After creating the virtual host record for port 443 during certificate installation, Apache refuses to start prompting “Invalid command 'SSLEngine'Error'”.
In the example above, the second line indicates the configuration file that has the virtual host for port 443.
This is quite a common issue on freshly installed Apache servers. When Apache starts, it reads the configuration files and notices an unknown directive “SSLEngine”. This is caused by the fact that the server’s basic configuration does not have mod_ssl module installed/enabled which is responsible for creating and serving SSL connections.
If your server is based on CentOS/RedHat Linux, run the following command from the console to enable this module:
sudo yum install mod_ssl
Note: If you use Apache 2.4 version, the name of the module should be mod24_ssl
To enable this module on a Debian-based distributive (i.e., Ubuntu) run the following command:
sudo a2enmod ssl
Here is the output that you may receive:
As you can see from the log, the SSL module is enabled now, and Apache will be able to read SSL-related directives after the restart. To restart the Apache service, enter the following command:
sudo apachectl restart
If the servers starts correctly, you can check the installation by running:
openssl s_client -connect yourdomain.com:443
or using our SSL checker here.