Apache SSL: server cert does not include ID which matches server name
I'm trying to setup ssl on my apache2 webserver but it seems that it doesn't work any more
I have followed a tutorial to create cert files with openssl and configured the /etc/apache2/sites-available/default-ssl.conf properly.
When i try to open my website with https my browser refuses to connect due to security issues It says that i haven't properly configured my site
In my /var/log/apache2/error.log I'm getting warnings, which say that my server certificate does not include an ID which matches the server name.
[Mon Apr 10 11:03:24.041813 2017] [mpm_prefork:notice] [pid 1222] AH00169: caught SIGTERM, shutting down
[Mon Apr 10 11:03:30.566578 2017] [ssl:warn] [pid 661] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 10 11:03:31.579088 2017] [ssl:warn] [pid 1194] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 10 11:03:31.592958 2017] [mpm_prefork:notice] [pid 1194] AH00163: Apache/2.4.25 (Raspbian) OpenSSL/1.0.2k configured -- resuming normal operations
[Mon Apr 10 11:03:31.593136 2017] [core:notice] [pid 1194] AH00094: Command line: '/usr/sbin/apache2'
Do you have any ideas on how to solve this? Thanks in regard!
Okay i noticed that this post is viewed quite frequently recently and so it seems that a lot of people are experiencing the same issue as i did If so then this might help you.
I have followed a simple step-by-step tutorial to create a ssl certificate for my webserver The result of the tutorial i followed was a self-signed certificate using openssl Yep self-signed , that was the problem. The browser could not trust the server because it has a certificate signed by itself Well I wouldn't do either...
A certificate has to be signed by an external trustworthy certificate authority (CA). So I stumbled upon Let's Encrypt which does all the work for you and is even easier to set up and the best is: it is absolutely free.
Installation
1) Delete your old ssl cert files which you have created by using OpenSSL
2) Open backports to get certbot client on Debian. You should know that this will open a hole for unfinished software! Install only the packages when you are aware about what you are doing.
echo 'deb http://ftp.debian.org/debian jessie-backports main' | sudo tee /etc/apt/sources.list.d/backports.list
3) Update your linux system
sudo apt-get update
4) Install certbot
sudo apt-get install python-certbot-apache -t jessie-backports
5) Set up apache ServerName and ServerAlias
sudo nano /etc/apache2/sites-available/000-default.conf
6) Edit apache config file
<VirtualHost *:80>
. . .
ServerName example.com
ServerAlias www.example.com
. . .
</VirtualHost>
7) Check for a correct syntax
sudo apache2ctl configtest
8) If the config file looks fine, restart apache server
sudo systemctl restart apache2
9) Set up a certificate using certbot and follow the instruction on screen.
sudo certbot --apache
Renewal
All certificates by Let's Encrypt are valid through 3 months. To renew the you can manually run
sudo certbot renew
Or automate this service as a cron job
sudo crontab -e
and enter the following row to invoke a renewal every Monday at 2:30 am.
. . .
30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log
You can follow a more detailled tutorial here: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-debian-8