I just created a ssl certificate shown here : http://www.tecchannel.de/a/owncloud-9-unter-ubuntu-server-16-04-lts-installieren,3277807,2
now if I start apache I get no error but with service apache2 status I get a error , error log :
[Fri Mar 31 14:55:59.639400 2017] [ssl:error] [pid 21071] AH02579: Init: Private key not found
[Fri Mar 31 14:55:59.639479 2017] [ssl:error] [pid 21071] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Mar 31 14:55:59.639494 2017] [ssl:error] [pid 21071] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Fri Mar 31 14:55:59.639504 2017] [ssl:error] [pid 21071] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Mar 31 14:55:59.639515 2017] [ssl:error] [pid 21071] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Fri Mar 31 14:55:59.639526 2017] [ssl:error] [pid 21071] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Fri Mar 31 14:55:59.639536 2017] [ssl:error] [pid 21071] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Mar 31 14:55:59.639547 2017] [ssl:error] [pid 21071] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Fri Mar 31 14:55:59.639553 2017] [ssl:emerg] [pid 21071] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
[Fri Mar 31 14:55:59.639558 2017] [ssl:emerg] [pid 21071] AH02564: Failed to configure encrypted (?) private key localhost:443:0, check /etc/apache2/ssl/apache.crt
AH00016: Configuration Failed
but whats wrong ? the file in /etc/apache2/ssl/apache.crt exists of course ... and why "Private key not found" ? apache.key exists too.
any help ? :(
While generating CRS request, it generates 2 files
example.csr
example.key -> You need to include this file in SSL configuration.
Make sure you have included key file in ssl configuration.
Key file should look like :
-----BEGIN PRIVATE KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END PRIVATE KEY-----
I think you should recheck your configuration steps.. After creating the .key file you have to give proper permission so that it should readable and writable by root.
Follow the below link which may solve your problem.
https://www.howtoforge.com/how-to-set-up-an-ssl-vhost-under-apache2-on-ubuntu-9.10-debian-lenny
Related
I have just downloaded SSL certificate from cheapsslsecurity, but apache is giving above errors.
[Sun Jul 17 15:30:01.256726 2022] [ssl:emerg] [pid 3640] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Sun Jul 17 15:30:01.256729 2022] [ssl:emerg] [pid 3640] AH02312: Fatal error initialising mod_ssl, exiting.
[Sun Jul 17 16:00:01.434769 2022] [suexec:notice] [pid 3698] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Jul 17 16:00:01.439767 2022] [ssl:emerg] [pid 3698] AH02238: Unable to configure RSA server private key
[Sun Jul 17 16:00:01.439859 2022] [ssl:emerg] [pid 3698] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Sun Jul 17 16:00:01.439862 2022] [ssl:emerg] [pid 3698] AH02312: Fatal error initialising mod_ssl, exiting.
Things I tried
Checked private key and certificate key and they are matching
In SSL certificate entered the path for crt file. Private key entered the private key file. In SSLCACertificateFile entered the bundle path provided by the site.
Removed spaces from private key
Encoding of private key file is UTF-8 and also tried changing .txt to .key
Checked validity of certificae and it is of next year
I am trying to setup the following:
User ---https---> Apache ---http---> Company Proxy ---https---> Third party webserver (nginx)
The Apache must send an SSL client certificate for authentication by the webserver.
I am using Apache 2.4.41 / OpenSSL 1.1.1d.
If I am testing the setup with curl and sending the SSL client cert to the webserver via the company
(i.e. bypassing the Apache), it works perfectly. However, if I am using curl to connect to the Apache,
it fails.
