Need help with my SSL config please

I followed the instructions here: … ertificate">

When I submitted the CSR to RapidSSL, it told me to go back and get a 2048 request. I figured out how to do that and resubmitted the request and got my private cert (I chose sha-2).

Here is my ports.conf:

[color]# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost *:80
Listen 80

 <ifmodule mod_ssl.c=""># If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <virtualhost *:443=""># Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443</virtualhost></ifmodule> 

 <ifmodule mod_gnutls.c="">Listen 443</ifmodule> [/color]


My virtual host file

[color] <virtualhost *:80=""># Admin email, Server Name (domain name), and any aliases

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.php
  DocumentRoot /home/rick/public/

  # Log file locations
  LogLevel warn
  ErrorLog  /home/rick/public/
  CustomLog /home/rick/public/ combined</virtualhost> 

 <virtualhost"">SSLEngine On
     SSLProtocol all
     SSLCertificateFile /etc/apache2/ssl/
     SSLCertificateKeyFile /etc/apache2/ssl/
     SSLCACertificateFile /etc/apache2/ssl/intermediate.cer

     DocumentRoot /home/rick/public/
     ErrorLog  /home/rick/public/
     CustomLog /home/rick/public/ combined</virtualhost> [/color]

Apache does not throw errors when I reload the service, yet I am unable to make a secure connection with a browser. Do you think I need to add something to Apache because of the 2048 cert or the SHA-2 hash? I am at a dead end.

7 Replies

Working fine here. Perhaps you're using instead of 2 different domains, and your SSL certificate is only valid for the non-www one.

That is so odd. I am entering in Safari, Chrome, and Firefox in incognito mode and without, and each time I get an SSL connection error. And it’s working for you? Even now? … Results=on">

Gives good idea of what your SSL and config look like.

Using an SSL without www is a bit confusing for some. Normally if you get the www with the domain you can use both with the same cert. You can then redirect access from to for more straightforward analytics.

I'm not getting any errors in Firefox 24 ESR. It would help if you posted the precise error message you're getting from your browsers.

Using 2048 bit RSA is fine, but SHA-2 is a little unusual and may pose a problem with really old browsers. But that's probably not the issue here, if it's not even working for you in Chrome.

Thanks, AGWA. I have isolated it to a problem with my home net through Comcast. I can take my laptop and phone to other networks, and everything works as expected. Now I’m trying to figure out what change Comcast has made to their network that is causing me this trouble.

This just sounds like a DNS issue. Comcast has there own DNS that is used as default for all customers. You are essentially switching to a different DNS whenever you move to a new Wifi with your laptop, or access the site over your phone's network. Switching to Google's DNS or OpenDNS at home might also help avoid future issues like this. In my experience, a public DNS like Google's will always propagate changes across the web faster than an ISP's private one.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct