Re: Failure to start apache2 after SSL cert update.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

After more searching I find that loadmodule.conf calls for loading the mod_socache_shmcb.so module during pre-fork. However, the ssl-global.conf file calls for mod_socache_shmcb.c. Is the source file call rather than the executable that's causing the misconfiguration message? Should I just comment out the <IfModule . . .> and </IfModule> lines in ssl-global.conf, leaving the SSLSessioncache line as is?

And why did this glitch just happen recently?

On 11 Jul 2020, at 10:34, Jack M. Nilles <jnilles@xxxxxxxx> wrote:

I set the error level to debug in vhosts.conf, tried a restart and got this from yesterday; nothing from today.

[Fri Jul 10 09:47:37.657510 2020] [mpm_prefork:notice] [pid 7681] AH00173: SIGHUP received.  Attempting to restart
[Fri Jul 10 09:47:37.899186 2020] [ssl:warn] [pid 7681] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri Jul 10 09:47:37.909108 2020] [:emerg] [pid 7681] AH00020: Configuration Failed, exiting
AH00016: Configuration Failed


On 11 Jul 2020, at 7:52, Jack M. Nilles <jnilles@xxxxxxxx> wrote:

The /var/log/apache2/error_log simply lists a set of Configuration Failed lines. 

apachectl configtest produces Syntax OK

What file should I change to set the debug level?

On 11 Jul 2020, at 7:08, Jack M. Nilles <jnilles@xxxxxxxx> wrote:

If I use: openssl x509 -noout -text -in WWW.SITENAME.COM.crt

I get a complete readout of the cert file with no obvious errors. The problem seems to be that apache even fails to start so i'll try the debug level next.





On 11 Jul 2020, at 5:30, Jim Albert <jim@xxxxxxxxxxxxx> wrote:

On 7/11/2020 6:10 AM, Holger Schramm wrote:
Am 11.07.20 um 00:32 schrieb Jack M. Nilles:
The apache error logs all quit at the point just before I restarted it. User and group permissions for the SSL files are all root, as before.

Jack

have you checked the files? sometime there are missing newlines in cert chains or other malformed things.

you can try to set a higher log level on apache to get more details. it should log sth in the error log.

There are various utilities to read private/public key files. For example, openssl on UNIX. I believe certutil for Windows.
If those utilities can read your key files then they should be valid format.

Jim



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux