Hello everyone. Some time roughly around October 2013 SSL just suddenly stopped working in Apache. I hadn't made a significant effort to resolve the problem until now because I had just started a University course and was directing most of my attention into that. I assumed that whatever the problem was, if I couldn't find a solution with a few quick internet searches then it was probably going to require more of my time than I had to spare whilst doing my course. Well now I've more-or-less finished the year and now I want to get the the bottom of the problem.
Unfortunately, with the long wait between this problem surfacing and now, the exact details are a bit hazy. I now realise that I've confused two separate problems that probably arose independently and I now have no idea about when the remaining problem began. I think I must have fixed the first problem that can be solved by tweaking httpd.conf because that one prevented Apache from starting at all. This second problem, however, allows apache to start, but when it is running connections via SSL/TLS fail. Opera doesn't give any useful information about the failure, but Firefox a least has this to say
I've put various parts of that message into google and it seems that it is usually caused my a misconfiguration of a network somewhere between the client and the server. This seemed like a plausible cause of the error for a short time, because much had changed in the intervening months. I changed my domain's Registrar of Record, upgraded the hosts OS from OpenSuse 12.3 to 13.1, my ISP and consequently the router through which I access the internet. None of those changes are related to my current problem as far as I know), but there's plenty of areas where I could do something wrong and not notice it fo a while.
I very strongly suspect that it has nothing at all to do with any of those changes and is much more likely to be down to some misconfiguration I keep making in Apache. I say this because I installed Apache/MySQL/PHP on this computer and tried to configure Apache to accept SSL/TLS connections. I did this to avoid fouling up the configuration of the actual web host and so that there couldn't be any configuration tweaks that I'd tried an then forgotten about. Starting from a clean slate. Anyway, I installed Apache/MySQL/PHP from the web and LAMP server pattern in yast, made the necessary edit to httpd.conf and made a key and certificate and stuck 'em in /etc/apache2/ssl.key/ and /etc/apache2/ssl.crt/ respectively. Tried setting up a deffault virtual-host and indicated where the certificate and key were and then set apache running. Exactly the same as on the main host, it serves unencrypted URLs fine, but as soon as you shove https:// in front of that address, it all goes horribly wrong. The reason I so strongly suspect that it is a problem with my configuration is that this happens even on https://localhost/ So the request never even reaches the router for it to get fiddled with by the router or any other part of any other network. Both mahines are OpenSuse 13.1, but I'm fairly sure this started before I upgraded. I'm not used to all the extra configuration files involved with YaST. A little over a decade ago, I started out using Apache MySQL and so on by compiling them from source. I thought that if I learned about building them from source, that would give me a better understanding of how to fix problems that may arise when configuring them with tools like YaST. As it turned out, I was hopelessly wrong. I get hopelessly confused by all the various inclusions of the many configuration files. I also never bothered to read anything at all about vhosts because I only served the one site from the server. I was usually too busy manually resolving dependencies flagged up by configure and make, which is a strong incentive to stick with management via YaST and not to go back to compiling from source.
Anyway. what more do I need to post to make this more than just a vague description? I assume many of the Apache config files will be necessary, so I'll start editing copies of those to remove my domain name and IP addresses from them and then post them up soon, but is there anything else?
Unfortunately, with the long wait between this problem surfacing and now, the exact details are a bit hazy. I now realise that I've confused two separate problems that probably arose independently and I now have no idea about when the remaining problem began. I think I must have fixed the first problem that can be solved by tweaking httpd.conf because that one prevented Apache from starting at all. This second problem, however, allows apache to start, but when it is running connections via SSL/TLS fail. Opera doesn't give any useful information about the failure, but Firefox a least has this to say
Code:
Secure Connection Failed
An error occurred during a connection to localhost. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
I very strongly suspect that it has nothing at all to do with any of those changes and is much more likely to be down to some misconfiguration I keep making in Apache. I say this because I installed Apache/MySQL/PHP on this computer and tried to configure Apache to accept SSL/TLS connections. I did this to avoid fouling up the configuration of the actual web host and so that there couldn't be any configuration tweaks that I'd tried an then forgotten about. Starting from a clean slate. Anyway, I installed Apache/MySQL/PHP from the web and LAMP server pattern in yast, made the necessary edit to httpd.conf and made a key and certificate and stuck 'em in /etc/apache2/ssl.key/ and /etc/apache2/ssl.crt/ respectively. Tried setting up a deffault virtual-host and indicated where the certificate and key were and then set apache running. Exactly the same as on the main host, it serves unencrypted URLs fine, but as soon as you shove https:// in front of that address, it all goes horribly wrong. The reason I so strongly suspect that it is a problem with my configuration is that this happens even on https://localhost/ So the request never even reaches the router for it to get fiddled with by the router or any other part of any other network. Both mahines are OpenSuse 13.1, but I'm fairly sure this started before I upgraded. I'm not used to all the extra configuration files involved with YaST. A little over a decade ago, I started out using Apache MySQL and so on by compiling them from source. I thought that if I learned about building them from source, that would give me a better understanding of how to fix problems that may arise when configuring them with tools like YaST. As it turned out, I was hopelessly wrong. I get hopelessly confused by all the various inclusions of the many configuration files. I also never bothered to read anything at all about vhosts because I only served the one site from the server. I was usually too busy manually resolving dependencies flagged up by configure and make, which is a strong incentive to stick with management via YaST and not to go back to compiling from source.
Anyway. what more do I need to post to make this more than just a vague description? I assume many of the Apache config files will be necessary, so I'll start editing copies of those to remove my domain name and IP addresses from them and then post them up soon, but is there anything else?