Date: Tue, 3 Apr 2018 12:36:34 +0000 (UTC) From: hans perryck <hansperryck@yahoo.com> To: "FreeBSD-questions@FreeBSD.org" <FreeBSD-questions@FreeBSD.org> Subject: cultural value based BPM Message-ID: <1674790533.1041889.1522758994593@mail.yahoo.com> References: <1674790533.1041889.1522758994593.ref@mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I am a newby on the FreeBSD platform but already taken just by its orig= inal =C2=A0intention and reviews. Wish I had heard from it earlier. Busy to= line up a smallbusiness and wanting to know if there are applications like= business processes modelling, entreprise architecture running on the platf= orm. For me it is vital if these can be made cultural value based, =C2=A0su= stainibility, transparency, accountable, etc. I will have a look into BPM's= myself as well, =C2=A0but want to bave ghis running parallel.=C2=A0Thank y= ou for your timeHans Perryck Hans Brinckers LtDInflatable Flooding BarriersAustralia Sent from Yahoo Mail on Android From owner-freebsd-questions@freebsd.org Tue Apr 3 13:48:18 2018 Return-Path: <owner-freebsd-questions@freebsd.org> Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A228DF81D7E for <freebsd-questions@mailman.ysv.freebsd.org>; Tue, 3 Apr 2018 13:48:18 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: from mail-yw0-x230.google.com (mail-yw0-x230.google.com [IPv6:2607:f8b0:4002:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 277157DFC9 for <freebsd-questions@freebsd.org>; Tue, 3 Apr 2018 13:48:18 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: by mail-yw0-x230.google.com with SMTP id u15so6142328ywg.8 for <freebsd-questions@freebsd.org>; Tue, 03 Apr 2018 06:48:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=Voz++NJF46NwD1H/x3UI0dc13RwWkCqBdzc1PW2NN4k=; b=cneUPf4zZ0gw+kXe9AwqnnxiQRCjVuJ5YtOq/5F4NNRmUcc+Xa2Tpx+ky8vrrbCspG 4F8M7FvZMxfBLuiZXyFMlLyDum6/w/IDrYkNATT+9GlHHYZoALM1jJgs3FMTouLCwPix NdUQF0vxXRrVlTwvrCIlBqQupcZtIun4SdC8mdKlXA5vqEnoY5uGWHocrMRNXUJgd73G jLp+52seaoP/uE+Lv6/6e7S1Dsj0VF97sDgWfjX9OGmMd+QxeSxr5kx8xJem+PHq9Fok FcsYEnjUate6U1lVTTEpMmmpHioGa56xBq28MsA64zOTWtTICeHwarfF3EbhCPoX93H+ hadg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Voz++NJF46NwD1H/x3UI0dc13RwWkCqBdzc1PW2NN4k=; b=oiNuz8tpdcEmfuAzY3hgYXBNxE/KYH5f+Pz57yxp1O+42wmJ0ROMIGMLH/ELStKo2B FtAXNMyuWeNerdRwoYtw0F8vLYVRUeKp7m1taXy+E7nEgKOkpC95D67ZCa3KB3fXVpc1 jvt75iUMdZYRiC0rWpJ4BSWU+I5NDY2pPI2IoDXZ5hSqbRZYg/SAQhi7Sf+k9plnenxS qhwKYSwKtzfA4jprNwPD/qKp2IDI3EUAO6PQ4N/RyigbLPR4ugWaEq5Q2YYr/IkjcElJ 6zro5Dl1wYMQeo74DpZhhvI6pae6EfyOFpbk3Vop04NI3HHKST/WNVMoBfXAoieNwm/N v7yw== X-Gm-Message-State: AElRT7HD2FtFXW4Rouo01rcGj0bFfXkbX6lY2InsRitn2AED80Px64su vaQAAGwvKwMcLqRvj711kCpjbSDvaUK1WmZVFM7gLA== X-Google-Smtp-Source: AIpwx4+2nvrxUspfza8S2p/Tucw9iBMBSpo6EJIL/EpLAihBEwvpXRt7HLEHIfOAvV9qIDchlKPUxY2ztkFO2+gBK7M= X-Received: by 10.129.109.86 with SMTP id i83mr7608192ywc.347.1522763297273; Tue, 03 Apr 2018 06:48:17 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:2e48:0:0:0:0:0 with HTTP; Tue, 3 Apr 2018 06:48:16 -0700 (PDT) From: William Dudley <wfdudley@gmail.com> Date: Tue, 3 Apr 2018 09:48:16 -0400 Message-ID: <CAFsnNZL=J8=+ca1COD7Y_CbhV5aAK-kaN-HguYwLmuyXpU5PnA@mail.gmail.com> Subject: my Let's Encrypt certs "broken" overnight! To: freebsd-questions <freebsd-questions@freebsd.org> Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions <freebsd-questions.