Date: Tue, 3 Apr 2018 09:54:20 -0400 From: William Dudley <wfdudley@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: MY Apache 2.4 SSL broken (FreeBSD 10.3) - help! Message-ID: <CAFsnNZ%2BZD6Z%2Ba509V9z3oSz4SEWmi1iG0RfnP5DWXVjutSR_tw@mail.gmail.com> In-Reply-To: <CALeGphykA2cmQR5138C_2voDCWuUOQM9P22JTx7sCiFCLw4c9w@mail.gmail.com> References: <CAFsnNZJQxuvzOveoceAymYz%2B%2B0V8gJAc7P4uv3ufirBrhTUQ6g@mail.gmail.com> <CALeGphykA2cmQR5138C_2voDCWuUOQM9P22JTx7sCiFCLw4c9w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The EXACT SAME SSLCertificateFile and SSLCertificateKeyFile are specified in the njsbmwr.dudley.nu.conf file, and that works just fine. I'm afraid that the package openssl doesn't like certs that are for multiple domains. If I can revert to base openssl, I can test this theory trivially. Bill Dudley This email is free of malware because I run Linux. On Tue, Apr 3, 2018 at 3:28 AM, Jack L. <xxjack12xx@gmail.com> wrote: > installing the openssl package sounds unrelated, are you sure you've > defined > > SSLCertificateFile > and > SSLCertificateKeyFile > > properly and apache can read those paths? The error > Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no > certificate > assigned > > means it can't locate your cert > > On Mon, Apr 2, 2018 at 4:03 PM, William Dudley <wfdudley@gmail.com> wrote: > > I'm running FreeBSD 10.3, all patched up using > > freebsd-update fetch > > freebsd-update install > > > > Because I got this scary warning when upgrading Apache 2.4 (pkg upgrade > > apache24) > > > > Message from apache24-2.4.33: > > > > !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > > !! mod_http2 on FreeBSD with OpenSSL from base results in a mostly !! > > !! functionally unusable module due to lack of "Upgrade" !! > > !! capability in OpenSSL 1.0.1. !! > > !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! > > > > I installed openssl > > > > pkg install openssl > > > > Now, apache dies if I start it with any of these: > > > > <VirtualHost *:443> > > . . . > > </VirtualHost> > > > > I get this in httpd-error.log: > > > > [Mon Apr 02 18:44:00.204869 2018] [ssl:emerg] [pid 82318] AH02572: Failed > > to configure at least one certificate and key for njsbmwr.org:80 > > [Mon Apr 02 18:44:00.205017 2018] [ssl:emerg] [pid 82318] SSL Library > > Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no > certificate > > assigned > > [Mon Apr 02 18:44:00.205027 2018] [ssl:emerg] [pid 82318] AH02312: Fatal > > error initialising mod_ssl, exiting. > > > > This was a formerly working installation with a handful of letsencrypt > > certificates. > > > > Did the openssl from pkg break this? > > > > How do I fix this? > > > > Thanks, > > Bill Dudley > > > > > > > > This email is free of malware because I run Linux. > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFsnNZ%2BZD6Z%2Ba509V9z3oSz4SEWmi1iG0RfnP5DWXVjutSR_tw>