Re: SSLEngine error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Have you enabled the Apache SSL module?

To install mod_ssl, run:

dnf install mod_ssl

To enable the mod_ssl module, run:

apachectl restart httpd apachectl -M | grep ssl

You will see:

ssl_module (shared)

https://docs.rockylinux.org/guides/web/mod_SSL_apache/


On Sat, 18 Nov 2023 at 15:43, John <john.iliffe@xxxxxxxxx> wrote:
I'm trying to bring up Apache on a new server running Rocky Linux 9.1 and also upgrade the version
of Apache from 2.4.25 to current.

I have installed a .pem format certificate and when I try to start Apache I get this error:
----
Starting The Apache HTTP Server...
httpd[12399]: AH00526: Syntax error on line 11 of /etc/httpd/conf.d/coax.conf:
httpd[12399]: Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in
the server configuration
systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: httpd.service: Failed with result 'exit-code'.
systemd[1]: Failed to start The Apache HTTP Server.
----
To me SSLEngine looks properly coded and the same configuration worked on the previous server.  Here
is what I have:

<Virtualhost *:443>
   ServerName www.example.ca
        ServerAlias t.example.ca
   DocumentRoot /usr/httpd/example
   Options -MultiViews
   H2Direct on
   ProxyPassMatch "^/.*\.php(/.*)?$" fcgi://127.0.0.1:9002/usr/httpd/example
   SSLEngine on
   SSLCipherSuite HIGH: !ADH: !SSLv2: !SSLv3: !TLSv1: !aNULL: !eNULL: !RC4: !PSK: !MD5
   SSLCertificateFile /etc/httpd/conf/sslcert/www.example.pem
   SSLCertificateKeyFile /etc/httpd/conf/sslcert/www.example.ca.key
   SSLCACertificateFile /etc/httpd/conf/sslcert/intermediate.crt
   SSLHonorCipherOrder on
   Header always set Strict-Transport-Security "max-age-63072000;includeSubDomains"
</VirtualHost>

This looks to me like I missed something in the upgrade but hours of searching the documentation
haven't given me any possibilities.  Any ideas would be appreciated!

John
======


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux