I am trying to get Apache (2.4.41, Ubuntu) to work with SSL and am not having luck. Whenever I visit the site in my browser, I get the error "This site can't be reached: my-domain took too long to respond."
I have a valid certificate and key, though I am not entirely sure which variant to use. I have tried several (both with chain and without) and can't seem to get it to work.
Here are the cert versions available to me:
Available formats:
as Certificate only, PEM encoded
as Certificate (w/ issuer after), PEM encoded
as Certificate (w/ chain), PEM encoded
as PKCS#7
as PKCS#7
Issuing CA certificates only:
as Root/Intermediate(s) only, PEM encoded
as Intermediate(s)/Root only, PEM encoded
Apache itself works fine with http, no problem. I have set up a config which redirects http to https traffic, also works no problem. My SSL config is the default in Apache:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/certs/my-domain.crt
SSLCertificateKeyFile /etc/apache2/certs/my-domain.key
SSLCertificateChainFile /etc/apache2/certs/my-domain.ca
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
I have checked that the hash of the .crt and .key match. (If I intentionally mismatch them, I get an error when starting Apache).
I do not get an error message in the Apache log. My ports.conf is listening on 443:
Listen 80
Listen 443
I have enabled the SSL config with sudo a2ensite default-ssl. a2enmod ssl says "Module ssl already enabled".
On the server, I checked whether port 443 is open using nc and it returns "Connection to my-domain 443 port [tcp/https] succeeded!"
What else could I test? I'm out of ideas.
