Date: Tue, 3 Apr 2018 12:36:34 +0000 (UTC) From: hans perryck <hansperryck@yahoo.com> To: "FreeBSD-questions@FreeBSD.org" <FreeBSD-questions@FreeBSD.org> Subject: cultural value based BPM Message-ID: <1674790533.1041889.1522758994593@mail.yahoo.com> References: <1674790533.1041889.1522758994593.ref@mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I am a newby on the FreeBSD platform but already taken just by its original intention and reviews. Wish I had heard from it earlier. Busy to line up a smallbusiness and wanting to know if there are applications like business processes modelling, entreprise architecture running on the platform. For me it is vital if these can be made cultural value based, sustainibility, transparency, accountable, etc. I will have a look into BPM's myself as well, but want to bave ghis running parallel. Thank you for your timeHans Perryck Hans Brinckers LtDInflatable Flooding BarriersAustralia Sent from Yahoo Mail on Android From owner-freebsd-questions@freebsd.org Tue Apr 3 13:48:18 2018 Return-Path: <owner-freebsd-questions@freebsd.org> Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A228DF81D7E for <freebsd-questions@mailman.ysv.freebsd.org>; Tue, 3 Apr 2018 13:48:18 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: from mail-yw0-x230.google.com (mail-yw0-x230.google.com [IPv6:2607:f8b0:4002:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 277157DFC9 for <freebsd-questions@freebsd.org>; Tue, 3 Apr 2018 13:48:18 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: by mail-yw0-x230.google.com with SMTP id u15so6142328ywg.8 for <freebsd-questions@freebsd.org>; Tue, 03 Apr 2018 06:48:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s 161025; h=mime-version:from:date:message-id:subject:to; bh=Voz++NJF46NwD1H/x3UI0dc13RwWkCqBdzc1PW2NN4k=; b=cneUPf4zZ0gw+kXe9AwqnnxiQRCjVuJ5YtOq/5F4NNRmUcc+Xa2Tpx+ky8vrrbCspG 4F8M7FvZMxfBLuiZXyFMlLyDum6/w/IDrYkNATT+9GlHHYZoALM1jJgs3FMTouLCwPix NdUQF0vxXRrVlTwvrCIlBqQupcZtIun4SdC8mdKlXA5vqEnoY5uGWHocrMRNXUJgd73G jLp+52seaoP/uE+Lv6/6e7S1Dsj0VF97sDgWfjX9OGmMd+QxeSxr5kx8xJem+PHq9Fok FcsYEnjUate6U1lVTTEpMmmpHioGa56xBq28MsA64zOTWtTICeHwarfF3EbhCPoX93H+ hadg=X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d 100.net; s 161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Voz++NJF46NwD1H/x3UI0dc13RwWkCqBdzc1PW2NN4k=; b=oiNuz8tpdcEmfuAzY3hgYXBNxE/KYH5f+Pz57yxp1O+42wmJ0ROMIGMLH/ELStKo2B FtAXNMyuWeNerdRwoYtw0F8vLYVRUeKp7m1taXy+E7nEgKOkpC95D67ZCa3KB3fXVpc1 jvt75iUMdZYRiC0rWpJ4BSWU+I5NDY2pPI2IoDXZ5hSqbRZYg/SAQhi7Sf+k9plnenxS qhwKYSwKtzfA4jprNwPD/qKp2IDI3EUAO6PQ4N/RyigbLPR4ugWaEq5Q2YYr/IkjcElJ 6zro5Dl1wYMQeo74DpZhhvI6pae6EfyOFpbk3Vop04NI3HHKST/WNVMoBfXAoieNwm/N v7yw=X-Gm-Message-State: AElRT7HD2FtFXW4Rouo01rcGj0bFfXkbX6lY2InsRitn2AED80Px64su vaQAAGwvKwMcLqRvj711kCpjbSDvaUK1WmZVFM7gLA=X-Google-Smtp-Source: AIpwx4+2nvrxUspfza8S2p/Tucw9iBMBSpo6EJIL/EpLAihBEwvpXRt7HLEHIfOAvV9qIDchlKPUxY2ztkFO2+gBK7MX-Received: by 10.129.109.86 with SMTP id i83mr7608192ywc.347.1522763297273; Tue, 03 Apr 2018 06:48:17 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:2e48:0:0:0:0:0 with HTTP; Tue, 3 Apr 2018 06:48:16 -0700 (PDT) From: William Dudley <wfdudley@gmail.com> Date: Tue, 3 Apr 2018 09:48:16 -0400 Message-ID: <CAFsnNZL=J8=+ca1COD7Y_CbhV5aAK-kaN-HguYwLmuyXpU5PnA@mail.gmail.com> Subject: my Let's Encrypt certs "broken" overnight! To: freebsd-questions <freebsd-questions@freebsd.org> Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions <freebsd-questions.