I have configured (relevant parts only) as an Apache VHost
===
ServerName test1.company.com:5140
SSLEngine on
KeepAlive on
SSLProxyEngine On
SSLProxyCheckPeerCN off
SSLProxyVerify none
SSLProxyCheckPeerName off
SSLProxyCACertificateFile conf/ssl/ca-bundle-proxy.crt
# client certificate (contains unencrypted concatenated private key and server certificate)
SSLProxyMachineCertificateFile ssl.client
ProxyRemote "*" "http://proxy.company.de:8080"
ProxyTimeout 30
Timeout 30
# explicity required
ProxyPreserveHost Off
<Location /mycontext>
ProxyPass https://www.thirdparty.com:443/mycontext
ProxyPassReverse https://www.thirdparty.com:443/mycontext
</Location>
I get in the logfile (extract):
[Mon Mar 23 14:18:26.150538 2020] [ssl:trace4] [pid 116307:tid 140486627026688] ssl_engine_io.c(2212): [remote proxy.company.com:8080] OpenSSL: read 5/5 bytes from BIO#7fc57000ddb0 [mem: 7fc57002f863] (BIO dump follows)
[Mon Mar 23 14:18:26.150558 2020] [ssl:trace4] [pid 116307:tid 140486627026688] ssl_engine_io.c(2212): [remote proxy.company.com:8080] OpenSSL: read 117/204 bytes from BIO#7fc57000ddb0 [mem: 7fc57002f868] (BIO dump follows)
[Mon Mar 23 14:18:26.165597 2020] [ssl:trace4] [pid 116307:tid 140486627026688] ssl_engine_io.c(2212): [remote proxy.company.com:8080] OpenSSL: read 87/87 bytes from BIO#7fc57000ddb0 [mem: 7fc57002f8dd] (BIO dump follows)
[Mon Mar 23 14:18:26.165643 2020] [ssl:trace3] [pid 116307:tid 140486627026688] ssl_engine_kernel.c(2192): [remote proxy.company.com:8080] OpenSSL: Loop: SSLv3/TLS read server key exchange
[Mon Mar 23 14:18:26.165687 2020] [ssl:debug] [pid 116307:tid 140486627026688] ssl_engine_kernel.c(1943): AH02267: Proxy client certificate callback: (test1.company.com:5140) entered
[Mon Mar 23 14:18:26.165691 2020] [ssl:debug] [pid 116307:tid 140486627026688] ssl_engine_kernel.c(2013): AH02269: Proxy client certificate callback: (test1.company.com:5140) no client certificate found!?
[Mon Mar 23 14:18:26.165708 2020] [ssl:trace3] [pid 116307:tid 140486627026688] ssl_engine_kernel.c(2192): [remote proxy.company.com:8080] OpenSSL: Loop: SSLv3/TLS read server certificate request
[Mon Mar 23 14:18:26.165712 2020] [ssl:trace3] [pid 116307:tid 140486627026688] ssl_engine_kernel.c(2192): [remote proxy.company.com:8080] OpenSSL: Loop: SSLv3/TLS read server done
[Mon Mar 23 14:18:26.165722 2020] [ssl:trace3] [pid 116307:tid 140486627026688] ssl_engine_kernel.c(2192): [remote proxy.company.com:8080] OpenSSL: Loop: SSLv3/TLS write client certificate
[Mon Mar 23 14:18:26.165881 2020] [ssl:trace3] [pid 116307:tid 140486627026688] ssl_engine_kernel.c(2192): [remote proxy.company.com:8080] OpenSSL: Loop: SSLv3/TLS write client key exchange
[Mon Mar 23 14:18:26.165910 2020] [ssl:trace3] [pid 116307:tid 140486627026688] ssl_engine_kernel.c(2192): [remote proxy.company.com:8080] OpenSSL: Loop: SSLv3/TLS write change cipher spec
[Mon Mar 23 14:18:26.165947 2020] [ssl:trace4] [pid 116307:tid 140486627026688] ssl_engine_io.c(2212): [remote proxy.company.com:8080] OpenSSL: write 138/138 bytes to BIO#7fc57000e190 [mem: 7fc57002a5a0] (BIO dump follows)
[Mon Mar 23 14:18:26.235214 2020] [ssl:trace3] [pid 116307:tid 140486627026688] ssl_engine_kernel.c(2192): [remote proxy.company.com:8080] OpenSSL: Loop: SSLv3/TLS read change cipher spec
[Mon Mar 23 14:18:26.235242 2020] [ssl:trace3] [pid 116307:tid 140486627026688] ssl_engine_kernel.c(2192): [remote proxy.company.com:8080] OpenSSL: Loop: SSLv3/TLS read finished
[Mon Mar 23 14:18:26.235254 2020] [ssl:trace3] [pid 116307:tid 140486627026688] ssl_engine_kernel.c(2187): [remote proxy.company.com:8080] OpenSSL: Handshake: done
