[LINUX] Points that got stuck in SSL conversion of Web services created on Sakura VPS server

As a prerequisite

The environment construction has been completed with Sakura VPS, and I have acquired the original domain of the Web service I created. On condition that the document root is set and the http connection is completed with the domain name (○○ .com etc.) I will describe it.

Work environment

CentOS7 Apache2.4.6

Issue a free SSL certificate with Let's encrypt and make it SSL

This time I used Let's encrypt because I wanted to issue an SSL certificate for free.

Clogged part

https://weblabo.oscasierra.net/letsencrypt-2/

Even if the contents of the reference article here are perfect, the http connection does not switch to the https connection.

Countermeasures

It is written in the reference article Consider the possibility that the settings for Apache 2.4 are not reflected well.

$ apachectl config test ← Check the syntax of ssl.conf with this command.

Then the following error message appears.

Syntax error on line XX of /path/to/ssl.conf: SSLCertificateFile: file '/path/to/cert.pem' does not exist or is empty

If you search with the above error message

https://www.proto-star.com/2016/04/24/lets-encrypt-apache-%E3%81%A7%E3%81%A1%E3%82%83%E3%82%93%E3%81%A8%E8%A8%BC%E6%98%8E%E6%9B%B8%E3%81%AE%E7%94%9F%E6%88%90%E3%81%8C%E5%AE%8C%E4%BA%86%E3%81%97%E3%81%A6%E3%82%8B%E3%81%AE%E3%81%AB/

I was able to find the article here. When I change the permission settings

$ apachectl configtest Syntax OK

After confirming that the setting to Apache 2.4 was successful and checking the browser again, this time I got a connection timeout error. ..

When I was investigating various things, it seemed that the cause was an error in the firewall or Apache.

Check the firewall $ firewall-cmd --list-all --permanent Check apache $ systemctl status httpd

When I hit the above command, the firewall seems to have no problem. For apache, the word failed is in the long English message. ..

Yes, it's caused by Apache.

When I check the Apache error log, I get an error message saying that the port number 443 in ssl.conf is duplicated.

When I searched with 443 with the glep command, it was copied for backup

ssl.old.conf ssl.oldest.conf

The above file conflicted with Honmaru's ssl.conf. ..

So if you delete these files, start Apache again and check your browser

The connection timeout error was resolved and the https connection was good.

There seems to be a problem with how to take a backup file, and the OS judges by the extension, so if you want to take a backup file, it seems that the correct answer is as follows.

ssl.conf.bak ssl.conf.old

The extension was completely blind spot. .. When you get an incomprehensible error like this one, it's natural to think about it now, but it's better to take a closer look at the error log and then take action to resolve it.

When I run into an error in programming, it is natural to see the error log, but I lacked knowledge about environment construction and did not even have the concept that Apache has an error log.

However, this error gave me some knowledge about environment construction and network, so I'm glad I was able to meet the error. I think it will end as a positive result lol

Excuse me for the long sentence!

Recommended Posts

Points that got stuck in SSL conversion of Web services created on Sakura VPS server
Building a Python environment on a Sakura VPS server
Looking back on WEB apps and smartphone apps created by personal development that started in 2020