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>; List-Post: <mailto:freebsd-questions@freebsd.org> List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=subscribe> X-List-Received-Date: Tue, 03 Apr 2018 13:48:19 -0000 FreeBSD 10.3 I run a hobby web server, with a couple of small clubs that pay me for hosting. I had letsencrypt certs for most of the sites I host, and they were working fine until a recent upgrade -- either apache 2.4 or openssl changed and now things are hosed. An example: I host www.njsbmwr.org. I have a "test" URL for development, njsbmwr.dudley.nu. Both share the same certificates, or at least, they used to. Now, if I uncomment the <VirtualHost *:443> section for www.njsbmwr.org, apache throws an error and won't start. If I comment the section out, apache is happy but www.njsbmwr.org doesn't serve https pages. njsbmwr.dudley.nu has almost the identical <VirtualHost *:443> section, and it works fine as https://njsbmwr.dudley.nu The apache error I get when I enable the <VirtualHost *:443> section for www.njsbmwr.org is: [Tue Apr 03 09:13:29.141783 2018] [ssl:emerg] [pid 49861] AH02572: Failed to configure at least one certificate and key for njsbmwr.org:80 [Tue Apr 03 09:13:29.141947 2018] [ssl:emerg] [pid 49861] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned [Tue Apr 03 09:13:29.141982 2018] [ssl:emerg] [pid 49861] AH02312: Fatal error initialising mod_ssl, exiting. AH00016: Configuration Failed Here's the <VirtualHost *:443> section that causes failure: <VirtualHost *:443> ServerAdmin webmaster@dudley.nu ServerName www.njsbmwr.org DocumentRoot /usr/local/www/njsbmwr.dudley.nu Alias /.well-known/ /usr/local/www/.well-known/ ScriptAlias /cgi-bin/ "/usr/local/www/njsbmwr.dudley.nu/cgi-bin/" SSLEngine on SSLCertificateFile \ "/usr/local/etc/letsencrypt/live/njsbmwr.dudley.nu/cert.pem" SSLCertificateKeyFile \ "/usr/local/etc/letsencrypt/live/njsbmwr.dudley.nu/privkey.pem" SSLCertificateChainFile \ "/usr/local/etc/letsencrypt/live/njsbmwr.dudley.nu/fullchain.pem" SSLOptions +StdEnvVars BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "/var/log/njsbmwr.dudley.nu-httpd-ssl_request.log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'u nsafe-inline' pagead2.googlesyndication.com www.google-analytics.com *.cloudflar e.com www.paypal.com; img-src 'self' *.crystalbrook.com www.paypalobjects.com" Header set X-Frame-Options SAMEORIGIN Header set X-XSS-Protection "1; mode=block" Header set X-Content-Type-Options nosniff ErrorDocument 404 /errormessages/oatmeal_404.html ErrorDocument 500 /errormessages/oatmeal_500.html ErrorDocument 503 /errormessages/oatmeal_503.html ErrorLog /var/log/njsbmwr.dudley.nu-error_log CustomLog /var/log/njsbmwr.dudley.nu-access_log combined <Directory "/usr/local/www/njsbmwr.dudley.nu"> Options +ExecCGI +FollowSymLinks +Includes +Indexes -SymLinksIfOwnerMatc h AllowOverride All </Directory> <Location /> Order allow,deny Allow from all </Location> </VirtualHost> The ONLY difference between this section, that doesn't work, and the section that DOES work is the ServerName line: < ServerName njsbmwr.dudley.nu --- > ServerName www.njsbmwr.org More info: pkg info | grep apache apache24-2.4.33 Version 2.4.x of Apache web server pkg info | grep openssl openssl-1.0.2o,1 SSL and crypto library I am mystified, and running out of ideas on what to try. I suspect the openssl I installed from a package, because of this scary warning that the apache upgrade gave me: Message from apache24-2.4.33: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! mod_http2 on FreeBSD with OpenSSL from base results in a mostly !! !! functionally unusable module due to lack of "Upgrade" !! !! capability in OpenSSL 1.0.1. !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! How can I re-install the openssl from base? I want to revert to that and see if it fixes my problems. Thanks, Bill Dudley This email is free of malware because I run Linux.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1674790533.1041889.1522758994593>