[Mon Mar 23 14:18:26.235265 2020] [ssl:debug] [pid 116307:tid 140486627026688] ssl_engine_kernel.c(2236): [remote proxy.company.com:8080] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
The output of curl via the Apache :
< HTTP/1.1 400 Bad Request
< Date: Mon, 23 Mar 2020 13:18:26 GMT
< Server: nginx
< Content-Type: text/html
< Content-Length: 246
< Connection: close
<
<html>
<head><title>400 No required SSL certificate was sent</title></head>
Questions:
Why does it say "no client certificate found!?" and "write client certificate" ? It's a little bit confusing.
As far as I know, the exchange of the SSL client certificate is done in the SSL handshake. How can the handshake be completed if there is an error with sending the client cert?
Does anybody have an idea what needs to be changed in the Apache configuration to get this working?
Any help is greatly appreciated.
Thanks
Christian
Why does it say "no client certificate found!?" and "write client certificate" ? It's a little bit confusing.
If the server requested a client certificate the client will send the requested Certificate record. But this might contain nothing (i.e. 0 certificates).
As far as I know, the exchange of the SSL client certificate is done in the SSL handshake. How can the handshake be completed if there is an error with sending the client cert?
A client certificate can be mandatory or optional. The client cannot see if it is mandatory or not, only that a certificate is requested. The server or application might decide to check if the certificate is the expected one after the handshake itself is completed. Only if the handshake is completed the client can send a HTTP request and get a HTTP response with the comparably nice error message. Otherwise the client would just get a strange handshake error.
Does anybody have an idea what needs to be changed in the Apache configuration to get this working?
The config you present looks actually good but the problem might be in the details. For example the certificate file might be wrong so that a certificate and key cannot actually be found inside. Hard to tell without having a look at these kind of details. Or the certificate does not match the list of CA the server presented as possible issuers for the client certificate.
I am trying to install SSL, but I cant restart apache
/opt/bitnami/apache2/conf# sudo /opt/bitnami/ctlscript.sh restart apache
Unmonitored apache
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : apache not running
Syntax OK
/opt/bitnami/apache2/scripts/ctl.sh : httpd could not be started
Monitored apache
and got this error in log file
[Sun Oct 06 10:18:18.967677 2019] [ssl:error] [pid 16507:tid 140079867070208] AH02579: Init: Private key not found
[Sun Oct 06 10:18:18.967727 2019] [ssl:error] [pid 16507:tid 140079867070208] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Oct 06 10:18:18.967742 2019] [ssl:error] [pid 16507:tid 140079867070208] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Sun Oct 06 10:18:18.967753 2019] [ssl:error] [pid 16507:tid 140079867070208] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Oct 06 10:18:18.967765 2019] [ssl:error] [pid 16507:tid 140079867070208] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Sun Oct 06 10:18:18.967776 2019] [ssl:error] [pid 16507:tid 140079867070208] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Sun Oct 06 10:18:18.967787 2019] [ssl:error] [pid 16507:tid 140079867070208] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun Oct 06 10:18:18.967798 2019] [ssl:error] [pid 16507:tid 140079867070208] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Sun Oct 06 10:18:18.967803 2019] [ssl:emerg] [pid 16507:tid 140079867070208] AH02312: Fatal error initialising mod_ssl, exiting.
