In general a HTTPS site should have a proper fully qualified domain name which matches what is in the certificate. You wouldn’t use ‘localhost’ for the server name.
For a start, try adding the option: —allow-localhost Depending on the platform this still may not work though as I recollect that localhost and host access controls can work strangely on Apache with some operating systems. A better way of doing it is to change ‘—server-name localhost’ to: —server-name 127.0.0.1.xip.io <http://xip.io/> Then access the site as: https://127.0.0.1.xip.io <https://127.0.0.1.xip.io/> This gets around the way that Apache or the operating system can treat localhost in a special way. This requires external DNS access and some Intranets can even block xip.io <http://xip.io/>. In that case add an explicit entry into your /etc/hosts file for some fully qualified name, such as: 127.0.0.1 www.example.com and use: —server-name www.example.com <http://www.example.com/> Graham > On 17 Sep 2016, at 11:38 PM, peter hoth <hoth.pe...@gmail.com> wrote: > > Hi, > > I managed to get my web app running with the following command: > > mod_wsgi-express setup-server --user admin --group admin mycloud.wsgi > --startup-log --access-log --port=80 --server-root=/usr/local/mycloud > > Next, I managed to generate my SSL cert and performed the following: > > mod_wsgi-express setup-server --user admin --group admin mycloud.wsgi > --startup-log --access-log \ > --port=443 --server-root=/usr/local/mycloud \ > --https-port 443 --https-only --server-name localhost --ssl-certificate > /usr/local/mycloud/sslcerts/domain > > The error_log shows that my app is actually running when the apache is > started (i.e. apachectl start) > No errors in startup_log and access_log > > However, when i pointed my browser to https://localhost it shows the > following error: > > Forbidden > You don't have permission to access / on this server. > > The error_log has the following line: > > [Sat Sep 17 21:34:46.119671 2016] [authz_core:error] [pid 6953:tid > 139664394032896] [client 127.0.0.1:40492] AH01630: client denied by server > configuration: /usr/local/armscloud/htdocs/ > > I did not use htdocs when i run the web app without SSL and it was working > fine. Do i need to add additional parameters to the mod_wsgi-express command > for SSL ? > > The generated certs are confirmed working. > > === My environment: > CentOS 6.8 > port 443 is enabled in firewall > default apache service that comes with OS is disabled > > python 2.7.12 > virtualenv 15.0.3 > pip freeze modules: > : > mod-wsgi-httpd=2.4.12.6 > mod-wsgi==4.5.7 > : > > === > > Regards, > Pete > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to modwsgi+unsubscr...@googlegroups.com > <mailto:modwsgi+unsubscr...@googlegroups.com>. > To post to this group, send email to modwsgi@googlegroups.com > <mailto:modwsgi@googlegroups.com>. > Visit this group at https://groups.google.com/group/modwsgi > <https://groups.google.com/group/modwsgi>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to modwsgi+unsubscr...@googlegroups.com. To post to this group, send email to modwsgi@googlegroups.com. Visit this group at https://groups.google.com/group/modwsgi. For more options, visit https://groups.google.com/d/optout.