DevHeads.net

Setting up Apache 2.4 with Letsencrypt

I have dehydrate properly renewing certs from Let's Encrypt (which I am using successfully for mail authentication) and I ma trying to get them working for Apache 2.4, but no luck so far.

I created aliases in /usr/local/etc/apache24/ pointing to the files in /usr/local/etc/dehydrated/certs/domain.tld/fullchain.pem and privkey.pem

in httpd.conf I have:

LoadModule ssl_module libexec/apache24/mod_ssl.so

Include etc/apache24/extra/httpd-ssl.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

/etc/httpd/extra//httpd-ssl.conf:
Listen 443
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLPassPhraseDialog builtin
SSLSessionCache "dbm:/var/run/ssl_scache"
SSLSessionCacheTimeout 300

<VirtualHost _default_:443>
DocumentRoot "/usr/local/www/roundcube"
ServerName <a href="http://www.covisp.net:443" title="www.covisp.net:443">www.covisp.net:443</a>
ServerAdmin <a href="mailto: ... at covisp dot net"> ... at covisp dot net</a>
ErrorLog "/var/log/httpd-error.log"
TransferLog "/var/log/httpd-access.log"
SSLEngine on
SSLCertificateFile "/usr/local/etc/apache24/ssl.pem"
SSLCertificateKeyFile "/usr/local/etc/apache24/ssl.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/www/apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
CustomLog "/var/log/httpd-ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

# apachectl -S shows at the end:
*:443 is a NameVirtualHost
default server <a href="http://www.covisp.net" title="www.covisp.net">www.covisp.net</a> (/usr/local/etc/apache24/extra/httpd-vhosts.conf:32)
port 443 namevhost <a href="http://www.covisp.net" title="www.covisp.net">www.covisp.net</a> (/usr/local/etc/apache24/extra/httpd-vhosts.conf:32)
alias covisp.net
alias mail.covisp.net
alias webmail.covisp.net
port 443 namevhost <a href="http://www.covisp.net" title="www.covisp.net">www.covisp.net</a> (/usr/local/etc/apache24/extra/httpd-ssl.conf:83)

But I just get a failed to load error and I don't see anything helpful in the logs.

I tried removing the links in the apache24 folder and copying the .pem files (privkey.pem to ssl.key), but still get an unable to establish secure connection error.

Comments

Re: Setting up Apache 2.4 with Letsencrypt

By Marat Khalili at 02/13/2018 - 09:43

You did not post exact errors, but just in case the following works here:

Re: Setting up Apache 2.4 with Letsencrypt

By LuKreme at 02/13/2018 - 16:49

On 13 Feb 2018, at 06:43, Marat Khalili < ... at rqc dot ru> wrote:
I found nothing logged. All I get is the browser saying it couldn’t establish a secure connection. Nothing in /var/log/httpd-error.log

Thanks for the post, that got me most of the way there. I bypassed the httpd-ssl conf file entirely and just put this SSL enable and certificate paths directly into virtual host and it appears to be working.

Not sure what UserStapling requires, but enabling it cause apache to not startup, so I removed that line for now.