# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf

...is uncommented as per above in the file httpd.conf, which it is in a default installation.

System info:

cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.3 (Maipo)

20,759

Don Rhummy

Updated on September 18, 2022

Comments

Don Rhummy over 1 year
I have an apache server set up on CentOS. I am trying to add SSL. I was able to create the certificate and keys and then updated /etc/httpd/conf.d/ssl.conf to have the following configurations:

/etc/httpd/conf.d/ssl.conf
```
#Where I put my cert
SSLCertificateFile /etc/pki/tls/certs/ca.crt

#where I put my key
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
```
Then I updated /etc/httpd/conf/httpd.conf:

/etc/httpd/conf/httpd.conf
```
Listen 443
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
```
Then I ran service httpd restart and I get the error:
```
Stopping httpd:          [OK]
Starting httpd:          (98)Address already in use: make_sock: could not bind to address [::]:443
                         [OK]
```
What do I need to do to enable SSL?
- Kromey about 10 years
  
  It looks like Apache's complaining that another service is already listening on 443; what's the output of sudo netstat -lnp? Also verify that there isn't another directive elsewhere in your Apache config that has it listening on that port.
- Don Rhummy about 10 years
  
  @Kromey yes, I discovered that the ssl.conf file had a Listen 443 directive. thanks!
- SKLTFZ about 5 years
  
  are you sure the setting in httpd.conf will always override ssl.conf? previously i added SSL allowed protocol to excludes TLS1 at httpd.conf, but it doesnt work until i do the same in the ssl.conf. it looks like ssl.conf somehow affected httpd.conf instead of ssl.conf is always overrided by httpd.conf
- Don Rhummy about 5 years
  
  @SKLTFZ you read my comment backwards. i said ssl.conf is the one that wins
Don Rhummy about 10 years

@krisFR I explained it as fully as I can. Please remove your downvote if it answers your questions.
krisFR about 10 years

Will remove my comment (done), will not remove downvote as it is not from me...But +1 for your effort :)