From owner-freebsd-questions@freebsd.org Tue Apr 3 12:36:48 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D0476F7D4CB for ; Tue, 3 Apr 2018 12:36:47 +0000 (UTC) (envelope-from hansperryck@yahoo.com) Received: from sonic305-3.consmr.mail.bf2.yahoo.com (sonic305-3.consmr.mail.bf2.yahoo.com [74.6.133.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 75E447ADC1 for ; Tue, 3 Apr 2018 12:36:47 +0000 (UTC) (envelope-from hansperryck@yahoo.com) X-YMail-OSG: lnurVcQVM1mwWAv6yBZMBLNoFnYcheYE_KL6c5hdocXswJ3MflMiffrDJAfhbKI qEdSsBJ2w1rg4Pjt468O9xt8m5ZAJXnnIgVDhjBUfjdKl4Bt9T.vBeXkjJY_R4r72fYyVHHwVNYj k973HbY8WEJDh3DzXW7X0jM531aAfcYgZUpsQRj6lxaRydgGT_j5jqx_KfljU_a49sbHMMTUcsVD IyoAui6cZWlCfzdDBzBhBZuKfmwF6Ac2bc4Ey4j5IpkNJwv5qeff8TFa.41U5_J7LWP82LNSH.Qe 7kSZw25.AJjz28j2TeVdNKRxIxv2douh8oRXUzirOqI3PJ99T48gsA4YdDrn4rtWLGxEsq_gmVpo NQRA.NQE9yFpBntKRXe_232YvXn4mvZ9plESLnui8ZABWbcMY5ru0xfbU6d6iexC5GduxL7nba66 84SoZz3aqkbi2JBpUROosCerQS4GDpq9eIH0g2Mcm0acYxdJxx2fgrSYaMfTjKYbPlafj9h3JDMu BR3N3lhkFDtmEjGS4hzr.GVZgeG5fh6JoAskK0w-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.bf2.yahoo.com with HTTP; Tue, 3 Apr 2018 12:36:41 +0000 Date: Tue, 3 Apr 2018 12:36:34 +0000 (UTC) From: hans perryck Reply-To: "hansperryck@yahoo.com" To: "FreeBSD-questions@FreeBSD.org" Message-ID: <1674790533.1041889.1522758994593@mail.yahoo.com> Subject: cultural value based BPM MIME-Version: 1.0 References: <1674790533.1041889.1522758994593.ref@mail.yahoo.com> X-Mailer: WebService/1.1.11701 YahooMailAndroidMobile YMobile/1.0 (com.yahoo.mobile.client.android.mail/5.20.6; Android/7.1.1; NMF26X; gt510wifi; samsung; SM-T550; 9.71; 1024x768; ) Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Apr 2018 12:36:48 -0000 Hi, I am a newby on the FreeBSD platform but already taken just by its orig= inal =C2=A0intention and reviews. Wish I had heard from it earlier. Busy to= line up a smallbusiness and wanting to know if there are applications like= business processes modelling, entreprise architecture running on the platf= orm. For me it is vital if these can be made cultural value based, =C2=A0su= stainibility, transparency, accountable, etc. I will have a look into BPM's= myself as well, =C2=A0but want to bave ghis running parallel.=C2=A0Thank y= ou for your timeHans Perryck Hans Brinckers LtDInflatable Flooding BarriersAustralia Sent from Yahoo Mail on Android From owner-freebsd-questions@freebsd.org Tue Apr 3 13:48:18 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A228DF81D7E for ; Tue, 3 Apr 2018 13:48:18 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: from mail-yw0-x230.google.com (mail-yw0-x230.google.com [IPv6:2607:f8b0:4002:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 277157DFC9 for ; Tue, 3 Apr 2018 13:48:18 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: by mail-yw0-x230.google.com with SMTP id u15so6142328ywg.8 for ; Tue, 03 Apr 2018 06:48:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Voz++NJF46NwD1H/x3UI0dc13RwWkCqBdzc1PW2NN4k=; b=cneUPf4zZ0gw+kXe9AwqnnxiQRCjVuJ5YtOq/5F4NNRmUcc+Xa2Tpx+ky8vrrbCspG 4F8M7FvZMxfBLuiZXyFMlLyDum6/w/IDrYkNATT+9GlHHYZoALM1jJgs3FMTouLCwPix NdUQF0vxXRrVlTwvrCIlBqQupcZtIun4SdC8mdKlXA5vqEnoY5uGWHocrMRNXUJgd73G jLp+52seaoP/uE+Lv6/6e7S1Dsj0VF97sDgWfjX9OGmMd+QxeSxr5kx8xJem+PHq9Fok FcsYEnjUate6U1lVTTEpMmmpHioGa56xBq28MsA64zOTWtTICeHwarfF3EbhCPoX93H+ hadg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Voz++NJF46NwD1H/x3UI0dc13RwWkCqBdzc1PW2NN4k=; b=oiNuz8tpdcEmfuAzY3hgYXBNxE/KYH5f+Pz57yxp1O+42wmJ0ROMIGMLH/ELStKo2B FtAXNMyuWeNerdRwoYtw0F8vLYVRUeKp7m1taXy+E7nEgKOkpC95D67ZCa3KB3fXVpc1 jvt75iUMdZYRiC0rWpJ4BSWU+I5NDY2pPI2IoDXZ5hSqbRZYg/SAQhi7Sf+k9plnenxS qhwKYSwKtzfA4jprNwPD/qKp2IDI3EUAO6PQ4N/RyigbLPR4ugWaEq5Q2YYr/IkjcElJ 6zro5Dl1wYMQeo74DpZhhvI6pae6EfyOFpbk3Vop04NI3HHKST/WNVMoBfXAoieNwm/N v7yw== X-Gm-Message-State: AElRT7HD2FtFXW4Rouo01rcGj0bFfXkbX6lY2InsRitn2AED80Px64su vaQAAGwvKwMcLqRvj711kCpjbSDvaUK1WmZVFM7gLA== X-Google-Smtp-Source: AIpwx4+2nvrxUspfza8S2p/Tucw9iBMBSpo6EJIL/EpLAihBEwvpXRt7HLEHIfOAvV9qIDchlKPUxY2ztkFO2+gBK7M= X-Received: by 10.129.109.86 with SMTP id i83mr7608192ywc.347.1522763297273; Tue, 03 Apr 2018 06:48:17 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:2e48:0:0:0:0:0 with HTTP; Tue, 3 Apr 2018 06:48:16 -0700 (PDT) From: William Dudley Date: Tue, 3 Apr 2018 09:48:16 -0400 Message-ID: Subject: my Let's Encrypt certs "broken" overnight! To: freebsd-questions Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Apr 2018 13:48:19 -0000 FreeBSD 10.3 I run a hobby web server, with a couple of small clubs that pay me for hosting. I had letsencrypt certs for most of the sites I host, and they were working fine until a recent upgrade -- either apache 2.4 or openssl changed and now things are hosed. An example: I host www.njsbmwr.org. I have a "test" URL for development, njsbmwr.dudley.nu. Both share the same certificates, or at least, they used to. Now, if I uncomment the section for www.njsbmwr.org, apache throws an error and won't start. If I comment the section out, apache is happy but www.njsbmwr.org doesn't serve https pages. njsbmwr.dudley.nu has almost the identical section, and it works fine as https://njsbmwr.dudley.nu The apache error I get when I enable the section for www.njsbmwr.org is: [Tue Apr 03 09:13:29.141783 2018] [ssl:emerg] [pid 49861] AH02572: Failed to configure at least one certificate and key for njsbmwr.org:80 [Tue Apr 03 09:13:29.141947 2018] [ssl:emerg] [pid 49861] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned [Tue Apr 03 09:13:29.141982 2018] [ssl:emerg] [pid 49861] AH02312: Fatal error initialising mod_ssl, exiting. AH00016: Configuration Failed Here's the section that causes failure: ServerAdmin webmaster@dudley.nu ServerName www.njsbmwr.org DocumentRoot /usr/local/www/njsbmwr.dudley.nu Alias /.well-known/ /usr/local/www/.well-known/ ScriptAlias /cgi-bin/ "/usr/local/www/njsbmwr.dudley.nu/cgi-bin/" SSLEngine on SSLCertificateFile \ "/usr/local/etc/letsencrypt/live/njsbmwr.dudley.nu/cert.pem" SSLCertificateKeyFile \ "/usr/local/etc/letsencrypt/live/njsbmwr.dudley.nu/privkey.pem" SSLCertificateChainFile \ "/usr/local/etc/letsencrypt/live/njsbmwr.dudley.nu/fullchain.pem" SSLOptions +StdEnvVars BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "/var/log/njsbmwr.dudley.nu-httpd-ssl_request.log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'u nsafe-inline' pagead2.googlesyndication.com www.google-analytics.com *.cloudflar e.com www.paypal.com; img-src 'self' *.crystalbrook.com www.paypalobjects.com" Header set X-Frame-Options SAMEORIGIN Header set X-XSS-Protection "1; mode=block" Header set X-Content-Type-Options nosniff ErrorDocument 404 /errormessages/oatmeal_404.html ErrorDocument 500 /errormessages/oatmeal_500.html ErrorDocument 503 /errormessages/oatmeal_503.html ErrorLog /var/log/njsbmwr.dudley.nu-error_log CustomLog /var/log/njsbmwr.dudley.nu-access_log combined Options +ExecCGI +FollowSymLinks +Includes +Indexes -SymLinksIfOwnerMatc h AllowOverride All Order allow,deny Allow from all The ONLY difference between this section, that doesn't work, and the section that DOES work is the ServerName line: < ServerName njsbmwr.dudley.nu --- > ServerName www.njsbmwr.org More info: pkg info | grep apache apache24-2.4.33 Version 2.4.x of Apache web server pkg info | grep openssl openssl-1.0.2o,1 SSL and crypto library I am mystified, and running out of ideas on what to try. I suspect the openssl I installed from a package, because of this scary warning that the apache upgrade gave me: Message from apache24-2.4.33: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! mod_http2 on FreeBSD with OpenSSL from base results in a mostly !! !! functionally unusable module due to lack of "Upgrade" !! !! capability in OpenSSL 1.0.1. !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! How can I re-install the openssl from base? I want to revert to that and see if it fixes my problems. Thanks, Bill Dudley This email is free of malware because I run Linux.