[Sun Oct 06 10:18:18.967807 2019] [ssl:emerg] [pid 16507:tid 140079867070208] AH02564: Failed to configure encrypted (?) private key mysite.com:443:0, check /opt/bitnami/apache2/conf/4ea303957fff9adb.pem
AH00016: Configuration Failed
I start the apache2 server in the Debian 8 machine and have the output provided:
$ sudo /etc/init.d/apache2 start
[ ok ] Starting apache2 (via systemctl): apache2.service.
Now, when checking the status, I find this output provided below,
$ sudo systemctl -l status apache2
● apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2)
Drop-In: /lib/systemd/system/apache2.service.d
└─forking.conf
Active: inactive (dead) since Fri 2018-01-05 18:53:18 BDT; 2min 56s ago
Process: 9603 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
Process: 9585 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)
Jan 05 18:53:18 debian8 apache2[9585]: Starting web server: apache2AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message
Jan 05 18:53:18 debian8 apache2[9585]: Action 'start' failed.
Jan 05 18:53:18 debian8 apache2[9585]: The Apache error log may have more information.
Jan 05 18:53:18 debian8 apache2[9585]: .
Jan 05 18:53:18 debian8 apache2[9603]: Stopping web server: apache2.
The line informs that, Jan 05 18:53:18 debian8 apache2[9585]: Action 'start' failed. I assume that means the apache server is not running.
I looked for the error log and find,
$ sudo cat /var/log/apache2/error.log
[Fri Jan 05 07:31:23.141452 2018] [ssl:warn] [pid 1905] AH01916: Init: (local.test:443) You configured HTTP(80) on the standard HTTPS(443) port!
[Fri Jan 05 07:31:23.141542 2018] [mpm_prefork:notice] [pid 1905] AH00163: Apache/2.4.10 (Debian) OpenSSL/1.0.1t configured -- resuming normal operations
[Fri Jan 05 07:31:23.141550 2018] [core:notice] [pid 1905] AH00094: Command line: '/usr/sbin/apache2'
[Fri Jan 05 10:27:07.347727 2018] [mpm_prefork:notice] [pid 1905] AH00169: caught SIGTERM, shutting down
[Fri Jan 05 10:45:01.716439 2018] [ssl:warn] [pid 1754] AH01916: Init: (local.test:443) You configured HTTP(80) on the standard HTTPS(443) port!
[Fri Jan 05 10:45:01.928468 2018] [ssl:warn] [pid 1793] AH01916: Init: (local.test:443) You configured HTTP(80) on the standard HTTPS(443) port!
[Fri Jan 05 10:45:01.948283 2018] [mpm_prefork:notice] [pid 1793] AH00163: Apache/2.4.10 (Debian) OpenSSL/1.0.1t configured -- resuming normal operations
[Fri Jan 05 10:45:01.948331 2018] [core:notice] [pid 1793] AH00094: Command line: '/usr/sbin/apache2'
[Fri Jan 05 10:57:54.207319 2018] [mpm_prefork:notice] [pid 1793] AH00169: caught SIGTERM, shutting down
[Fri Jan 05 10:59:21.635105 2018] [ssl:warn] [pid 1801] AH01916: Init: (local.test:443) You configured HTTP(80) on the standard HTTPS(443) port!
[Fri Jan 05 10:59:21.766752 2018] [ssl:warn] [pid 1837] AH01916: Init: (local.test:443) You configured HTTP(80) on the standard HTTPS(443) port!
