Installing GoDaddy SSL - error during restarting Apache

Hi Craig, hi guys,

I knew that one day I will have to face SSL installation.

I have one old GoDaddy standard certificate which I thought I use to practice. It was assigned to a different domain name but it was pretty easy to rekey it. At first, I had to get CRS (Certificate Signing Request).

To generate CRS & privet key I logged in via SSH with my sudo account and run from my home directory the following command:

openssl req -newkey rsa:2048 -nodes -keyout mydomainename.uk.key -out mydomainname.uk.csr

At this point, I was prompted for several lines to info that will be included in my certf.

To print the contents of the CSR use the following command:

cat yourdomainename.uk.csr

This all was easy.

Then I rekey my old GoDaddy certificate which was validated. I downloaded it and stored my intermediate certificate gd_bundle.ctr & primary certificate xzy.ctr in the home directory where my key files are stored. This also was pretty easy.

Finally, I tried to change some entries in /etc/apache2/sites-available/000-default.conf running the following command

sudo nano /etc/apache2/sites-available/000-default.conf

I changed <VirtualHost *:80> so it is <VirtualHost *:443> and added the following

ServerName mydomainname.uk
SSLEngine on
SSLCertificateFile /home/pawel/mydomainname.uk.crt
SSLCertificateKeyFile /home/pawel/mydomainname.uk.key
SSLCACertificateFile /home/pawel/gd_bundle-g2-g1.crt

Closed & saved it and enabled the Apache SSL module running the following command:

sudo a2enmod ssl

Finally, tried to restart Apache but… ZONK! :see_no_evil::frowning_face::weary:

The following error message was shown.


I followed these 2 articles:

How To Install an SSL Certificate from a Commercial Certificate Authority

Just to be clear I modified 000-default.conf file in this directory etc/apache2/sites-available

I didn’t touch apache.conf file from /etc/apache2/ directory as GoDaddy instruct.

Manually install an SSL certificate on my Apache server (Ubuntu)

My environment: M2.3.1, DigitalOcean, Ubuntu 16.04, Can’t tell what Apache version I’m using. I tied this command httpd -v but it throws an error at me that the command doesn’t exist.

I know that it requires time to digest the issue but if you Craig or anyone can help it would be great.

Thank you.

Regards,
Pawel

I’ll be honest, I’m the wrong person to ask when it comes to messing with SSL Certificates. I always buy 3+ year certificates because it takes me so long to install. It’s one of those tasks that I do so rarely that I have to reread the supplier instructions 10 times before I’m get it :slight_smile:

If no one else jumps in, you might want to try over at https://serverfault.com/

Hi Craig,

Thank you.

I’ll try do more reading hopefully I’ll work it out.

Pawel

By the way, if you run this when Apache won’t start, it’ll actually give you some decent information why it won’t start:

sudo systemctl status apache2.service

It might give you a hint that a certain line number is wrong in a configuration file. Great way to find leads.

The same applies when using the below command. It’ll give you verbose feedback:

sudo systemctl restart apache2.service

Where as the standard line doesn’t actually provide any feedback:

sudo service apache2 restart

Note

This can be used for any service such as apache2, mysqld, fhp-fpm, etc… And supports commands such as status, start, stop, restart.

1 Like

Hi,

Thank you very much.
I’ll play with it and hopefully, install it by myself.

Instruction on digitalocesn is quite clear to follow but something somewhere is not correct.

Pawel

Hi Craig,

I’ve installed it. It was actually pretty easy.
It was my fault. I named my path wrongly. It was /path/ToMyCertificate/blablabla .csr rather than /path/ToMyCertificate/blablabla .crt

Thanks for the command sudo systemctl status apache2.service. I would have no clue what is wrong without it.

Regards,
Pawel

1 Like