Adding SSL to Apache Server

Question

We got our SSL certificate today, I'm trying to add the SSL certificate to the domain so that we can access the website through https however I'm running into problems.

We have an apache server running on windows.

The configuration works perfectly for port 80 however when I add port 443 to the config everything stops working.

The error I get when starting apache is

The requested operation has failed.

I have added the following line

Listen 443

below the line:

Listen 80

I have added the following VirtualHost config

<VirtualHost _default_:443>

    DocumentRoot "c:/path/to/website"

    ServerName example.com
    ServerAlias example.com www.example.com

    SSLEngine on

    SSLCertificateFile "c:/path/to/cert/cert.crt"

    SSLCertificateKeyFile "c:/path/to/cert/key.key"

    SSLCACertificateFile "c:/path/to/cert/bundle.ca-bundle"

</VirtualHost>

However whenever I start the apache server after adding this, it doesn't start and I get an error.

I have commented out pieces of code and have narrowed the issue down to the Listen 443 line. Is there something I am not taking into consideration when adding this?

These are the last 3 lines in the error.log

[Thu Jun 08 18:15:31.909142 2017] [mpm_winnt:notice] [pid 66428:tid 712] AH00422: Parent: Received shutdown signal -- Shutting down the server.
[Thu Jun 08 18:15:47.209776 2017] [mpm_winnt:notice] [pid 67332:tid 620] AH00364: Child: All worker threads have exited.
[Thu Jun 08 18:15:48.067933 2017] [mpm_winnt:notice] [pid 66428:tid 712] AH00430: Parent: Child process exited successfully.

Edit

This is the response from running httpd.exe -e debug

(OS 10013)An attempt was made to access a socket in a way forbidden by its access permissions.  : AH00072: make_sock: could not bind to address [::]:443
(OS 10013)An attempt was made to access a socket in a way forbidden by its access permissions.  : AH00072: make_sock: could not bind to address 0.0.0.0:443
AH00451: no listening sockets available, shutting down
AH00015: Unable to open logs

Answer 1

I don't know how your httpd.conf file looks like, maybe you deleted/changed accidentaly some value.

The very first thing you need to do is to restore your httpd.conf file and start the service without the SSL configuration. Once it works you can proceed with this steps:

In a new file separate all your SSL settings, maybe a new file called httpd-ssl.conf is a good name.

After that, at the end of your main httpd.conf add this lines to include the new file:

# Secure (SSL/TLS) connections
Include conf/httpd-ssl.conf

This as good practice to avoid changing/deleting accidentally something in the main config and limitate the source of possible errors, you'll know any error will be related to the new file included.

Your new conf/httpd-ssl.conf should look something like this (standard setup):

# HTTPS port
Listen 443

<VirtualHost _default_:443>

#   General setup for the virtual host
DocumentRoot "C:/your_httpd_path/htdocs"
ServerName www.example.com:443
ServerAdmin admin@example.com
ErrorLog "C:/your_httpd_path/logs/error.log"
TransferLog "C:/your_httpd_path/logs/access.log"

#   SSL Engine Switch:
SSLEngine on

#   Server Certificates:

SSLCertificateFile "c:/path/to/cert/cert.crt"
SSLCertificateKeyFile "c:/path/to/cert/key.key"
SSLCACertificateFile "c:/path/to/cert/bundle.ca-bundle"

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>

<Directory "C:/your_httpd_path/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

CustomLog "C:/your_httpd_path/logs/ssl_request.log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>  

Have you tried using httpd.exe -e debug? maybe we can find something useful in this mode.

UPDATE: Aha! you got an error! It could be a duplicated line somewhere with 443.

Could you check your files in notepad++ and search all the coincidences that match "443"? probably you already had 443 configured and you tried adding it again? You only need to have one line with:

Listen 443

Or maybe already running in that port? Check with:

netstat -na | findstr "443"

If you have something like:

TCP    [::]:443               [::]:0                 LISTENING

Then something else is running on your 443 port. Anyway, you can change your httpd conf and set any other port like 4443 ie or kill the process which is taking 443 now.