#StackBounty: #linux #amazon-web-services #apache #ssl How can we setup SSL/TLS using the same certificate on multiple EC2 servers

Bounty: 50

After some frustrations, I was able to get SSL/TLS set up, via these instructions . I did face some error about "Missing certificate key", but I was able to fix that via re-creating the CSR file, fixing the common name to : *.opensourceroads.com.

I requested, and installed, Comodo wildcard certificate.

Everything work on development subdomain.

Now, for the production server….

First, I copied the private keys and certificate files to home directory, and set the permissions of those HOME versions to 755. This allowed me to download them from the development server and upload them to the production server, which I did.

By the way, the production server host content for www.opensourceroads.com

After doing so, I installed mod_ssl per the instructions, moved the private and certs files down to the right place, and changed their permissions and ownership back, per the tutorial.

sudo chown root:root custom.key
sudo chmod 600 custom.key
ls -al custom.key
sudo chown root:root custom.crt
sudo chmod 600 custom.crt
ls -al custom.crt
sudo chown root:root intermediate.crt
sudo chmod 644 intermediate.crt
ls -al intermediate.crt

I then change the /etc/httpd/conf.d/ssl.conf to match what’s on the development server.

When I go to sudo service httpd restart, however, it doesn’t restart. When I journalctl -xe I see the following lines in the log:

-- Unit httpd-init.service has begun starting up.
Jul 27 17:30:04 ip-172-31-21-209.us-east-2.compute.internal httpd-ssl-gencerts[56816]: Missing certificate key!
Jul 27 17:30:04 ip-172-31-21-209.us-east-2.compute.internal systemd[1]: httpd-init.service: Main process exited, code=exited, status=1/FAILURE
Jul 27 17:30:04 ip-172-31-21-209.us-east-2.compute.internal systemd[1]: httpd-init.service: Failed with result 'exit-code'.
Jul 27 17:30:04 ip-172-31-21-209.us-east-2.compute.internal systemd[1]: Failed to start One-time temporary TLS key generation for httpd.service.
-- Subject: Unit httpd-init.service has failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit httpd-init.service has failed.
--
-- The result is failed.
Jul 27 17:30:04 ip-172-31-21-209.us-east-2.compute.internal systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit httpd.service has begun starting up.
Jul 27 17:30:04 ip-172-31-21-209.us-east-2.compute.internal systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Jul 27 17:30:04 ip-172-31-21-209.us-east-2.compute.internal systemd[1]: httpd.service: Failed with result 'exit-code'.
Jul 27 17:30:04 ip-172-31-21-209.us-east-2.compute.internal systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Jul 27 17:30:04 ip-172-31-21-209.us-east-2.compute.internal sudo[56802]: pam_unix(sudo:session): session closed for user root

Somehow, it can’t find the certificate key!! I re-check the key file specified by configuration line SSLCertificateKeyFile /etc/pki/tls/private/custom.key for existence: ls -al /etc/pki/tls/private/custom.key . It exists, with permission 600.

I don’t know what I’m doing wrong. Will I have to create different private key for this server, and/or re-request the certificate from the CA?


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.