Ok, estou tentando consertar isso há uma semana, mas não consigo encontrar nada que seja semelhante à minha situação para corrigir. Estou em uma instalação limpa do Ubuntu 14.04 LTS, e configurei tudo no servidor, mas por algum motivo o Apache não está atendendo a solicitações HTTPS.
Mais informações:
A execução de netstat -tulpn | grep apache mostra o seguinte:
tcp6 0 0 :::80 :::* LISTEN 3680/apache2
tcp6 0 0 :::443 :::* LISTEN 3680/apache2
Então, é definitivamente ouvir na porta correta. A execução de openssl s_client -connect <servername>:443 -showcerts mostra que não está atendendo a solicitações HTTPS:
CONNECTED(00000003)
140318680839840:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
Aqui está o meu vhost.conf:
<VirtualHost *:443>
ServerAdmin nathan@<servername>.co.uk
ServerName <servername>.co.uk
ServerAlias www.<servername>.co.uk
# FPM config
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/<servername>.co.uk/
DirectoryIndex /index.php
# TLS
SSLEngine on
SSLCertificateFile /etc/ssl/private/ssl-chain-mail-<servername>.co.uk.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-key-decrypted-mail-<servername>.co.uk.key
DocumentRoot /var/www/<servername>.co.uk
<Directory /var/www/<servername>.co.uk>
DirectoryIndex index.php
AllowOverride ALL
Options All -Indexes
Require all granted
Require ssl
# Rewrite
RewriteBase /
</Directory>
ErrorLog ${APACHE_LOG_DIR}/custom_error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Este é o conteúdo do meu error.log, então ele diz que está executando o openssl:
[Sat Feb 07 11:08:17.762312 2015] [mpm_event:notice] [pid 3680:tid 139763219974016] AH00491: caught SIGTERM, shutting down
[Sat Feb 07 11:08:18.843199 2015] [mpm_event:notice] [pid 4671:tid 140013857027968] AH00489: Apache/2.4.10 (Ubuntu) mod_gnutls/0.5.10 OpenSSL/1.0.1f configured -- resuming normal operations
[Sat Feb 07 11:08:18.843274 2015] [core:notice] [pid 4671:tid 140013857027968] AH00094: Command line: '/usr/sbin/apache2'
E eu definitivamente tenho o módulo SSL ativado: ls -l /etc/apache2/mods-available :
lrwxrwxrwx 1 root root 36 Jan 29 09:59 access_compat.load -> ../mods-available/access_compat.load
lrwxrwxrwx 1 root root 28 Jan 29 09:59 alias.conf -> ../mods-available/alias.conf
lrwxrwxrwx 1 root root 28 Jan 29 09:59 alias.load -> ../mods-available/alias.load
lrwxrwxrwx 1 root root 33 Jan 29 09:59 auth_basic.load -> ../mods-available/auth_basic.load
lrwxrwxrwx 1 root root 33 Jan 29 09:59 authn_core.load -> ../mods-available/authn_core.load
lrwxrwxrwx 1 root root 33 Jan 29 09:59 authn_file.load -> ../mods-available/authn_file.load
lrwxrwxrwx 1 root root 33 Jan 29 09:59 authz_core.load -> ../mods-available/authz_core.load
lrwxrwxrwx 1 root root 33 Jan 29 09:59 authz_host.load -> ../mods-available/authz_host.load
lrwxrwxrwx 1 root root 33 Jan 29 09:59 authz_user.load -> ../mods-available/authz_user.load
lrwxrwxrwx 1 root root 32 Jan 29 09:59 autoindex.conf -> ../mods-available/autoindex.conf
lrwxrwxrwx 1 root root 32 Jan 29 09:59 autoindex.load -> ../mods-available/autoindex.load
lrwxrwxrwx 1 root root 30 Jan 29 09:59 deflate.conf -> ../mods-available/deflate.conf
lrwxrwxrwx 1 root root 30 Jan 29 09:59 deflate.load -> ../mods-available/deflate.load
lrwxrwxrwx 1 root root 26 Jan 29 09:59 dir.conf -> ../mods-available/dir.conf
lrwxrwxrwx 1 root root 26 Jan 29 09:59 dir.load -> ../mods-available/dir.load
lrwxrwxrwx 1 root root 26 Jan 29 09:59 env.load -> ../mods-available/env.load
lrwxrwxrwx 1 root root 29 Jan 29 09:59 filter.load -> ../mods-available/filter.load
lrwxrwxrwx 1 root root 29 Jan 31 12:19 gnutls.conf -> ../mods-available/gnutls.conf
lrwxrwxrwx 1 root root 29 Jan 31 12:19 gnutls.load -> ../mods-available/gnutls.load
lrwxrwxrwx 1 root root 27 Jan 29 09:59 mime.conf -> ../mods-available/mime.conf
lrwxrwxrwx 1 root root 27 Jan 29 09:59 mime.load -> ../mods-available/mime.load
lrwxrwxrwx 1 root root 32 Jan 29 09:59 mpm_event.conf -> ../mods-available/mpm_event.conf
lrwxrwxrwx 1 root root 32 Jan 29 09:59 mpm_event.load -> ../mods-available/mpm_event.load
lrwxrwxrwx 1 root root 34 Jan 29 09:59 negotiation.conf -> ../mods-available/negotiation.conf
lrwxrwxrwx 1 root root 34 Jan 29 09:59 negotiation.load -> ../mods-available/negotiation.load
lrwxrwxrwx 1 root root 28 Jan 29 10:28 proxy.conf -> ../mods-available/proxy.conf
lrwxrwxrwx 1 root root 33 Jan 29 10:28 proxy_fcgi.load -> ../mods-available/proxy_fcgi.load
lrwxrwxrwx 1 root root 28 Jan 29 10:28 proxy.load -> ../mods-available/proxy.load
lrwxrwxrwx 1 root root 30 Jan 29 10:21 rewrite.load -> ../mods-available/rewrite.load
lrwxrwxrwx 1 root root 31 Jan 29 09:59 setenvif.conf -> ../mods-available/setenvif.conf
lrwxrwxrwx 1 root root 31 Jan 29 09:59 setenvif.load -> ../mods-available/setenvif.load
lrwxrwxrwx 1 root root 36 Jan 30 16:48 socache_shmcb.load -> ../mods-available/socache_shmcb.load
lrwxrwxrwx 1 root root 26 Jan 30 16:48 ssl.conf -> ../mods-available/ssl.conf
lrwxrwxrwx 1 root root 26 Jan 30 16:48 ssl.load -> ../mods-available/ssl.load
lrwxrwxrwx 1 root root 29 Jan 29 09:59 status.conf -> ../mods-available/status.conf
lrwxrwxrwx 1 root root 29 Jan 29 09:59 status.load -> ../mods-available/status.load
lrwxrwxrwx 1 root root 34 Feb 7 10:41 vhost_alias.load -> ../mods-available/vhost_alias.load
Agora, a navegação para https://<servername>.co.uk falha com ssl_error_rx_record_too_long no Firefox, mas vai para http://<servername>.co.uk:443 works (mas obviamente não com TLS). Não há erros em nenhum dos arquivos de log, o vhost definitivamente está sendo carregado, mas por algum motivo o Apache está apenas se recusando a servir o HTTPS para os clientes. Estou faltando um módulo ou algo na minha configuração?
Desculpas pelo imenso despejo de dados, mas eu só queria fornecer o máximo de informações úteis possível!