[users@httpd] Setting up Apache 2.4 with Letsencrypt

Mon, 12 Feb 2018 20:55:14 -0800 

I have dehydrate properly renewing certs from Let's Encrypt (which I am using 
successfully for mail authentication) and I ma trying to get them working for 
Apache 2.4, but no luck so far.

I created aliases in /usr/local/etc/apache24/ pointing to the files in 
/usr/local/etc/dehydrated/certs/domain.tld/fullchain.pem and privkey.pem

in httpd.conf I have:

LoadModule ssl_module libexec/apache24/mod_ssl.so

Include etc/apache24/extra/httpd-ssl.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

 /etc/httpd/extra//httpd-ssl.conf:
Listen 443
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLPassPhraseDialog  builtin
SSLSessionCache         "dbm:/var/run/ssl_scache"
SSLSessionCacheTimeout  300

<VirtualHost _default_:443>
  DocumentRoot "/usr/local/www/roundcube"
  ServerName www.covisp.net:443
  ServerAdmin ad...@covisp.net
  ErrorLog "/var/log/httpd-error.log"
  TransferLog "/var/log/httpd-access.log"
  SSLEngine on
  SSLCertificateFile "/usr/local/etc/apache24/ssl.pem"
  SSLCertificateKeyFile "/usr/local/etc/apache24/ssl.key"
  <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
  </FilesMatch>
  <Directory "/usr/local/www/apache24/cgi-bin">
    SSLOptions +StdEnvVars
  </Directory>
  CustomLog "/var/log/httpd-ssl_request.log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>    

 # apachectl -S shows at the end:
*:443                  is a NameVirtualHost
         default server www.covisp.net 
(/usr/local/etc/apache24/extra/httpd-vhosts.conf:32)
         port 443 namevhost www.covisp.net 
(/usr/local/etc/apache24/extra/httpd-vhosts.conf:32)
                 alias covisp.net
                 alias mail.covisp.net
                 alias webmail.covisp.net
         port 443 namevhost www.covisp.net 
(/usr/local/etc/apache24/extra/httpd-ssl.conf:83)

But I just get a failed to load error and I don't see anything helpful in the 
logs.

I tried removing the links in the apache24 folder and copying the .pem files 
(privkey.pem to ssl.key), but still get an unable to establish secure 
connection error.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to