Apache SSL Not Working After Update To 2.2.13

dave

dave

I have just updated my port of apache 2.2 to 2.2.13 using portmaster. Now, when I try to restart with SSL enabled (as it was before), I get...
Code: 
[error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]

My cert files are where they always have been, and no changes to config files.

I am using a self-signed cert.

What am I missing?

Thanks in advance.
 
Dunno why the port upgrade would cause this, but a couple quick sanity checks:
  • Actually look at the SSLCertificateFile directive in your config and see where it points.
  • Confirm that said file is where you think it is on the filesystem.
  • View the cert to be sure it is not corrupted - # openssl x509 -text -in server.crt

-------

edit: Something else occurs to me, since you said this happened after a port upgrade. (And presumably no other changes?)

Perhaps the upgrade modified httpd.conf such that it's no longer including your ssl config file.

When I'm upgrading ports I take a quick backup of related config files first, just in case. Also, I have a HIDS running so I can check what the port upgrade changed.
 
Thanks for your reply.

Yes, I checked to make sure file is still there. Apache configs were not changed by the port upgrade. Output of
Code: 
# openssl x509 -text -in server.crt
looks normal. Cert has not expired.

Still, same problem.
 
No response, so I have reverted to 2.2.11 for now. Everything back to normal. I guess I will wait to see if others have same problem.

If you are reading this and have the same problem, or have solved it, please post, thanks.
 
Interesting:

To be back in the Race, I commented out all port 443 virtual hosts.
Then I have a (well known) warning:
RSA server certificate CommonName (CN) `xx.yy.zz' does NOT match server name!? It finds and read the certificate now!!

Remember, before that, I had:
[error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]

isn't that strange?' ;)
 
I've got the same problem here. Curious thing is that on a 6.3-p11 host it will fail with the mentioned errors, while with previous versions of Apache (2.2.11) it worked fine.

On a 7.1-p6 host, the apache upgrade went fine, no problems. It seems OS version specific?
 
I can only confirm that on 7.2 installations this upgrade went fine with SSL enabled (with the base openssl and the port openssl).
 
I sent PR to upgrade to 2.2.13, for I have no trouble
on my host of 7-STABLE...
I have no idea about the cause.
Have you updated apr and autotools ? Or version dependent ...?
 
I run 7_STABLE and all ports are updated at least weekly.

I assume, it has to do with the configuration itself. Maybe syntax-check?
Running fine under 2.2.11, broken under 2.2.13
config without ssl also runs under 2.2.13..

I have https virtual hosts and if i comment them out in httpd.conf, it runs and finds the missed certificate in extras/httpd-ssl.conf
 
Now it's running again.

I had to experiment with several changes in SSL VHosts. It was a combination of all mentioned workarounds in this threads.

Unfortunately there are some observations:
- Error Logging is inaccurate or inexistent
- The changes in SSL Part of Syntax are not documented
- First Time for me since Years that a Apache-Upgrade broke my configuration :-(
 
It probably wouldn't have happened if you had updated your configuration over the years .. I believe a lot of people are still running Apache 1.x configuration files (with almost everything in httpd.conf) on Apache 2.x, with only some minimal changes to get it working again. I guess now is the time to overhaul and adapt.
 
I am not using a 1.x config file.

Has anyone determined the specific syntax or other issue?

Thanks...
 
I would start from a stock extra/httpd-ssl.conf and build it up with the data you have.
 
[Solved]

Thanks to everyone who helped. Here is what the problem was...

I have only one SSL-enabled web site on a particular IP, but a bunch of other sites that ran on port 80. I used to have the following in my apache conf _after_ the SSL virtual host:

Code: 
<VirtualHost *:443>
    ServerName myssldomain.com
    ServerAlias www.myssldomain.com
    RedirectPermanent / "https://www.myssldomain.com/"
</VirtualHost>

That would force any requests for other domains on port 443 to be redirected to my SSL-enabled domain.

Seems Apache does not like that anymore. :( Will have to change the config to suit my needs now. Wonder if I can write a RedirectMatch to match anything _except_ myssldomain.com...?
 
vhost

Just for the record, I will add my solution.

I ran into this exact problem after upgrading to apache-2.2.13.
After some searching I found it was caused by having a virtual host running at the same port in /usr/local/etc/apache22/extra/httpd-vhosts.conf.

Either changing the port in httpd-ssl.conf to something else or commenting
the vhost in httpd-vhosts.conf made everything run as before 2.2.13.

gr
Arno
 
You must log in or register to reply here.
Back
Top