Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#775129: apache2: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
113 views
Skip to first unread message
Francois Marier
Jan 11, 2015, 2:40:03 PM1/11/15
to
Package: apache2
Version: 2.2.22-13+deb7u4
Severity: important
After upgrading from 2.2.22-13+deb7u3 to 2.2.22-13+deb7u4, Apache refused to
start on my server with this error message in /var/log/apache2/error.log:
[error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
While my configuration and TLS cert didn't change, it seems like Apache got
more strict somehow.
There are two config changes I found that fix this:
1. change "Listen 443" to "Listen 443 http" in /etc/apache2/ports.conf
2. ensure that every :443 vhost includes the entire TLS config including the
directives that point to the certificate files
I'm not sure why #1 works so I went with the second option when I found that
one of my vhosts didn't include the full TLS config:
<VirtualHost *:443>
ServerName libravatar.org
ServerAdmin webm...@libravatar.org
Header always add Strict-Transport-Security: "max-age=15768000"
Redirect permanent / https://www.libravatar.org/
</VirtualHost>
Francois
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Version: 2.2.22-13+deb7u4
Severity: important
After upgrading from 2.2.22-13+deb7u3 to 2.2.22-13+deb7u4, Apache refused to
start on my server with this error message in /var/log/apache2/error.log:
[error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
While my configuration and TLS cert didn't change, it seems like Apache got
more strict somehow.
There are two config changes I found that fix this:
1. change "Listen 443" to "Listen 443 http" in /etc/apache2/ports.conf
2. ensure that every :443 vhost includes the entire TLS config including the
directives that point to the certificate files
I'm not sure why #1 works so I went with the second option when I found that
one of my vhosts didn't include the full TLS config:
<VirtualHost *:443>
ServerName libravatar.org
ServerAdmin webm...@libravatar.org
Header always add Strict-Transport-Security: "max-age=15768000"
Redirect permanent / https://www.libravatar.org/
</VirtualHost>
Francois
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Stefan Fritsch
Jan 13, 2015, 3:50:02 PM1/13/15
to
Hi,
On Mon, 12 Jan 2015, Francois Marier wrote:
> After upgrading from 2.2.22-13+deb7u3 to 2.2.22-13+deb7u4, Apache refused to
> start on my server with this error message in /var/log/apache2/error.log:
>
> [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
>
> While my configuration and TLS cert didn't change, it seems like Apache got
> more strict somehow.
Currently I can't imagine how the changes in the most recent version could
have caused this. Could you please double-check that downgrading to
2.2.22-13+deb7u3 (still available on security.debian.org) actually fixes
the problem?
Cheers,
Stefan
On Mon, 12 Jan 2015, Francois Marier wrote:
> After upgrading from 2.2.22-13+deb7u3 to 2.2.22-13+deb7u4, Apache refused to
> start on my server with this error message in /var/log/apache2/error.log:
>
> [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
>
> While my configuration and TLS cert didn't change, it seems like Apache got
> more strict somehow.
have caused this. Could you please double-check that downgrading to
2.2.22-13+deb7u3 (still available on security.debian.org) actually fixes
the problem?
Cheers,
Stefan
Francois Marier
Jan 31, 2015, 6:30:03 PM1/31/15
to
On 2015-01-13 at 21:46:01, Stefan Fritsch wrote:
> Currently I can't imagine how the changes in the most recent version could
> have caused this. Could you please double-check that downgrading to
> 2.2.22-13+deb7u3 (still available on security.debian.org) actually fixes
> the problem?
I can confirm that downgrading does NOT fix the problem.
> Currently I can't imagine how the changes in the most recent version could
> have caused this. Could you please double-check that downgrading to
> 2.2.22-13+deb7u3 (still available on security.debian.org) actually fixes
> the problem?
I'm starting to suspect that perhaps I had a bad config that just hadn't
been applied and that the upgrade forced it to take effect when it restarted
Apache.
In other words, I can't reproduce the working configuration I had before the
upgrade to u4, so it's probably not a bug in the apache2 package.
Francois
--
Francois Marier identi.ca/fmarier
http://fmarier.org twitter.com/fmarier
0 new messages