Posted on

Godaddy SSL on Apache, Ubuntu 11.10

So I am setting up www.astoreforbeauty.com, www.winwinhost.com, and www.imagemodifier.com SSL certificates.
I purchased the SSL certificates from Godaddy.

Signing into my account, and clicking “launch” on the SSL certificate listed in the SSL management page, I see that the first step I need to do is generate the Certificate Signing Request (CSR).

 

They have a nifty guide on how to generate a Certificate Signing Request for Apache 2.x

First step is to go ahead and log in to your server’s terminal (SSH).
Then to enter the following command:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Replace yourdomain with the domain name you’re securing, and answer the prompts as they come up. Avoid abbreviations for States and Cities.
Open the file and paste the full CSR into the SSL enrollment form in your account.

You will then get an email from Godaddy when your certificate is ready.

Download the file, and follow the last bit of their installation instructions:

  1. Copy your SSL certificate file and the certificate bundle file to your Apache server. You should already have a key file on the server from when you generated your certificate request.
  2. Edit your Apache configuration to reference these files. The exact configuration file you will edit will depend on your version of Apache, your OS platform, and/or the method used to install Apache. In Apache 1.3, you will most likely edit the main httpd.conf file. In Apache 2.x, you will most likely edit the ssl.conf file.
  3. Locate the following directives. If one or more of them are currently commented out, uncomment them by removing the ‘#’ character from the beginning of the line. Set the values of these directives to the absolute path and filename of the appropriate file:
    • SSLCertificateFile /path/to/your/certificate/file
    • SSLCertificateKeyFile /path/to/your/key/file
    • SSLCertificateChainFile /path/to/intermediate/bundle/file
  4. Save your configuration file and restart Apache.

 

I was getting this error at first:

Secure Connection Failed
An error occurred during a connection to www.astoreforbeauty.com.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)

 

So I went through the GoDaddy steps and saw that #2, was already done.
Matched step three instruction. And then resolved the ssl_error_rx_record_too_long problem by adding another <VirtualHost> entry to listen on port 443.

Best practice to isolate the domain on a dedicated IP.