How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask Tim Your Own Question
Tim
Tim, Sr. Engineer
Category: Software
Satisfied Customers: 891
Experience:  Sr. Systems and Network Engineer
75378780
Type Your Software Question Here...
Tim is online now
A new question is answered every 9 seconds

I need to get an SSL certificate working on my Ubuntu 14.04

This answer was rated:

I need to get an SSL certificate working on my Ubuntu 14.04 computer
JA: Just to clarify, what's the make and model of your machine, and what operating system are you running?
Customer: It is an Azure virtual machine and OS is Ubuntu 14.04
JA: Have you installed any updates recently?
Customer: No
JA: Anything else you want the computer expert to know before I connect you?
Customer: So how much does this cost. I've never used this service, and is this a phone session or screen sharing?
Customer: replied 9 months ago.
Posted by JustAnswer at customer's request) Hello. I would like to request the following Expert Service(s) from you: Secure Remote Assistance. Let me know if you need more information, or send me the service offer(s) so we can proceed.

Hello,

My name is David.

First, are you trying to install a web server certificate, such as for Apache?

Thanks,

David.

Customer: replied 9 months ago.
Hi David. Yes, it is for Apache version 2.4.7 on Ubuntu 14.04
Customer: replied 9 months ago.
I got my SSL certificate on GoDaddy and copied it to the server and modified the appropriate config files. Now I am trying to get it to run and it doesn't show https in the address bar. I'm sure I just have the config files wrong.

Ok thanks. Sounds like you have installed the SSL certificate correctly. Did you test SSL by connecting via IP address or FQDN?

Customer: replied 9 months ago.
Well I'm not 100% sure I installed it correctly. I tried typing in the FQDN and it doesn't redirect to https. Maybe I have the redirect wrong or the config files in the sites-enabled directory wrong. I can give you access to the server so you can look at it. That's probably the easiest.
Customer: replied 9 months ago.
I attached a screen shot of the conf file for you.

Ok so just to clarify, if you use the FQDN with https it does connect correctly?

Customer: replied 9 months ago.
Sorry, I was not clear. No it doesn't connect through https. The browser connects to it through http, but when I use https it just hangs and does nothing.

Ok thanks. I am reviewing the configuration file now.

Ok so first,note that the issue could be related to permissions on the ssl directories. But before checking that, I noticed that the closing </VirtualHost> is missing.

So first change the <VirtualHost _default_:443> in the config file to <VirtualHost *:443> and add </VirtualHost> after to close the statement, and then reload the service and try connecting directly to https. If that works then add the following to the top of the configuration for the redirect:

<VirtualHost *:80>

ServerName omagelabs.net

Redirect permanent / https://omagelabs.net/

</VirtualHost>

Customer: replied 9 months ago.
OK, I'll try that now...

Ok - I am standing by.

Customer: replied 9 months ago.
the reason the closing </VirtualHost> tag was missing was because the screen shot didn't go all the way to the bottom of the file. I tried changing <VirtualHost _default_:443> in the config file to <VirtualHost *:443> and restarted apache but it still hangs when using https. Attached is the whole config file; maybe this will show something different.

Ok thanks. I am reviewing the config file now.

Customer: replied 9 months ago.
Here are the permissions on the ssl folder:

Ok thanks. Still reviewing the config file.

Hello,

Just a thought - is port 443 open on the firewall?

Customer: replied 9 months ago.
Hmmm, good point. let me check.

Also, after making the configuration change, make sure to run the following command:

service apache2 restart

so that the service reads the new configuration.

Customer: replied 9 months ago.
I checked the inbound rules and port 443 WAS NOT OPEN. I opened it and now it works!! Wow, I thought it was open already, but that was a stupid assumption.

Excellent!

So does port 80 redirect now work as well?

Customer: replied 9 months ago.
now one more thing -- I need to add that http -> https redirect you gave me to the config file to see if that works -- hold on one sec...

Ok

Customer: replied 9 months ago.
I added that redirect you sent me to the top of the file (not the very top, just under the first line) and restarted apache but it does not work. here is the new config file (screen shot of the top part of the file). When I go to the http:// it does not redirect but the https still works. Did I add the new directives incorrectly?

Reviewing the new configuration now.

Move the <IfModule mod_ssl.c> below the port 80 section rather than at the top of the config file so that it is directly above the port 443 section like the following:

<IfModule mod_ssl.c>
<VirtualHost *:443>

Leave the </IfModule> at the end of the config file like the following:

</VirtualHost>
</IfModule>

Note that you should still indent the <VirtualHost *:443> and </VirtualHost>.

Then restart the service and test again.

