'Invalid command 'SSLEngine' error on Apache

After creating the virtual host record for port 443 during certificate installation, Apache refuses to start prompting “Invalid command 'SSLEngine'Error'”.

sslengine1

In the example above, the second line indicates the configuration file that has the virtual host for port 443.

Cause:
This is quite a common issue on freshly installed Apache servers. When Apache starts, it reads the configuration files and notices an unknown directive “SSLEngine”. This is caused by the fact that the server’s basic configuration does not have mod_ssl module installed/enabled which is responsible for creating and serving SSL connections.

Solution:
If your server is based on CentOS/RedHat Linux, run the following command from the console to enable this module:

sudo yum install mod_ssl

Note: If you use Apache 2.4 version, the name of the module should be mod24_ssl

To enable this module on a Debian-based distributive (i.e., Ubuntu) run the following command:

sudo a2enmod ssl

Here is the output that you may receive:

sslengine2

As you can see from the log, the SSL module is enabled now, and Apache will be able to read SSL-related directives after the restart. To restart the Apache service, enter the following command:

sudo apachectl restart

If the servers starts correctly, you can check the installation by running:

openssl s_client -connect yourdomain.com:443

or using our SSL checker here.

Updated
Viewed
55556 times

Need help? We're always here for you.

notmyip