From owner-freebsd-questions@freebsd.org  Mon Apr  2 23:03:46 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 19D76F6B1EF
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Mon,  2 Apr 2018 23:03:46 +0000 (UTC)
 (envelope-from wfdudley@gmail.com)
Received: from mail-yb0-x22a.google.com (mail-yb0-x22a.google.com
 [IPv6:2607:f8b0:4002:c09::22a])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id A701577878
 for <freebsd-questions@freebsd.org>; Mon,  2 Apr 2018 23:03:45 +0000 (UTC)
 (envelope-from wfdudley@gmail.com)
Received: by mail-yb0-x22a.google.com with SMTP id k199-v6so5539899ybk.12
 for <freebsd-questions@freebsd.org>; Mon, 02 Apr 2018 16:03:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=VZJCHDpzC7/Qmo8loq0PhDykC2OdwX3La4bXX1eKbDY=;
 b=BHQmG9oGCvhDiU+djjpyqkmoUuocfBUbE6TiTZTF0fqwKKwbGzyZFbceq8NqzOfX8R
 E67PP+A9DVXfyZt+rfBC0AiIVOBh5QKzgKAQEvF8FCgu190quN5BIyu7eQlMwJmCpPab
 aSfRkvKwfe2xGFU1x/lH5dMC4i+31jz/5fB8IGmfwwwLiTNY1i9tpxKVosMEshtrE91E
 1JQZlBh6ljBKp3crOdTNzLsl2XvXDfsLM0TM2vhGEBNuopwO/TrBW0Phfh9DsBunivcF
 x7owGt+NTcCY8jaO9L6pMEpcPO1TF2MhYVRnI3qL5xpgWnRrIxeZYJnQVhKLgi71PBW0
 qcWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=VZJCHDpzC7/Qmo8loq0PhDykC2OdwX3La4bXX1eKbDY=;
 b=ZUlcRJ8LwTdiLlYqNkMjYzsm3iMEchhKHQo8VOXS18EBwz/R12vD66ANYjZ0phKsjX
 a7HGza+meXToK/mkDMvKRDz4mdxrxFFfa3pA8R5J+kl2qde+UBip195Z6wz0gtkAXX0J
 Fp/a/kd4y2tvjh/uC2CxR5HV9LEaCyyAeCcPKierVMlvvroHSzyXXDMoZ0gXRyymxONN
 7ypdeTqUkxxHK2FYvCiAidTLJ1dhT7L23MqC515O4xEEPhqj0lWKMwPFICZi2z7CaFNr
 sEeDhivljwPMxc+EatmChw5ijkWMn1GtjBqRNLn8PXb6MxYVzUr7jzIk9rbsUGQzRqw0
 8xeQ==
X-Gm-Message-State: AElRT7GcvJ23GIHLCFXUsJKmb2Gbr3ZfUUdz+q8bpss3xfrAmg+EIQre
 qysGfyTU2+vleEBRyU6apI7r+5Z0cFvwSjSYjYC+WQ==
X-Google-Smtp-Source: AIpwx49h1+twz/hml4ezMl41lffek1xMSZUP9VkEgptqhhnwFMelgqKFi49LHV9Ody6JG3z+wDdree8D4/RXey5LIbs=
X-Received: by 2002:a5b:a89:: with SMTP id h9-v6mr5300008ybq.230.1522710224780; 
 Mon, 02 Apr 2018 16:03:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a25:2e48:0:0:0:0:0 with HTTP;
 Mon, 2 Apr 2018 16:03:44 -0700 (PDT)
From: William Dudley <wfdudley@gmail.com>
Date: Mon, 2 Apr 2018 19:03:44 -0400
Message-ID: <CAFsnNZJQxuvzOveoceAymYz++0V8gJAc7P4uv3ufirBrhTUQ6g@mail.gmail.com>
Subject: MY Apache 2.4 SSL broken (FreeBSD 10.3) - help!
To: freebsd-questions <freebsd-questions@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.25
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Apr 2018 23:03:46 -0000

I'm running FreeBSD 10.3, all patched up using
freebsd-update fetch
freebsd-update install

Because I got this scary warning when upgrading Apache 2.4 (pkg upgrade
apache24)

Message from apache24-2.4.33:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! mod_http2 on FreeBSD with OpenSSL from base results in a mostly !!
!! functionally unusable module due to lack of "Upgrade"           !!
!! capability in OpenSSL 1.0.1.                                    !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

I installed openssl

pkg install openssl

Now, apache dies if I start it with any of these:

<VirtualHost *:443>
. . .
</VirtualHost>

I get this in httpd-error.log:

[Mon Apr 02 18:44:00.204869 2018] [ssl:emerg] [pid 82318] AH02572: Failed
to configure at least one certificate and key for njsbmwr.org:80
[Mon Apr 02 18:44:00.205017 2018] [ssl:emerg] [pid 82318] SSL Library
Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate
assigned
[Mon Apr 02 18:44:00.205027 2018] [ssl:emerg] [pid 82318] AH02312: Fatal
error initialising mod_ssl, exiting.

This was a formerly working installation with a handful of letsencrypt
certificates.

Did the openssl from pkg break this?

How do I fix this?

Thanks,
Bill Dudley



This email is free of malware because I run Linux.