Setting up a Godaddy SSL on CentOS?

Lakitu asked:

I’ve never set up an SSL on Linux before, but have a general idea of how it works. Server specs below if it helps:

Server: CentOS Linux 6
Workstation: Windows 7

So, I have 4 domains all of which share a single Magento installation and IP address. Assume one of my domains is “” I am trying to enable SSL just for this one domain for now, but I am running into errors. What am I doing wrong? Here’s my work flow:

  1. I purchased an SSL from Godaddy then generated the csr and key with the command given by them:

    openssl req -new -newkey rsa:2048 -nodes -keyout mywebsite1.key -out mywebsite1.csr

  2. I copy both the files to /etc/pki/tls/private

  3. I open then copy and paste the code to Godaddy.

  4. I generate the crt files and download them from Godaddy, upload to my server, and then move them to /etc/pki/tls/certs

  5. a. 1st try, I opened /etc/httpd/conf.d/ssl.conf and updated the
    default VirtualHost block’s SSLCertificate File, KeyFile, and ChainFile values to point to the correct locations.

    b. 2nd try, following I modified
    ssl.conf and added this directive:

    NameVirtualHost *:443

    c. Then I removed the entire default VirtualHost block (which was
    quite lengthy).

    Last attempt, I added the following to the modified ssl.conf from

<VirtualHost *:443>

    SSLEngine on

    SSLCertificateFile /etc/pki/tls/certs/
    SSLCertificateKeyFile /etc/pki/tls/private/mywebsite1.key
    SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt
    DocumentRoot /var/www/html

6.. I restart Apache

7.. I then go to only to find errors that prevent me from viewing the site in various browsers.

Browser: Firefox

SSL received a record with an unknown content type.

(Error code: ssl_error_rx_unknown_record_type)

Browser: Chrome

Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

Browser: IE …takes me to Google…


NameVirtualHost 12.34.567.89

<VirtualHost 12.34.567.89>
    DocumentRoot  /var/www/html

<VirtualHost 12.34.567.89>
    DocumentRoot  /var/www/html

<VirtualHost 12.34.567.89>
    DocumentRoot  /var/www/html

<VirtualHost 12.34.567.90:80>
    DocumentRoot /var/www/html


  1. I’ve read that you must enable ssl with a command called “a2enmod ssl” but that command does not exist for my server.
  2. There are no ssl error logs in /etc/httpd/logs.
  3. As per Godaddy, I was instructed to name the key “mywebsite1” without the extension. However, they give me a crt with the extension, which is odd.
  4. This is only development phase and this change will need to be quickly reproduced with a new SSL and different domains once we launch the production server.

I’ve tried all of the steps 3 times (see 5a-5c), but still no luck in getting the SSL to work for 1 of my domains. How can I get SSL to work?

UPDATE: apachectl -S

12.34.567.90:80 (/etc/httpd/conf/httpd.conf:1021)
12.34.567.89:* is a NameVirtualHost
default server (/etc/httpd/conf/httpd.conf:1016)
port * namevhost (/etc/httpd/conf/httpd.conf:1016)
port * namevhost (/etc/httpd/conf/httpd.conf:1026)
port * namevhost (/etc/httpd/conf/httpd.conf:1031)
port * namevhost (/etc/httpd/conf/httpd.conf:1036)
wildcard NameVirtualHosts and _default_ servers:
*:443 is a NameVirtualHost
default server (/etc/httpd/conf.d/ssl.conf:77)
port 443 namevhost (/etc/httpd/conf.d/ssl.conf:77)
Syntax OK

UPDATE: Got it working..but..

I managed to get the SSL running by changing the vhost to just point to mywebsite1 instead of *:443

    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/
    SSLCertificateKeyFile /etc/pki/tls/private/mywebsite1.key
    #SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt
    DocumentRoot /var/www/html
    ErrorLog logs/ssl_error_log
    TransferLog logs/ssl_access_log
    LogLevel warn

This pulls up the SSL, however… the HTTP protocol returns a “Bad Request”

This change seems to be affecting the non-ssl viewing of the site. I can’t specify the port because restarting apache will give me an error that ports and non-ports can’t be mixed.


Fixed with the suggestion by Michael Hampton. Thanks guys.

My answer:

You have a bunch of <VirtualHost> entries that don’t have a port number defined. Thus, as your apachectl -S output showed, the definition is being applied to all listening ports. Define a port number for each of those <VirtualHost>s.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.