(Re-)configuring Apache SSL on Ubuntu server

Since my old server died there were many things waiting to happen. First of all the main ‘carrier’ for my project information was located on a webserver obviously hosted on the dead server. For security reasons it only serves HTTPS, so, guess what, I needed to setup it up again.
The very first thing I found that my SSL certificates were no longer valid as the key used to generate them was happily buried on (both) dead hard disks. Arrrgghhh. OK, luckily it takes only few mouse clicks on GoDaddy site to re-generate the certificates. You perform

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

on the server where the domain is to be hosted (in my case my smallish-greenish server) and copy/paste the content of the .csr file to the GoDaddy’s interface. Viola! You can download your certificates now and put them under e.g. the corresponding VirtualHost:

SSLEngine on
SSLCertificateFile /etc/apache2/certificates/watchitforme/watchitfor.me.crt
SSLCertificateKeyFile /etc/apache2/certificates/watchitforme/watchitfor.me.key
SSLCertificateChainFile /etc/apache2/certificates/watchitforme/gd_bundle.crt
ServerSignature Off

Good. Restart Apache using e.g.

sudo /etc/init.d/apache2 restart

…browse to your https://domain.tld and WTF-WTF-WTF…

Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

Watta… well, this is something new apparently, but you are also required to edit the Apache ports.conf file, and add

Listen 443
NameVirtualHost *:443

and then in your virtual host setup you need to say instead of

<VirtualHost domain.tld:443>


<VirtualHost *:443>

Restart Apache again and you get your pages nicely served through HTTPS. C’mon, why so much trouble each time?..

p.s. There are a lot of posts about Chrome, IE, etc settings, but check the root cause first!