Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 07-09-2005, 03:26 AM   #1
Registered: Dec 2001
Location: California, USA
Distribution: Ubuntu, Debian
Posts: 128

Rep: Reputation: 15
Apache2 and SSL problems

Hi all -

I'm trying to set up a new web server under Debian unstable, using Apache 2.0.54. There are no virtual hosts, only the single, default host. I need http: on port 80 and https: on port 443. Certificate and key files are set up and referenced correctly in /etc/apache2/mods-available/ssl.conf (and the symlink exists to this file in /etc/apache2/mods-enabled).

Right now, it's only speaking SSL on *both* ports 80 and 443.

If I try to access it on port 80 via plain http: ( *or*, I get:

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.


Apache/2.0.54 (Debian GNU/Linux) PHP/4.3.10-15 mod_ssl/2.0.54 OpenSSL/0.9.7g Server at Port 443

So, http: requests are getting routed to port 443, which is obviously speaking SSL (as it should - but why are http: requests getting sent there?).

If I try speaking SSL on port 80 ( - the request goes through and I get the box asking me if I want to accept the certificate (and if I do, it serves up the page). This also works correctly on port 443 (

Here are the config files:


Listen 80
DocumentRoot "/var/www/html/"
<Directory />
Options FollowSymLinks
AllowOverride None
AllowOverride Options FileInfo
<Directory "/var/www/html/">
Options Indexes FollowSymLinks MultiViews
# AllowOverride None
AllowOverride Options FileInfo
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
# RedirectMatch ^/$ /apache2-default/
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
<Directory "/var/www/cgi-bin/">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug
CustomLog /var/log/apache2/access.log combined
ServerSignature On

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from ::1/128

A variation of this file with most of the above in a
<VirtualHost *>...</VirtualHost> construct didn't work any better.

And /etc/apache2/mods-available/ssl.conf:

<IfModule mod_ssl.c>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/apache2/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/apache2/ssl_mutex
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

## SSL Host Context

DefaultType text/html
Listen 443

<VirtualHost _default_>
DocumentRoot "/var/www/html"

SSLEngine On

ErrorLog /var/log/apache2/ssl_error.log
TransferLog /var/log/apache2/ssl_access.log
SSLCertificateFile /etc/apache2/ssl/ssl.crt/xxxx.crt
SSLCertificateKeyFile /etc/apache2/ssl/ssl.key/xxxx.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars

ScriptAlias /cgi-bin/ /var/www/cgi-bin/
<Directory "/var/www/cgi-bin/">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
CustomLog /var/log/apache2/ssl_request.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps
DirectoryIndex index.php index.html

I've Googled this and found a few similar, but not the same, issues; several involve the older Apache 1.3.xx - there are significant differences in the config files.

I'm not finding anything useful in the log files which would give me an idea as to what's up.

I'm sure I'm missing something simple here. If anyone could clue me in, I'd appreciate the help.


Last edited by Malibyte; 07-09-2005 at 12:46 PM.
Old 07-09-2005, 05:14 PM   #2
Registered: Dec 2001
Location: California, USA
Distribution: Ubuntu, Debian
Posts: 128

Original Poster
Rep: Reputation: 15
Fixed. Why it didn't work last night has me scratching my head, but it
seems to be OK now.

>Subject: Re: SSL on port 80


>Very odd. When I had tried to add the ":443" to the virtual host
>construct last night, it kept on giving me syntax errors. Today it
>worked. Very strange. That was one to the first things I did, and it
>didn't work...but now it is. Hmmmm....I must have had something else
>out of whack as well. Anyway, thanks for getting me to try it again!


>On Sat, 9 Jul 2005, Robert N. Waybright wrote:

>> Bob,
>> I am no great Apache guru, but it looks like you may have defined
>> your default virtual host to be SSL (note the SSLEngine On). Mine
>> has a host section plus a _default_:443 section that looks like this:
>> <VirtualHost _default_:443>


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
apache2 - ssl : connection via ssl interrupted ldp Linux - Software 0 10-02-2005 10:07 AM
compiling apache2 with SSL devfreak Linux - Software 1 05-22-2005 12:18 PM
Apache2, SSL, HTTPS... KneeLess Debian 3 09-02-2004 10:44 PM
Where's a good Apache2 + SSL Howto groover Linux - Software 4 04-05-2004 08:04 PM
Apache2 + SSL for the first time ridertech Linux - Newbie 0 02-14-2004 04:36 AM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 09:13 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration