Score:0

How can I figure out how SSL is installed on a server using Apache?

ca flag

I've acquired a Debian 11 server that is using apache to serve a site. SSL is installed on the site, working properly, and the certificate is provided by Cloudflare.

I've gone through all of the apache configuration files and can't find where the active SSL certificates are or how Apache is seeing them.

I've ran grep -r 'SSL' /etc/httpd and nothing comes up. I was expecting there to be something like SSLCertificateFile.

I can see some certificates in /etc/letsencrypt/live and also some certificates in /etc/ssl.

I need to find what certificates are being used by this server and how they're hooked up to Apache so that I can replicate it on another server.

Any tips on where I can find this info?

Score:2
cn flag
Bob

The keyword there is probably:

the certificate is provided by Cloudflare

That implies that your website uses Cloudflare.

And when you can't find SSL settings for your webserver: then most likely your server is not configured to support SSL/TLS at all.

You're are probably using what Cloudflare calls "Flexible SSL":

Cloudflare Flexible SSL: secure connection between your visitor and CloudFlare, but no secure connection between CloudFlare and your web server.
You don't need to have an SSL certificate on your web server
, but your visitors still see the site as being HTTPS enabled. Source

You can probably confirm that in your Cloudflare management console.


Based on your comments:

It appears that the above is not quite the case.

Apache is indeed not configured to support HTTPS, but Cloudflare does connect over HTTPS to your server. But your server does not use Apache httpd for HTTPS, instead it uses HAProxy to serve HTTPS content.

Timothy Fisher avatar
ca flag
I took a look in the Cloudflare console and it says `Your SSL/TLS encryption mode is Full`. I did also take a look though on the server with `httpd -M` and didn't see any SSL module enabled.
Massimo avatar
ng flag
Can you actually connect to your server using HTTPS? Is it even listening on TCP port 443?
cn flag
Bob
Then the question: is apache the web server used for https content? Check for what is listening on the default https port 443 with for example `ss -tlpn`
Timothy Fisher avatar
ca flag
The output of that command for port 443 is: `LISTEN 0 3000 *:443 *:* `. But yes I can access the site in the browser using https.
Timothy Fisher avatar
ca flag
Oh, I realize I needed to be root to see the services that were running on that port. I ran `netstat -ltnp` and it shows something called haproxy listening there. Looks like I'll read through the docs there to see what's up. Thanks for the help!
Timothy Fisher avatar
ca flag
HAProxy ended up having a `Timeout Server` directive in its config that was set to 60 seconds. Increasing this fixed the issue.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.