Customer: replied 9 months ago.
OK, I did that and restarted apache but it doesn't redirect. Attached is the new config file; maybe there is something still wrong.

Ok, I am reviewing it now.

Customer: replied 9 months ago.
Sorry this is taking so long...I appreciate your patience.

No worries :)

Please post the ports.conf file as well.

Thanks.

Customer: replied 9 months ago.
OK sure, here it is...

Ok thanks. Reviewing now.

Ok so in the ports.conf file replace <IfModule ssl_module> with <IfModule mod_ssl.c>, then save the file changes and restart the service and test.

Also, I will have to step away from the computer in a few minutes.

Customer: replied 9 months ago.
OK, I'm trying it now....

Ok - standing by.

Customer: replied 9 months ago.
I made the change, restarted the service, and still it does not redirect. Let's call it a day, and maybe continue tomorrow? I don't know how this works, I've never used JustAnswer. Whatever you want -- I feel that at least we made some good progress.

Sounds good. I am in the PST time zone and available off and on throughout the day. I will also check the configurations later and see if I notice something else that may provide the solution.

Thanks,

David.

Customer: replied 9 months ago.
Thanks very much, I'm also Pacific Time, and we'll connect tomorrow. Have a good night...

You have a good night as well and we'll reconvene tomorrow.

Customer: replied 9 months ago.
Hi David, I just remembered that there is another conf file named /etc/apache2/sites-available/api.omagelabs.net.conf
This file is attached. I enabled this site using the command "a2ensite api.omagelabs.net.conf" . I wonder if this conf file is conflicting in some way with the conf file we looked at yesterday.
Customer: replied 9 months ago.
Please see previous post. I just want to get the server to redirect everything from http to https. That's where we ended up last night, so as soon as this is done, we're good.

Hello,

I'm back and now reviewing the file you just posted.

Ok so the NameVirtualHost *:80 and NameVirtualHost *:443 directives should be in the ports.conf file since you have more than one site on the same IP. I have attached a modified ports.conf file for you to try. Change the name of the file to ports.conf and then replace the current ports.conf file with the new one, restart the Apache2 service and then test and let me know the result.

Hello,

Just checking to find out if you have had a chance to download and test the modified ports.conf file.

Thanks,

David.

Customer: replied 9 months ago.
Hi David, sorry, I was swamped yesterday. I installed the new ports.conf you sent and restarted Apache, then got the warning "AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/ports.conf:4. So this particular fix did not work. What other steps can we take? There are a lot of solutions out there such as on http://serverfault.com/questions/420272/apache-redirect-from-http-to-https-not-working
but I prefer not to use mod_rewrite or any kind of redirect since that supposedly is not efficient.

Hello,

I believe we are overlooking something simple. Could you grab all the configuration files and post them in a .zip along with a document that provides the path to each file? I would like to look at the configuration as a whole since that may reveal what is being overlooked.

Thanks,

David.

Customer: replied 9 months ago.
OK, sure. I will post as many config files as I can think of. Will do that this evening. Thanks.
Customer: replied 9 months ago.
Hi David, attached is everything in /etc/apache2 which I think includes all the main conf files. Since the JustAnswer website requires that I zip everything, I had to zip the tar.gz file. So unzip it first, then do tar -zxvf slash-etc-slash-apache2.tar.gz
Let me know what else you need, and thanks again for your help. Sorry this is such a bear.
Hello,My apologies for the delay. I am reviewing the files now.Thanks,David
Customer: replied 9 months ago.
OK, thanks for letting me know. This is a virtual machine in the Azure cloud. I don't think that makes a difference since I was told that it should behave like a normal Ubuntu server, but just thought you should know.
Customer: replied 9 months ago.
Hi David, any final thoughts on how to get this server to always redirect http to https? If you don't see anything obvious from the files I sent you, just let me know. Thanks.
Hello - I had to take a family member to the hospital - sorry for the delay. I will look over the files tonight and let you know if I find a potential solution. Thanks
Customer: replied 9 months ago.
OK, thank you.

Hello,

I am running out of ideas - the last configuration should have worked. If I think of something else I will post it here for you, however for now I am going to open up this question to other experts that may be able to pinpoint the issue and solution.

Thanks,

David.

Customer: replied 9 months ago.
OK, thanks. You need to be paid for what you've done so far, so I'm going to figure out how to do that. I think I just rate your service and that releases the money, but not sure.

You are correct.

Tim, Sr. Engineer
Category: Software
Satisfied Customers: 891
Experience: Sr. Systems and Network Engineer
Tim and other Software Specialists are ready to help you
Customer: replied 9 months ago.
I rated the first person (David), so why I am receiving emails from you?