How to Install and Configure mod_ssl on Amazon EC2 with Apache 2.4: Resolving httpd24-tools Conflicts


7 views

When working with Amazon Linux AMI (2012.09) and Apache 2.4, many developers encounter dependency conflicts when trying to enable HTTPS through mod_ssl. The error message about httpd24-tools conflicting with httpd-tools indicates a package version mismatch that needs resolution.

First, remove any conflicting packages:

sudo yum remove httpd-tools
sudo yum install mod_ssl --enablerepo=epel

For Apache 2.4 specifically, use:

sudo yum install httpd24-mod_ssl

After installation, edit your SSL configuration (typically located at /etc/httpd/conf.d/ssl.conf):

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/server.crt
    SSLCertificateKeyFile /etc/pki/tls/private/server.key
    SSLCertificateChainFile /etc/pki/tls/certs/ca-bundle.crt
    
    # Other virtual host configuration
    DocumentRoot "/var/www/html"
    ServerName yourdomain.com
</VirtualHost>

If you need to generate a self-signed certificate for testing:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/pki/tls/private/server.key \
-out /etc/pki/tls/certs/server.crt

Don't forget to update your EC2 security group to allow HTTPS traffic (port 443). This can be done through AWS Console or CLI:

aws ec2 authorize-security-group-ingress \
    --group-id your-group-id \
    --protocol tcp \
    --port 443 \
    --cidr 0.0.0.0/0

After restarting Apache (sudo service httpd restart), verify mod_ssl is loaded:

httpd -M | grep ssl

You should see ssl_module (shared) in the output.

If you still encounter problems:

  • Check Apache error logs: tail -f /var/log/httpd/error_log
  • Verify SELinux context if files aren't accessible: ls -Z /etc/pki/tls/private/
  • Ensure time synchronization: sudo yum install ntp; sudo service ntpd start

When setting up HTTPS on Amazon EC2 with Apache 2.4, many developers encounter package conflicts during mod_ssl installation. The error message about httpd24-tools conflicting with httpd-tools is particularly common with Amazon Linux AMIs.

First, verify your current Apache installation:

httpd -v
# Expected output: Server version: Apache/2.4.x (Amazon)

Install mod_ssl properly using Amazon's package naming convention:

sudo yum install mod24_ssl
sudo service httpd restart

After successful installation, configure your SSL virtual host in /etc/httpd/conf.d/ssl.conf:

<VirtualHost *:443>
    ServerName yourdomain.com
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/server.crt
    SSLCertificateKeyFile /etc/pki/tls/private/server.key
    SSLCertificateChainFile /etc/pki/tls/certs/intermediate.crt
    <Directory /var/www/html>
        Options -Indexes +FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

Check if mod_ssl is properly loaded:

httpd -M | grep ssl
# Should return: ssl_module (shared)

Test your configuration before restarting Apache:

sudo apachectl configtest
sudo service httpd restart

For testing purposes, you can generate a self-signed certificate:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/pki/tls/private/server.key \
-out /etc/pki/tls/certs/server.crt

If you still see SSL module errors, check:

  • ls /etc/httpd/modules/ | grep ssl for module existence
  • Apache error logs at /var/log/httpd/error_log
  • SELinux context with ls -Z /etc/pki/tls/private/