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>; List-Post: <mailto:freebsd-questions@freebsd.org> List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, <mailto:freebsd-questions-request@freebsd.org?subject=subscribe> X-List-Received-Date: Tue, 03 Apr 2018 13:48:19 -0000 FreeBSD 10.3 I run a hobby web server, with a couple of small clubs that pay me for hosting. I had letsencrypt certs for most of the sites I host, and they were working fine until a recent upgrade -- either apache 2.4 or openssl changed and now things are hosed. An example: I host www.njsbmwr.org. I have a "test" URL for development, njsbmwr.dudley.nu. Both share the same certificates, or at least, they used to. Now, if I uncomment the <VirtualHost *:443> section for www.njsbmwr.org, apache throws an error and won't start. If I comment the section out, apache is happy but www.njsbmwr.org doesn't serve https pages. njsbmwr.dudley.nu has almost the identical <VirtualHost *:443> section, and it works fine as https://njsbmwr.dudley.nu The apache error I get when I enable the <VirtualHost *:443> section for www.njsbmwr.org is: [Tue Apr 03 09:13:29.141783 2018] [ssl:emerg] [pid 49861] AH02572: Failed to configure at least one certificate and key for njsbmwr.org:80 [Tue Apr 03 09:13:29.141947 2018] [ssl:emerg] [pid 49861] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned [Tue Apr 03 09:13:29.141982 2018] [ssl:emerg] [pid 49861] AH02312: Fatal error initialising mod_ssl, exiting. AH00016: Configuration Failed Here's the <VirtualHost *:443> section that causes failure: <VirtualHost *:443> ServerAdmin webmaster@dudley.nu ServerName www.njsbmwr.org DocumentRoot /usr/local/www/njsbmwr.dudley.nu Alias /.well-known/ /usr/local/www/.well-known/ ScriptAlias /cgi-bin/ "/usr/local/www/njsbmwr.dudley.nu/cgi-bin/" SSLEngine on SSLCertificateFile \ "/usr/local/etc/letsencrypt/live/njsbmwr.dudley.nu/cert.pem" SSLCertificateKeyFile \ "/usr/local/etc/letsencrypt/live/njsbmwr.dudley.nu/privkey.pem" SSLCertificateChainFile \ "/usr/local/etc/letsencrypt/live/njsbmwr.dudley.nu/fullchain.pem" SSLOptions +StdEnvVars BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "/var/log/njsbmwr.dudley.nu-httpd-ssl_request.log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'u nsafe-inline' pagead2.googlesyndication.com www.google-analytics.com *.cloudflar e.com www.paypal.com; img-src 'self' *.crystalbrook.com www.paypalobjects.com" Header set X-Frame-Options SAMEORIGIN Header set X-XSS-Protection "1; mode=block" Header set X-Content-Type-Options nosniff ErrorDocument 404 /errormessages/oatmeal_404.html ErrorDocument 500 /errormessages/oatmeal_500.html ErrorDocument 503 /errormessages/oatmeal_503.html ErrorLog /var/log/njsbmwr.dudley.nu-error_log CustomLog /var/log/njsbmwr.dudley.nu-access_log combined <Directory "/usr/local/www/njsbmwr.dudley.nu"> Options +ExecCGI +FollowSymLinks +Includes +Indexes -SymLinksIfOwnerMatc h AllowOverride All </Directory> <Location /> Order allow,deny Allow from all </Location> </VirtualHost> The ONLY difference between this section, that doesn't work, and the section that DOES work is the ServerName line: < ServerName njsbmwr.dudley.nu --- > ServerName www.njsbmwr.org More info: pkg info | grep apache apache24-2.4.33 Version 2.4.x of Apache web server pkg info | grep openssl openssl-1.0.2o,1 SSL and crypto library I am mystified, and running out of ideas on what to try. I suspect the openssl I installed from a package, because of this scary warning that the apache upgrade gave me: Message from apache24-2.4.33: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! mod_http2 on FreeBSD with OpenSSL from base results in a mostly !! !! functionally unusable module due to lack of "Upgrade" !! !! capability in OpenSSL 1.0.1. !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! How can I re-install the openssl from base? I want to revert to that and see if it fixes my problems. Thanks, Bill Dudley This email is free of malware because I run Linux.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1674790533.1041889.1522758994593>