After successfully configuring SSL on Apache2, many developers encounter a perplexing situation where HTTPS requests return 404 errors despite working perfectly under HTTP. The root cause typically lies in document root mismatches between HTTP and HTTPS virtual hosts, or conflicts with Apache's default configuration.
First, let's verify the current virtual host configurations:
# Check enabled sites
ls -l /etc/apache2/sites-enabled
# Check available configurations
apache2ctl -SThe key symptoms appear when:
- HTTPS works (padlock shows) but serves 404s
- HTTP works perfectly until forced redirect
- Apache somehow uses /var/www/ instead of your configured DocumentRoot
Even when default sites aren't enabled via a2ensite, Apache may still fall back to built-in defaults. This often happens when:
# Check for any default-ssl.conf files
grep -r "DocumentRoot /var/www/" /etc/apache2/Here's a comprehensive fix for the virtual host configuration:
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://example.com/
ServerName example.com
ServerAlias www.example.com
# Explicit document root declaration
DocumentRoot /var/www/your_actual_path
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
# SSL Configuration
SSLEngine on
SSLCertificateFile /etc/ssl/certs/example.com.crt
SSLCertificateKeyFile /etc/ssl/private/example.com.key
SSLCertificateChainFile /etc/ssl/certs/chain.crt
# Force SSL for all paths
SSLOptions +StdEnvVars
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
After making changes:
# Test configuration syntax
apache2ctl configtest
# Check which configs Apache is actually using
apache2ctl -S | grep "namevhost"
# Verify DocumentRoot inheritance
apache2ctl -S | grep "DocumentRoot"
# Restart Apache
systemctl restart apache2If issues persist:
- Check for conflicting .htaccess files
- Examine SELinux context if applicable
- Verify filesystem permissions (especially for SSL certs)
- Inspect error logs thoroughly
For log examination:
tail -50 /var/log/apache2/error.log | grep -i "ssl\|documentroot"
journalctl -xeu apache2When transitioning from HTTP to HTTPS on Apache2, many developers encounter a perplexing situation where their site loads with a valid SSL certificate (showing the green padlock) but returns 404 errors for all resources. This typically indicates a document root mismatch between HTTP and HTTPS virtual hosts.
# Check active configuration
apache2ctl -S
# Sample output might reveal:
# VirtualHost configuration:
# *:443 is a NameVirtualHost
# default server servername.com (/etc/apache2/sites-enabled/000-default.conf:1)
If you see the default configuration being used for port 443 despite having a custom VirtualHost, you've found the culprit.
Here's a properly configured HTTPS VirtualHost that prevents document root conflicts:
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example/public_html
SSLEngine on
SSLCertificateFile /etc/ssl/certs/example.com.crt
SSLCertificateKeyFile /etc/ssl/private/example.com.key
SSLCertificateChainFile /etc/ssl/certs/comodo_bundle.crt
Options -Indexes +FollowSymLinks
AllowOverride All
Require all granted
ErrorLog ${APACHE_LOG_DIR}/example_ssl_error.log
CustomLog ${APACHE_LOG_DIR}/example_ssl_access.log combined
- SELinux contexts: Run
restorecon -Rv /var/www/if using SELinux - Permission issues: Ensure
www-datahas read access:chmod -R 755 /var/www/ - Module conflicts: Disable default site:
a2dissite 000-default.conf
Enable verbose logging temporarily:
# In your VirtualHost:
LogLevel debug
# Then tail the error log:
tail -f /var/log/apache2/error.log | grep 'AH00132'
Always verify changes:
# Test configuration syntax
apache2ctl configtest
# Full restart required for SSL changes
systemctl restart apache2
The key is ensuring your DocumentRoot in the HTTPS VirtualHost matches your intended web directory and that no default configurations are interfering. When properly configured, Apache will serve content securely without 404 errors.