Issue
I have bought Comodo PositiveSSL. Now I have certificate.key and zip-archive which is contains 4 files.
AddTrustExternalCARoot.crt,
COMODORSADomainValidationSecureServerCA.crt,
COMODORSAAddTrustCA.crt,
my_domain_ru.crt
Firstly I`ve read that I have to join this files into one mySite.ca-build.
cat my_site_ru.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > mySite.ca-bundle
Secondly I saved there files into /usr/local/ssl/my_site/.
then I go to
/etc/httpd/conf.d/my_site_ru.conf
and added this
SSLEngine On
SSLCertificateFile /usr/local/ssl/my_site/my_site_ru.crt
SSLCertificateKeyFile /usr/local/ssl/my_site/certificate.key
SSLCertificateChainFile /usr/local/ssl/my_site/mySite.ca-bundle
but after
systemctl restart httpd
i got an error
Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please.
if I try to open my site with https://my_domain.ru I see next
Connection is not secure
Solution
You have a turned on SSL configuration on port 80, where are expected non-ssl config.
You have to have two apache configs: one for port 80, where you will have no SSL directives and another one for port 443, where you will have SSL turned on.
Simple example:
<VirtualHost IP_Address:80>
...Some configurations here...
</VirtualHost>
<VirtualHost IP_Address:443>
SSLEngine On
SSLCertificateFile /usr/local/ssl/my_site/my_site_ru.crt
SSLCertificateKeyFile /usr/local/ssl/my_site/certificate.key
SSLCertificateChainFile /usr/local/ssl/my_site/mySite.ca-bundle
... another configuration, such as ServerName, DocumentRoot, etc. ...
</VirtualHost>
Answered By - Jan Marek Answer Checked By - Gilberto Lyons (WPSolving Admin)