[Fri Jan 05 10:59:21.770769 2018] [mpm_prefork:notice] [pid 1837] AH00163: Apache/2.4.10 (Debian) OpenSSL/1.0.1t configured -- resuming normal operations
[Fri Jan 05 10:59:21.770827 2018] [core:notice] [pid 1837] AH00094: Command line: '/usr/sbin/apache2'
[Fri Jan 05 11:29:49.123102 2018] [mpm_prefork:notice] [pid 1837] AH00169: caught SIGTERM, shutting down
[Fri Jan 05 11:33:46.931328 2018] [ssl:warn] [pid 1700] AH01916: Init: (local.test:443) You configured HTTP(80) on the standard HTTPS(443) port!
[Fri Jan 05 11:33:47.107058 2018] [ssl:warn] [pid 1750] AH01916: Init: (local.test:443) You configured HTTP(80) on the standard HTTPS(443) port!
[Fri Jan 05 11:33:47.120610 2018] [mpm_prefork:notice] [pid 1750] AH00163: Apache/2.4.10 (Debian) OpenSSL/1.0.1t configured -- resuming normal operations
[Fri Jan 05 11:33:47.120650 2018] [core:notice] [pid 1750] AH00094: Command line: '/usr/sbin/apache2'
[Fri Jan 05 14:34:06.958963 2018] [mpm_prefork:notice] [pid 1750] AH00169: caught SIGTERM, shutting down
[Fri Jan 05 14:34:08.857489 2018] [ssl:emerg] [pid 31187] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/cxClient443.draglet.test-error.log for more information
AH00016: Configuration Failed
[Fri Jan 05 14:48:49.228927 2018] [ssl:emerg] [pid 2360] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/cxClient443.draglet.test-error.log for more information
AH00016: Configuration Failed
[Fri Jan 05 14:56:07.665868 2018] [ssl:emerg] [pid 4309] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/cxClient443.draglet.test-error.log for more information
AH00016: Configuration Failed
[Fri Jan 05 14:56:29.491940 2018] [ssl:emerg] [pid 4465] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/cxClient443.draglet.test-error.log for more information
AH00016: Configuration Failed
[Fri Jan 05 15:01:14.384576 2018] [ssl:emerg] [pid 5618] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/cxClient443.draglet.test-error.log for more information
AH00016: Configuration Failed
[Fri Jan 05 15:01:18.064625 2018] [ssl:emerg] [pid 5704] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/cxClient443.draglet.test-error.log for more information
AH00016: Configuration Failed
[Fri Jan 05 15:01:52.921632 2018] [ssl:emerg] [pid 5893] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/cxClient443.draglet.test-error.log for more information
AH00016: Configuration Failed
[Fri Jan 05 15:23:58.732664 2018] [ssl:emerg] [pid 11914] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/cxClient443.draglet.test-error.log for more information
AH00016: Configuration Failed
[Fri Jan 05 15:24:13.462265 2018] [ssl:emerg] [pid 14259] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/cxClient443.draglet.test-error.log for more information
AH00016: Configuration Failed
[Fri Jan 05 15:29:12.703894 2018] [ssl:emerg] [pid 15379] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/cxClient443.draglet.test-error.log for more information
AH00016: Configuration Failed
[Fri Jan 05 16:14:41.286196 2018] [ssl:emerg] [pid 26572] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/cxClient443.draglet.test-error.log for more information
AH00016: Configuration Failed
[Fri Jan 05 16:14:55.140590 2018] [ssl:emerg] [pid 26682] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/cxClient443.draglet.test-error.log for more information
AH00016: Configuration Failed
[Fri Jan 05 16:15:30.060982 2018] [ssl:emerg] [pid 26854] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/cxClient443.draglet.test-error.log for more information
AH00016: Configuration Failed
[Fri Jan 05 18:53:18.353757 2018] [ssl:emerg] [pid 9599] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/cxClient443.draglet.test-error.log for more information
AH00016: Configuration Failed
The error log for the cxClient443.draglet.test-error.log provided below,
$ sudo nano /var/log/apache2/cxClient443.draglet.test-error.log
