SSL URL gives a 404

apache-2.2 ssl ssl-certificate openssl mod-ssl
6,303

Solution 1

The default SSL vhost in ssl.conf is doing two things:

  1. It gets to choose which certificate is presented to clients that don't support SNI.
  2. It gets all requests that don't match the ServerName or ServerAlias on another name-based vhost.

Simply removing the NameVirtualHost command won't help, as the vhost in ssl.conf will then get every request to port 443. Instead, disable that vhost completely; you don't want or need it.

And you'll still have a certificate mismatch to deal with; your cert needs to cover the hostname that your clients are using.

Solution 2

Without special tricks, HTTPS does not support NameVirtualHosts; remove NameVirtualhost *:443 from the config.

That said, the ServerName does not match the certificate CN - change it to www.example.com.

Restart apache.

Share:
6,303

Related videos on Youtube

terrid25
Author by

terrid25

Updated on September 18, 2022

Comments

  • terrid25
    terrid25 over 1 year

    I have recently created an SSL cert on my server *.key and a *csr file.

    I then created the *crt and the *.ca-bundle with Comodo.

    I have 2 current vhosts:

    vhost for - http://www.example.com

    NameVirtualHost *:80
<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot "/home/example/public_html/example.com/httpdocs"
    ServerName example.com
    ServerAlias www.example.com
</VirtualHost>

    vhost for https://www.example.com

    NameVirtualHost *:443
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/example_com.crt
    SSLCertificateKeyFile /etc/ssl/certs/server.key
    <Directory /home/example/public_html/example.com/httpdocs>
    AllowOverride All
    </Directory>
    DocumentRoot /home/example/public_html/example.com/httpdocs
    ServerName example.com
</VirtualHost>

    The problem is, when I go to https://www.example.com I get a 404

    I'm not sure if the vhost(s) is correct or why I get a 404. Has anyone ever seen this before?

    I have enabled mod_ssl and restarted apache

    Many Thanks

  • adaptr
    adaptr about 12 years
    That won't make a bit of difference, as SSL cannot not choose a vhost before making a secure connection. Classic chicken-and-egg. Your solution only works if he has no other 443 vhosts, or this vhost is always the first one listed. Just Say No.
  • terrid25
    terrid25 about 12 years
    There is only one 443 vhost on the server.
  • fim
    fim about 12 years
    You're partly right but the question was how to solve the 404. Even if there are multiple SSL vhosts (which we don't know for sure in this case) this would only throw an SSL warning to the browser about mismatching certificate/domain, it wouldn't throw a 404.
  • terrid25
    terrid25 about 12 years
    the www.example.com is this in the SSL vhost? I'm pretty sure the SSL was generated by Comodo for example.com rather than www.example.com
  • adaptr
    adaptr about 12 years
    @fim pedantically, he hasn't asked for anything ;) The SSL mismatch is going to cause more issues going forward if he doesn't understand how it interacts.
  • adaptr
    adaptr about 12 years
    You haven't shown us what the certificate is for. I am going off the statement that the SSL vhost was for www.example.com - which is incorrect, the ServerName states example.com.
  • terrid25
    terrid25 about 12 years
    I have a site on example.com I have an ecommerce stroe running on www.example.com/shop I'd like the SSL cert to cover the shpop in terms of login (example.com/shop/account/login). This currently works with http:// but gives a 404 on the https:// version
  • adaptr
    adaptr about 12 years
    Either the certificate must cover both hostnames, using a wildcard or SAN, or the resulting visits will pop up the browser warning about mixing secure and insecure data.
  • terrid25
    terrid25 about 12 years
    Ok so my understanding is this: 1)Remove the NameVirtualHost from the sslvhost 2)Comment out the <VirtualHost> in ssl.conf 3)Add the www.example.com ServerAlias to the sslvhost. Is this correct?
  • ravi yarlagadda
    ravi yarlagadda about 12 years
    Only step 2 is actually needed to get it working - but do the other two as well, to make your config easier to understand and maintain. Also, verify that no other vhosts are trying to take port 443; apache2ctl -S.
  • terrid25
    terrid25 about 12 years
    Ok. Step 1) done. Step 2) Do I comment out the whole VirtualHost and it's content?. Step 3) Done
  • ravi yarlagadda
    ravi yarlagadda about 12 years
    Yes - either comment every line or just remove it completely.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to install godaddy's ssl on apache
Restart of nginx service fails because of /etc/nginx/nginx.conf test failure
Apache multiple virtual hosts with ssl certificates
Apache2 fails to start with some specific SSLCipherSuite config
ssl_error_bad_mac_alert error in Firefox
How to debug curl? gnutls_handshake failed -unexpected TLS packet (OpenSSL)
apache Client Certificate Authentication errors: Certificate Verification: Error (18): self signed certificate
How to run a virtualhost 443 without an SSL cert?
Extract key from JKS keystore to use with apache2 and tomcat
How to disable TLS 1.1 & 1.2 in Apache?