Apache SSL broken after upgrade to 2.2.13?
Frederique Rijsdijk
machines. On a machine that's running SSL, things broke after the
ugprade with the following error:
[Wed Aug 26 10:23:39 2009] [error] Server should be SSL-aware but has no
certificate configured [Hint: SSLCertificateFile]
The previous version was 2.2.11_5. Everything worked fine. The hint that
apache gives is obviously configured in httpd.conf..
Rolled back to version 2.2.11_5, all is working again.
Did I miss something?
-- Frederique
Peter Pentchev
This was reported in Debian, too; it seems to be an upstream change
in Apache. I don't know what they intend to do about it, but it does
indeed "break" the setups of a lot of people who only put the SSL
certificate, key, and stuff in the virtual hosts that actually
require it.
As a workaround, just put the SSL cert and key directives somewhere
on a global level, outside a vhost, and Apache will start. Stupid,
I know, but that's how it is for the present :/
G'luck,
Peter
--
Peter Pentchev ro...@ringlet.net ro...@space.bg ro...@FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
Nostalgia ain't what it used to be.
Frederique Rijsdijk
On a 7.1-p6 it works fine..
Frederique Rijsdijk wrote:
> Following todays portaudit advisory, I upgraded Apache on several
> machines. On a machine that's running SSL, things broke after the
> ugprade with the following error:
>
> [Wed Aug 26 10:23:39 2009] [error] Server should be SSL-aware but has no
> certificate configured [Hint: SSLCertificateFile]
>
> The previous version was 2.2.11_5. Everything worked fine. The hint that
> apache gives is obviously configured in httpd.conf..
>
> Rolled back to version 2.2.11_5, all is working again.
>
> Did I miss something?
>
>
> -- Frederique
>
>
>
>
Frederique Rijsdijk
> On Wed, Aug 26, 2009 at 10:59:34AM +0200, Frederique Rijsdijk wrote:
>> Following todays portaudit advisory, I upgraded Apache on several
>> machines. On a machine that's running SSL, things broke after the
>> ugprade with the following error:
>>
>> [Wed Aug 26 10:23:39 2009] [error] Server should be SSL-aware but has no
>> certificate configured [Hint: SSLCertificateFile]
>>
>> The previous version was 2.2.11_5. Everything worked fine. The hint that
>> apache gives is obviously configured in httpd.conf..
>>
>> Rolled back to version 2.2.11_5, all is working again.
>>
>> Did I miss something?
>
> This was reported in Debian, too; it seems to be an upstream change
> in Apache. I don't know what they intend to do about it, but it does
> indeed "break" the setups of a lot of people who only put the SSL
> certificate, key, and stuff in the virtual hosts that actually
> require it.
>
> As a workaround, just put the SSL cert and key directives somewhere
> on a global level, outside a vhost, and Apache will start. Stupid,
> I know, but that's how it is for the present :/
>
That doesn't work for me ..
[Mon Apr 20 12:53:04 2009] [error] Illegal attempt to re-initialise SSL
for server (theoretically shouldn't happen!)
Weird stuff..
Philip
wrote:
Just upgraded 2.2.11 to 2.2.13 via portupgrade and I'm getting this on
a 6.4-RELEASE box:
[Tue Sep 08 16:08:37 2009] [error] Unable to initialize TLS servername
extension callback (incompatible OpenSSL version?)
If I comment out the include for httpd-ssl.conf, it starts:
[Tue Sep 08 16:45:07 2009] [notice] Apache/2.2.13 (FreeBSD) mod_ssl/
2.2.13 OpenSSL/0.9.7e-p1 DAV/2 PHP/5.2.10 with Suhosin-Patch SVN/1.6.5
configured -- resuming normal operations
hmmm...must be some config issue.
Philip
For some reason, the OpenSSL version that apache was using was older
than the version of the OpenSSL port that was installed:
Apache/2.2.13 (FreeBSD) mod_ssl/2.2.13 OpenSSL/0.9.7e-p1 DAV/2 PHP/
5.2.11 with Suhosin-Patch SVN/1.6.5 configured
I think I may have when I first set up the box a couple of years back
installed the OpenSSL port with the OPENSSL_OVERWRITE_BASE define
because I couldn't get something else working. Doing a total deinstall
and rebuild of both ports seemed to do the trick!