From owner-freebsd-questions@freebsd.org  Mon Apr  2 23:06:22 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CB25DF6B560
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Mon,  2 Apr 2018 23:06:22 +0000 (UTC)
 (envelope-from kremels@kreme.com)
Received: from mail.covisp.net (www.covisp.net [65.121.55.45])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 697E0779C5
 for <freebsd-questions@freebsd.org>; Mon,  2 Apr 2018 23:06:21 +0000 (UTC)
 (envelope-from kremels@kreme.com)
From: "@lbutlr" <kremels@kreme.com>
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Subject: Re: I broke my Apache 2.4 install and I need help!
Date: Mon, 2 Apr 2018 16:56:40 -0600
References: <CAFsnNZLHzAsNfYD2H1qsgHEZZz0uFRhTomDi0uWg5ee-93PqAw@mail.gmail.com>
 <20180402204202.GA3145@gmail.com>
 <CAFsnNZKjovHMGf4+kSBxq8h=siLvbsNg5LNs8nCcB24wRGNpqA@mail.gmail.com>
 <20180402213311.GB3145@gmail.com>
 <CAFsnNZLyLEUHxX8pu9AuT0kaeOnPo8JdG-Ctge92OLBC0H60yw@mail.gmail.com>
 <CALeGphxZ7-HyZXuzsyHXHrdJ6SY8BLUvbR6ot_3igDtWEUTfQA@mail.gmail.com>
 <CAFsnNZKP7W5rYoW11N-Qh-vWyH_QZ2eKK=R1PLbXPLECShxH1w@mail.gmail.com>
 <CALeGphy1qSVfcKbTCeRh_k4mUGhOGeEDd7xn49JNN9rpdpHxtA@mail.gmail.com>
 <CAFsnNZJtNYqdbFzBkK7d8zbWS1B_xkKkPGOvqDjE+SUcxD2pYw@mail.gmail.com>
To: freebsd-questions@freebsd.org
In-Reply-To: <CAFsnNZJtNYqdbFzBkK7d8zbWS1B_xkKkPGOvqDjE+SUcxD2pYw@mail.gmail.com>
Message-Id: <22AED507-651D-4FF5-9D3F-73F41F57AC24@kreme.com>
X-Mailer: Apple Mail (2.3445.6.18)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Apr 2018 23:06:23 -0000

On 2018-04-02 (16:40 MDT), William Dudley <wfdudley@gmail.com> wrote:
>=20
> I've managed to get my apache install working without any SSL stuff
> running.  That's progress.

This is what a virtual host looks like for me in apache24. I never put =
any hosts into http.conf other than a base name that is actually unused =
for web access. Everything is in user/name.conf or =
extras/httpd-vhosts.conf

<VirtualHost *:443>
   ServerName oursite.example.net
   DocumentRoot /usr/local/www/oursite
   SSLEngine on
   SSLCertificateFile =
/usr/local/etc/dehydrated/certs/covisp.net/cert.pem
   SSLCertificateKeyFile =
/usr/local/etc/dehydrated/certs/covisp.net/privkey.pem
   SSLCertificateChainFile =
/usr/local/etc/dehydrated/certs/covisp.net/chain.pem
   SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
   SSLHonorCipherOrder on
   # I am not sure this is needed or best for TLSv1.2, but it works for =
us
   SSLCipherSuite =
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:D=
H+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
   Header always set Strict-Transport-Security "max-age=3D15638400; =
includeSubdomains;"
</VirtualHost>         =20

--=20
Well I've seen the Heart of Darkness/Read the writing on the wall/and =
the
voice out in the desert/Was the voice out in the hall