How add SSL/443 to Apache server without virtual host?
Solution 1
By default, in CentOS, there is a file used by Apache/httpd located at /etc/httpd/conf.d/ssl.conf
. This file is read in as a configuration by Apache along with the "httpd.conf" file and anything in it takes precedence over settings in httpd.conf
.
That file (again by default) contains a Listen 443
directive. You cannot call that directive twice (as it will say it's already been bound to that port), so that caused the conflict. After removing that, it works.
Solution 2
In case anybody stumbles over this question in 2017...
There is no need to edit httpd.conf
since ssl.conf
contains all the directives we need:
# When we also provide SSL we have to listen to the
# the HTTPS port in addition.
#
Listen 443 https
...
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
And of course the paths to the certs:
SSLCertificateFile /etc/pki/tls/certs/<mycert>.crt
SSLCertificateKeyFile /etc/pki/tls/private/<mykey>.key
In other words, it is enough to add the information in ssl.conf
and the restart the httpd
service. Of course, this only works if this (the last) line:
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
...is uncommented as per above in the file httpd.conf
, which it is in a default installation.
System info:
cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.3 (Maipo)
Related videos on Youtube
Don Rhummy
Updated on September 18, 2022Comments
-
Don Rhummy over 1 year
I have an apache server set up on CentOS. I am trying to add SSL. I was able to create the certificate and keys and then updated
/etc/httpd/conf.d/ssl.conf
to have the following configurations:/etc/httpd/conf.d/ssl.conf
#Where I put my cert SSLCertificateFile /etc/pki/tls/certs/ca.crt #where I put my key SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Then I updated
/etc/httpd/conf/httpd.conf
:/etc/httpd/conf/httpd.conf
Listen 443 SSLEngine on SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Then I ran
service httpd restart
and I get the error:Stopping httpd: [OK] Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:443 [OK]
What do I need to do to enable SSL?
-
Kromey about 10 yearsIt looks like Apache's complaining that another service is already listening on 443; what's the output of
sudo netstat -lnp
? Also verify that there isn't another directive elsewhere in your Apache config that has it listening on that port. -
Don Rhummy about 10 years@Kromey yes, I discovered that the ssl.conf file had a
Listen 443
directive. thanks! -
SKLTFZ about 5 yearsare you sure the setting in httpd.conf will always override ssl.conf? previously i added SSL allowed protocol to excludes TLS1 at httpd.conf, but it doesnt work until i do the same in the ssl.conf. it looks like ssl.conf somehow affected httpd.conf instead of ssl.conf is always overrided by httpd.conf
-
Don Rhummy about 5 years@SKLTFZ you read my comment backwards. i said ssl.conf is the one that wins
-
-
Don Rhummy about 10 years@krisFR I explained it as fully as I can. Please remove your downvote if it answers your questions.
-
krisFR about 10 yearsWill remove my comment (done), will not remove downvote as it is not from me...But +1 for your effort :)