As a prerequisite
The environment construction has been completed with Sakura VPS, and I have acquired the original domain of the Web service I created. On condition that the document root is set and the http connection is completed with the domain name (○○ .com etc.) I will describe it.
Work environment
CentOS7 Apache2.4.6
Issue a free SSL certificate with Let's encrypt and make it SSL
This time I used Let's encrypt because I wanted to issue an SSL certificate for free.
Clogged part
https://weblabo.oscasierra.net/letsencrypt-2/
Even if the contents of the reference article here are perfect, the http connection does not switch to the https connection.
Countermeasures
It is written in the reference article Consider the possibility that the settings for Apache 2.4 are not reflected well.
$ apachectl config test ← Check the syntax of ssl.conf with this command.
Then the following error message appears.
Syntax error on line XX of /path/to/ssl.conf: SSLCertificateFile: file '/path/to/cert.pem' does not exist or is empty
If you search with the above error message
https://www.proto-star.com/2016/04/24/lets-encrypt-apache-%E3%81%A7%E3%81%A1%E3%82%83%E3%82%93%E3%81%A8%E8%A8%BC%E6%98%8E%E6%9B%B8%E3%81%AE%E7%94%9F%E6%88%90%E3%81%8C%E5%AE%8C%E4%BA%86%E3%81%97%E3%81%A6%E3%82%8B%E3%81%AE%E3%81%AB/
I was able to find the article here. When I change the permission settings
$ apachectl configtest Syntax OK
After confirming that the setting to Apache 2.4 was successful and checking the browser again, this time I got a connection timeout error. ..
When I was investigating various things, it seemed that the cause was an error in the firewall or Apache.
Check the firewall $ firewall-cmd --list-all --permanent Check apache $ systemctl status httpd
When I hit the above command, the firewall seems to have no problem. For apache, the word failed is in the long English message. ..
Yes, it's caused by Apache.
When I check the Apache error log, I get an error message saying that the port number 443 in ssl.conf is duplicated.
When I searched with 443 with the glep command, it was copied for backup
ssl.old.conf ssl.oldest.conf
The above file conflicted with Honmaru's ssl.conf. ..
So if you delete these files, start Apache again and check your browser
The connection timeout error was resolved and the https connection was good.
There seems to be a problem with how to take a backup file, and the OS judges by the extension, so if you want to take a backup file, it seems that the correct answer is as follows.
ssl.conf.bak ssl.conf.old
The extension was completely blind spot. .. When you get an incomprehensible error like this one, it's natural to think about it now, but it's better to take a closer look at the error log and then take action to resolve it.
When I run into an error in programming, it is natural to see the error log, but I lacked knowledge about environment construction and did not even have the concept that Apache has an error log.
However, this error gave me some knowledge about environment construction and network, so I'm glad I was able to meet the error. I think it will end as a positive result lol
Excuse me for the long sentence!