Apache will not start. SSL error

dpeterson3 · 06-24-2010, 02:59 PM

When I try to restart Apache2, I get the error messages in the log

Code:

[Tue Jun 22 16:35:32 2010] [info] Loading certificate & private key of SSL-aware server
[Tue Jun 22 16:35:32 2010] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required
[Tue Jun 22 16:35:32 2010] [info] Loading certificate & private key of SSL-aware server
[Tue Jun 22 16:35:32 2010] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required
[Tue Jun 22 16:35:32 2010] [info] Configuring server for SSL protocol
[Tue Jun 22 16:35:32 2010] [debug] ssl_engine_init.c(415): Creating new SSL context (protocols: SSLv3, TLSv1)
[Tue Jun 22 16:35:32 2010] [debug] ssl_engine_init.c(611): Configuring permitted SSL ciphers [HIGH:MEDIUM:!ADH]
[Tue Jun 22 16:35:32 2010] [debug] ssl_engine_init.c(370): Configuring TLS extension handling
[Tue Jun 22 16:35:32 2010] [debug] ssl_engine_init.c(742): Configuring RSA server certificate
[Tue Jun 22 16:35:32 2010] [warn] RSA server certificate CommonName (CN) `frankenstein' does NOT match server name!?
[Tue Jun 22 16:35:32 2010] [debug] ssl_engine_init.c(781): Configuring RSA server private key
[Tue Jun 22 16:35:32 2010] [info] Configuring server for SSL protocol
[Tue Jun 22 16:35:32 2010] [error] Illegal attempt to re-initialise SSL for server (theoretically

I have followed everying I can find on this error but it keeps coming back and apache2 does not restart. Here is my ssl config file (the default file looks exactly the same except with a different port number and no ssl stuff.

Code:

NameVirtualHost *:4330
<VirtualHost *:4430>
	ServerAdmin xxx@notrealy.com
	ServerName frankenstein.studentID.org

	SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/server.crt
        SSLCertificateKeyFile /etc/apache2/ssl/server.key


	DocumentRoot /var/www
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /var/www/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>

	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
	<Directory "/usr/lib/cgi-bin">
		AllowOverride None
		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
		Order allow,deny
		Allow from all
	</Directory>

	ErrorLog /var/log/apache2/error.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel debug

	CustomLog /var/log/apache2/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

Any help is appreciated.

bathory · 06-24-2010, 04:50 PM

Hi,

You didn't say your distro, but if it's debian as in your profile, you need:

Code:

Listen 4330

in etc/apache2/ports.conf. For other distros you need to add the above together with the "Listen 80" directive.

Regarding the error you get"

Quote:

[Tue Jun 22 16:35:32 2010] [error] Illegal attempt to re-initialise SSL for server (theoretically

I guess you have another "SSLEngine On" somewhere in the apache config files.

dpeterson3 · 06-24-2010, 08:53 PM

Sorry. My distro is debian squeeze 64 bit. I forgot to post my other two config files.

httpd.conf

Code:

#ServerName localhost
ServerName frankenstein

and ports.conf

Code:

NameVirtualHost *:8080
Listen 8080

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 4430
</IfModule>

<IfModule mod_gnutls.c>
    Listen 4430
</IfModule>

I don't want to use port 80 because then I would have to forward it to this machine. Since this is just for me to mess around with (I might be setting one up for someone else so I wanted to play ahead of time), I figured I would use a different port. Anyway, I think these two files are setup correctly.

BTW, Frankenstein is the name of my server. I changed the name after the server was setup by editing the /etc/hostname file if that makes a difference.

bathory · 06-25-2010, 12:06 AM

Quote:

[Tue Jun 22 16:35:32 2010] [warn] RSA server certificate CommonName (CN) `frankenstein' does NOT match server name!?

You should set the ServerName as frankenstein, also in the ssl vhost definition stanza, if you want to stop getting these warnings,

Quote:

<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 4430
</IfModule>

You define port 4430 for https above, but the ssl NameVirtualhost is configured for port 4330:

Quote:

NameVirtualHost *:4330
<VirtualHost *:4430>

dpeterson3 · 06-25-2010, 10:17 AM

Thanks. I hadn't noticed that. Unfortunately I still get the same error. I just get fewer warnings.
Here is the command line output. The error.log entry remains the same as above. I am at a loss.

Code:

Restarting web server: apache2[Fri Jun 25 10:13:29 2010] [warn] NameVirtualHost *:8080 has no VirtualHosts
[Fri Jun 25 10:13:29 2010] [warn] NameVirtualHost *:8080 has no VirtualHosts
Action 'start' failed.
The Apache error log may have more information.
 failed!

bathory · 06-25-2010, 11:52 AM

Hi,

According to the startup message, now you miss a http vhost (listening on port 8080). I suggest you to take a look at this howto, to see how to setup apache with ssl in debian.

If you follow the steps there (of course there is no need to create a new certificate), I guess the error in error_log should go

Regards