Apache ERR_CONNECTION_REFUSED over SSL on Ubuntu

Question

I'm trying to set up an Apache (2.4) server on Ubuntu. For now I'm just trying to get it to serve static pages from /var/www/html (although eventually I want to run a WSGI Python app).

Here's my sites-available/website.conf file:

<VirtualHost *:443>
        ServerAdmin [email protected]
        ServerName website.com:443
        SSLEngine on
        SSLCertificateFile /root/website.csr
        SSLCertificateKeyFile /root/website.key
        DocumentRoot /var/www/html
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

(Replaced my actual domain with "website".)

When I try to connect to this by either going to my domain name or the server's IP, Chrome gives me ERR_CONNECTION_REFUSED ("This site can’t be reached").

I also tried with telnet:

root@website:/etc/apache2# telnet localhost 443
Trying ::1...
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

When I comment out all the lines to do with SSL from my config file, I can connect over telnet, but Chrome gives me ERR_SSL_PROTOCOL_ERROR ("This site can’t provide a secure connection", which I guess makes sense).

Here's also my ports.config, if that helps:

Listen 80

<IfModule ssl_module>
        Listen 443
        NameVirtualHost *:443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

(Yes, the SSL module is enabled.)

And the part of my apache2.conf that I often see referenced in similar questions:

<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

This is my first time setting up an Apache server, so I'm guessing I'm messing up something simple here?

Answer 1

Check if ssl mode is activated here:

sudo a2enmod ssl

sudo service apache2 restart

Answer 2

My problem was here:

SSLEngine on
SSLCertificateFile /root/website.csr
SSLCertificateKeyFile /root/website.key

I was linking to the .csr, not the .crt. I also didn't link to something intermediate.

Here's how it is now, which fixed it:

SSLEngine on
SSLCertificateFile /root/domain.crt
SSLCertificateKeyFile /root/domain.key
SSLCertificateChainFile /root/DigiCertCA.crt