From owner-freebsd-questions@freebsd.org Tue Apr 3 13:54:22 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 667EFF82420 for ; Tue, 3 Apr 2018 13:54:22 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: from mail-yw0-x235.google.com (mail-yw0-x235.google.com [IPv6:2607:f8b0:4002:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ED51D7E592 for ; Tue, 3 Apr 2018 13:54:21 +0000 (UTC) (envelope-from wfdudley@gmail.com) Received: by mail-yw0-x235.google.com with SMTP id h14so693967ywm.1 for ; Tue, 03 Apr 2018 06:54:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:cc; bh=OT1eUzgJ7dtAAYC6zRnEgE4d2tOZC0wCwUvDsbLpx7M=; b=Rb9O5n8yquRtubsSKVwFJfwftFKvHVvcmZOWzAbcaxBvvJQkHyENQZZ8A7ZNE6wu0i r39OOzK8p9HwuYWHaGKf3CwAfEgnNe4U1PwIDB2v9ipsvYQLkuG9R9CxVLYfpY5DBVlf KF/7IDqAzbg5C90lom9eygV5otU8SiHMTrYdk8HG65rgs7HBSGOQSBV++zO3H6x2t/zp qp5v+JU6fhF/+1fMGtk6C0w/20xWjIusCjSuCLocIVtTRmuFGMnNxtoibjoZjWBsCtE1 0zZDVTtGXYfO943gKM42+/toNo4Tw5iniiC9Z+nowSSdXxiMycFUOuDFmqKSoF5F2KYM rDWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:cc; bh=OT1eUzgJ7dtAAYC6zRnEgE4d2tOZC0wCwUvDsbLpx7M=; b=NOQpdBsXmi3a96vQ++SJmgT5Yq1YdKeJpk8l8nMYP4qUpBEFRJPtK/7Mg2GCEzm+J1 12QLXRY0XKY+sHg8lshBA7jxnySHXTOfY2foAfIW+dsPJ38VEDvSe/dn7hkHGeuij8oL hVFgrHlOSFLNTDBnyt7zCMQZl8dF/72JUikljuuXfhL+atKg6rUGZori1vzjui9/Y6Gr 1BKOinqhqwtRGebmv+fMd5t3mpTW5Sy6Roc6EUMSDnBJ8YxUN7JFapxqGTpM8SDdl/ZT WzoQkIV7Kwe2PWJTu4GOmyv3+B4ABfd8wxcdUHOXePsnzc5r2o8Yt/6n5PHjREfsph2S 5QRA== X-Gm-Message-State: AElRT7F3fIt3ZtSkqS14kWW3iQ/aj5priY8HP9e0DxCu/RPOtuZ0rjuc UIgGfZ/1GBE/HgZGZRDXKFhTD8r57e5W5F5GCR1BJA== X-Google-Smtp-Source: AIpwx4+YjO6vqvmWec5vRiAi1Ig98qmBuN8gjX12GksknIDkdLiMGi/pmr6G8e3FiB1vsNZS3MPXvK/sd71deGG/a+o= X-Received: by 10.129.33.133 with SMTP id h127mr7797379ywh.299.1522763661186; Tue, 03 Apr 2018 06:54:21 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:2e48:0:0:0:0:0 with HTTP; Tue, 3 Apr 2018 06:54:20 -0700 (PDT) In-Reply-To: References: From: William Dudley Date: Tue, 3 Apr 2018 09:54:20 -0400 Message-ID: Subject: Re: MY Apache 2.4 SSL broken (FreeBSD 10.3) - help! Cc: freebsd-questions Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Apr 2018 13:54:22 -0000 The EXACT SAME SSLCertificateFile and SSLCertificateKeyFile are specified in the njsbmwr.dudley.nu.conf file, and that works just fine. I'm afraid that the package openssl doesn't like certs that are for multiple domains. If I can revert to base openssl, I can test this theory trivially. Bill Dudley This email is free of malware because I run Linux. On Tue, Apr 3, 2018 at 3:28 AM, Jack L. wrote: > installing the openssl package sounds unrelated, are you sure you've > defined > > SSLCertificateFile > and > SSLCertificateKeyFile > > properly and apache can read those paths? The error > Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no > certificate > assigned > > means it can't locate your cert > > On Mon, Apr 2, 2018 at 4:03 PM, William Dudley wrote: > > I'm running FreeBSD 10.3, all patched up using > > freebsd-update fetch > > freebsd-update install > > > > Because I got this scary warning when upgrading Apache 2.4 (pkg upgrade > > apache24) > > > > Message from apache24-2.4.33: > > > > !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > > !! mod_http2 on FreeBSD with OpenSSL from base results in a mostly !! > > !! functionally unusable module due to lack of "Upgrade" !! > > !! capability in OpenSSL 1.0.1. !! > > !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > > > > I installed openssl > > > > pkg install openssl > > > > Now, apache dies if I start it with any of these: > > > > > > . . . > > > > > > I get this in httpd-error.log: > > > > [Mon Apr 02 18:44:00.204869 2018] [ssl:emerg] [pid 82318] AH02572: Failed > > to configure at least one certificate and key for njsbmwr.org:80 > > [Mon Apr 02 18:44:00.205017 2018] [ssl:emerg] [pid 82318] SSL Library > > Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no > certificate > > assigned > > [Mon Apr 02 18:44:00.205027 2018] [ssl:emerg] [pid 82318] AH02312: Fatal > > error initialising mod_ssl, exiting. > > > > This was a formerly working installation with a handful of letsencrypt > > certificates. > > > > Did the openssl from pkg break this? > > > > How do I fix this? > > > > Thanks, > > Bill Dudley > > > > > > > > This email is free of malware because I run Linux. > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" >