[Fri Jan 05 07:31:23.141321 2018] [ssl:warn] [pid 1905] AH01906: cxClient443.draglet.test:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jan 05 07:31:23.141365 2018] [ssl:warn] [pid 1905] AH01909: cxClient443.draglet.test:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jan 05 10:45:01.715668 2018] [ssl:warn] [pid 1754] AH01906: cxClient443.draglet.test:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jan 05 10:45:01.716274 2018] [ssl:warn] [pid 1754] AH01909: cxClient443.draglet.test:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jan 05 10:45:01.928326 2018] [ssl:warn] [pid 1793] AH01906: cxClient443.draglet.test:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jan 05 10:45:01.928366 2018] [ssl:warn] [pid 1793] AH01909: cxClient443.draglet.test:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jan 05 10:59:21.634605 2018] [ssl:warn] [pid 1801] AH01906: cxClient443.draglet.test:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jan 05 10:59:21.634976 2018] [ssl:warn] [pid 1801] AH01909: cxClient443.draglet.test:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jan 05 10:59:21.766633 2018] [ssl:warn] [pid 1837] AH01906: cxClient443.draglet.test:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jan 05 10:59:21.766671 2018] [ssl:warn] [pid 1837] AH01909: cxClient443.draglet.test:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jan 05 11:33:46.930717 2018] [ssl:warn] [pid 1700] AH01906: cxClient443.draglet.test:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jan 05 11:33:46.931209 2018] [ssl:warn] [pid 1700] AH01909: cxClient443.draglet.test:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jan 05 11:33:47.106862 2018] [ssl:warn] [pid 1750] AH01906: cxClient443.draglet.test:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jan 05 11:33:47.106917 2018] [ssl:warn] [pid 1750] AH01909: cxClient443.draglet.test:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jan 05 14:34:08.853654 2018] [ssl:emerg] [pid 31187] AH02572: Failed to configure at least one certificate and key for cxClient443.draglet.test:80
[Fri Jan 05 14:34:08.857467 2018] [ssl:emerg] [pid 31187] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Fri Jan 05 14:48:49.228822 2018] [ssl:emerg] [pid 2360] AH02572: Failed to configure at least one certificate and key for cxClient443.draglet.test:80
[Fri Jan 05 14:48:49.228920 2018] [ssl:emerg] [pid 2360] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Fri Jan 05 14:56:07.665783 2018] [ssl:emerg] [pid 4309] AH02572: Failed to configure at least one certificate and key for cxClient443.draglet.test:80
[Fri Jan 05 14:56:07.665861 2018] [ssl:emerg] [pid 4309] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Fri Jan 05 14:56:29.491840 2018] [ssl:emerg] [pid 4465] AH02572: Failed to configure at least one certificate and key for cxClient443.draglet.test:80
[Fri Jan 05 14:56:29.491931 2018] [ssl:emerg] [pid 4465] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Fri Jan 05 15:01:14.384494 2018] [ssl:emerg] [pid 5618] AH02572: Failed to configure at least one certificate and key for cxClient443.draglet.test:80
[Fri Jan 05 15:01:14.384569 2018] [ssl:emerg] [pid 5618] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Fri Jan 05 15:01:18.064529 2018] [ssl:emerg] [pid 5704] AH02572: Failed to configure at least one certificate and key for cxClient443.draglet.test:80
[Fri Jan 05 15:01:18.064611 2018] [ssl:emerg] [pid 5704] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Fri Jan 05 15:01:52.921550 2018] [ssl:emerg] [pid 5893] AH02572: Failed to configure at least one certificate and key for cxClient443.draglet.test:80
[Fri Jan 05 15:01:52.921625 2018] [ssl:emerg] [pid 5893] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Fri Jan 05 15:23:58.732592 2018] [ssl:emerg] [pid 11914] AH02572: Failed to configure at least one certificate and key for cxClient443.draglet.test:80
