Apache SSL Configuration Error (SSL Connection Error)

Step to enable SSL correctly.

sudo a2enmod ssl  
sudo apt-get install openssl

Configure the path of SSL certificates in your SSL config file (default-ssl.conf) that might be located in /etc/apache2/sites-available. I have stored certificates under /etc/apache2/ssl/

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/certificate.crt
SSLCertificateChainFile /etc/apache2/ssl/ca_bundle.crt
SSLCertificateKeyFile /etc/apache2/ssl/private.key

Enable SSL config file

sudo a2ensite default-ssl.conf

I had the same problem as @User39604, and had to follow VARIOUS advices. Since he doesnt remember the precise path he followed, let me list my path:

1. check if you have SSL YES using <?php echo phpinfo();?>

2. if necessary

   A. enable ssl on apache sudo a2enmod ssl

   B. install openssl sudo apt-get install openssl

   C. check if port 443 is open sudo netstat -lp

   D. if necessary, change /etc/apache2/ports.conf, this works

   NameVirtualHost *:80
   Listen 80
   
   <IfModule mod_ssl.c>
       # If you add NameVirtualHost *:443 here, you will also have to change
       # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
       # to <VirtualHost *:443>
       # Server Name Indication for SSL named virtual hosts is currently not
       # supported by MSIE on Windows XP.
       NameVirtualHost *:443
       Listen 443
   </IfModule>
   
   <IfModule mod_gnutls.c>
       Listen 443
   </IfModule>
   

3. acquire a key and a certificate by

   A. paying a Certificating Authority (Comodo, GoDaddy, Verisign) for a pair

   B. generating your own* - see below (testing purposes ONLY)

4. change your configuration (in ubuntu12 /etc/apache2/httpd.conf - default is an empty file) to include a proper <VirtualHost> (replace MYSITE.COM as well as key and cert path/name to point to your certificate and key):

   <VirtualHost _default_:443> 
   ServerName MYSITE.COM:443
   SSLEngine on
   SSLCertificateKeyFile /etc/apache2/ssl/MYSITE.COM.key
   SSLCertificateFile /etc/apache2/ssl/MYSITE.COM.cert
   ServerAdmin MYWEBGUY@localhost
   DocumentRoot /var/www
   <Directory />
       Options FollowSymLinks
       AllowOverride None
   </Directory>
   <Directory /var/www/>
       Options Indexes FollowSymLinks MultiViews
       AllowOverride None
       Order allow,deny
       allow from all
   </Directory>
   
   
   ErrorLog ${APACHE_LOG_DIR}/errorSSL.log
   
   # Possible values include: debug, info, notice, warn, error, crit,
   # alert, emerg.
   LogLevel warn
   
   CustomLog ${APACHE_LOG_DIR}/accessSSL.log combined
   
   </VirtualHost>
   

while many other virtualhost configs wil be available in /etc/apache2/sites-enabled/ and in /etc/apache2/sites-available/ it was /etc/apache2/httpd.conf that was CRUCIAL to solving all problems.

for further info:

http://wiki.vpslink.com/Enable_SSL_on_Apache2

http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#selfcert

*generating your own certificate (self-signed) will result in a certificate whose authority the user's browser will not recognize. therefore, the browser will scream bloody murder and the user will have to "understand the risks" a dozen times before the browser actually opens up the page. so, it only works for testing purposes. having said that, this is the HOW-TO:

5. goto the apache folder (in ubuntu12 /etc/apache2/)
6. create a folder like ssl (or anything that works for you, the name is not a system requirement)
7. goto chosen directory /etc/apache2/ssl
8. run sudo openssl req -new -x509 -nodes -out MYSITE.COM.crt -keyout MYSITE.COM.key
9. use MYSITE.COM.crt and MYSITE.COM.key in your <VirtualHost> tag

name format is NOT under a strict system requirement, must be the same as the file :) - names like 212-MYSITE.COM.crt, june2014-Godaddy-MYSITE.COM.crt should work.

I was getting the same error in chrome (and different one in Firefox, IE). Also in error.log i was getting [error] [client cli.ent.ip.add] Invalid method in request \x16\x03 Following the instructions form this site I changed my configuration FROM:

<VirtualHost subdomain.domain.com:443>

   ServerAdmin [email protected]
   ServerName subdomain.domain.com

   SSLEngine On
   SSLCertificateFile conf/ssl/ssl.crt
   SSLCertificateKeyFile conf/ssl/ssl.key
</VirtualHost>

TO:

<VirtualHost _default_:443>

   ServerAdmin [email protected]
   ServerName subdomain.domain.com

   SSLEngine On
   SSLCertificateFile conf/ssl/ssl.crt
   SSLCertificateKeyFile conf/ssl/ssl.key
</VirtualHost>

Now it's working fine :)

A common cause I wanted to suggest for this situation:

Sometimes a customer is running Skype, which is using port 443 without their realizing it. When they go to start Tomcat or Apache, it appears to start but cannot bind with port 443. This is the exact message that the user would receive in the browser. The fix is to stop what was running on port 443 and re-start the webserver so it can bind with port 443.

The customer can re-start Skype after starting the webserver, and Skype will detect that port 443 is in use and choose a different port to use.