Join Log in
Score:0
avatar Server

Apache SSL config not listening on 443

jp flag
user99201

I am trying to setup an apache website for SSL with a self-signed cert. I setup the vhost and everything looks ok to me. But the site is not coming up and on the server itself port 443 is not listening.

Website: https://beta.jokefire.com

VHOST config:

<VirtualHost *:443>
     SSLEngine On
     SSLCertificateFile /etc/pki/tls/certs/beta.jokefire.com.crt
     SSLCertificateKeyFile /etc/pki/tls/private/beta.jokefire.com.key
     #SSLCACertificateFile /etc/pki/tls/certs/root-certificate.crt  #If using a self-signed certificate or a root certificate provided by ca-certificates, omit this line

     ServerAdmin [email protected]
     ServerName beta.jokefire.com
     DocumentRoot /var/www/jf-beta
     ErrorLog logs/jf_beta.jokefire.com_ssl_error_log
     CustomLog logs/jf_beta.jokefire.com_ssl_access_log combine
</VirtualHost>

I am listening on port 80 but not on port 443:

[root@web1:~] #lsof -i :80
COMMAND   PID   USER   FD   TYPE     DEVICE SIZE/OFF NODE NAME
httpd   14489   root    4u  IPv6 1575659387      0t0  TCP *:http (LISTEN)
httpd   14490 apache    4u  IPv6 1575659387      0t0  TCP *:http (LISTEN)
httpd   14497 apache    4u  IPv6 1575659387      0t0  TCP *:http (LISTEN)
httpd   14497 apache   27u  IPv6 1575659779      0t0  TCP web1.jokefire.com:http->37.151.164.13.megaline.telecom.kz:54674 (ESTABLISHED)
httpd   14498 apache    4u  IPv6 1575659387      0t0  TCP *:http (LISTEN)
httpd   14499 apache    4u  IPv6 1575659387      0t0  TCP *:http (LISTEN)
httpd   14499 apache   27u  IPv6 1575659460      0t0  TCP web1.jokefire.com:http->7.bl.bot.semrush.com:23728 (ESTABLISHED)
httpd   14501 apache    4u  IPv6 1575659387      0t0  TCP *:http (LISTEN)
httpd   14502 apache    4u  IPv6 1575659387      0t0  TCP *:http (LISTEN)
httpd   14525 apache    4u  IPv6 1575659387      0t0  TCP *:http (LISTEN)
httpd   14541 apache    4u  IPv6 1575659387      0t0  TCP *:http (LISTEN)
httpd   14542 apache    4u  IPv6 1575659387      0t0  TCP *:http (LISTEN)
[root@web1:~] #lsof -i :443
[root@web1:~] #

Here's my cert and key and directories:

[root@web1:~] #ls -lh /etc/pki/tls/certs/beta.jokefire.com.crt /etc/pki/tls/certs/beta.jokefire.com.crt
-rw-------. 1 root root 1.5K Oct 17 16:14 /etc/pki/tls/certs/beta.jokefire.com.crt
-rw-------. 1 root root 1.5K Oct 17 16:14 /etc/pki/tls/certs/beta.jokefire.com.crt

[root@web1:~] #ls -ld /etc/pki/tls/certs /etc/pki/tls/private/
drwx------. 2 root root 4096 Oct 17 16:20 /etc/pki/tls/certs
drwx------. 2 root root 4096 Oct 17 16:13 /etc/pki/tls/private/

And the SSL log files that I've defined in the apache vhost are there on the filesystem, but they are empty:

[root@web1:~] #ls -lh /var/log/httpd/jf_beta.jokefire.com_ssl_access_log /var/log/httpd/jf_beta.jokefire.com_ssl_error_log
-rw-r--r--. 1 root root 0 Oct 17 16:36 /var/log/httpd/jf_beta.jokefire.com_ssl_access_log
-rw-r--r--. 1 root root 0 Oct 17 16:36 /var/log/httpd/jf_beta.jokefire.com_ssl_error_log

What am I doing wrong?

48
0 + 0
ssl
br flag
garethTheRed
You also need `Listen 443` somewhere in your config. On Debian, it's automatic if you have the SSL or GnuTLS modules enabled, for example; but other distros may differ.
0
Reply
jp flag
user99201
Thank you! I forgot all about the listen command. D'OH! I've added it to my apache config and now it works. Thanks!
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.