[Fri Jan 05 15:23:58.732657 2018] [ssl:emerg] [pid 11914] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Fri Jan 05 15:24:13.462196 2018] [ssl:emerg] [pid 14259] AH02572: Failed to configure at least one certificate and key for cxClient443.draglet.test:80
[Fri Jan 05 15:24:13.462259 2018] [ssl:emerg] [pid 14259] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Fri Jan 05 15:29:12.703818 2018] [ssl:emerg] [pid 15379] AH02572: Failed to configure at least one certificate and key for cxClient443.draglet.test:80
[Fri Jan 05 15:29:12.703887 2018] [ssl:emerg] [pid 15379] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Fri Jan 05 16:14:41.283388 2018] [ssl:emerg] [pid 26572] AH02572: Failed to configure at least one certificate and key for cxClient443.draglet.test:80
[Fri Jan 05 16:14:41.286169 2018] [ssl:emerg] [pid 26572] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Fri Jan 05 16:14:55.140487 2018] [ssl:emerg] [pid 26682] AH02572: Failed to configure at least one certificate and key for cxClient443.draglet.test:80
[Fri Jan 05 16:14:55.140582 2018] [ssl:emerg] [pid 26682] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Fri Jan 05 16:15:30.060854 2018] [ssl:emerg] [pid 26854] AH02572: Failed to configure at least one certificate and key for cxClient443.draglet.test:80
[Fri Jan 05 16:15:30.060974 2018] [ssl:emerg] [pid 26854] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Fri Jan 05 18:53:18.353682 2018] [ssl:emerg] [pid 9599] AH02572: Failed to configure at least one certificate and key for cxClient443.draglet.test:80
[Fri Jan 05 18:53:18.353750 2018] [ssl:emerg] [pid 9599] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
What is the issue here and how to make the Apache run? I'm using the Linux/ Debian for a month now and still not familiar with everything
Have a site on AWS Bitnami, received the following error in log last night:
[Tue Feb 21 11:44:24.550083 2017] [ssl:error] [pid 20151:tid 140224130492160] [client 208.93.152.93:41010] AH02042: rejecting client initiated renegotiation
Then get the following errors when trying to visit the site.
[Wed Feb 22 14:00:00.739407 2017] [mpm_event:notice] [pid 19875:tid 140224892598080] AH00491: caught SIGTERM, shutting down
[Wed Feb 22 14:00:04.737461 2017] [ssl:warn] [pid 31984:tid 140233098594112] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Wed Feb 22 14:00:04.894490 2017] [ssl:warn] [pid 31985:tid 140233098594112] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Wed Feb 22 14:00:05.036172 2017] [mpm_event:notice] [pid 31985:tid 140233098594112] AH00489: Apache/2.4.23 (Unix) OpenSSL/1.0.2h configured -- resuming normal operations
[Wed Feb 22 14:00:05.036313 2017] [core:notice] [pid 31985:tid 140233098594112] AH00094: Command line: '/opt/bitnami/apache2/bin/httpd.bin -f /opt/bitnami/apache2/conf/httpd.conf'
When visiting the site only receive this message 'Your application is not currently available'
Have not made any edits to the site since 1/5/17 no previous errors in the log on the site. Attempted restart, checked paths of SSL logs.
The warn messages you are obtaining:
[Wed Feb 22 14:00:04.737461 2017] [ssl:warn] [pid 31984:tid 140233098594112] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Wed Feb 22 14:00:04.894490 2017] [ssl:warn] [pid 31985:tid 140233098594112] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
You don't have to worry about them. It is related with the dummy certificate that Bitnami includes in its cloud images. You can find the whole information at https://docs.bitnami.com/aws/components/apache/#how-to-enable-https-support-with-ssl-certificates
I recommend you to take a deeper log to the Apache Log Files. You can share with us the log files:
/opt/bitnami/apache2/logs/error_log
/opt/bitnami/apache2/logs/access_log
There should be something there we are missing.