My domain is: spartn.com
Although I have about 10 domains total on the server. spartn.com is the ServerName as listed in httpd.conf.
I ran this command: sudo apachectl start
It produced this output:
[Sat May 19 04:13:58.463006 2018] [ssl:emerg] [pid 11959] AH02572: Failed to configure at least one certificate and key for spartn.com:443
[Sat May 19 04:13:58.463406 2018] [ssl:emerg] [pid 11959] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Sat May 19 04:13:58.463416 2018] [ssl:emerg] [pid 11959] AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed
My web server is (include version): Apache (installed using Brew)
The operating system my web server runs on is (include version): Mac OS High Sierra 10.13.3
My hosting provider, if applicable, is: self-hosted macmini
I can login to a root shell on my machine (yes or no, or I don’t know): yes
sudo ls -l /etc/letsencrypt/live/spartn.com
produces:
total 40
-rwxr-xr-x 1 root wheel 682 May 18 11:21 README
lrwxr-xr-x 1 root wheel 34 May 18 11:21 cert.pem -> ../../archive/spartn.com/cert1.pem
lrwxr-xr-x 1 root wheel 35 May 18 11:21 chain.pem -> ../../archive/spartn.com/chain1.pem
lrwxr-xr-x 1 root wheel 39 May 18 11:21 fullchain.pem -> ../../archive/spartn.com/fullchain1.pem
lrwxr-xr-x 1 root wheel 37 May 18 11:21 privkey.pem -> ../../archive/spartn.com/privkey1.pem
the apache user:group in httpd.conf is pipper:staff, if that matters.
I’m stumped. The server runs fine without SSL enabled.
Thanks
Dennis
Hi @dennispipper ,
Could you post the Apache configuration file for this virtual host? It might be missing one or more lines that should be pointing at these PEM files.
rg305
May 19, 2018, 7:38pm
4
Please show:
grep -Eri 'ServerName|ServerAlias' /etc/apache2
or (depending on your version of Apache)
grep -Eri 'ServerName|ServerAlias' /etc/httpd/
@schoen here is the vhosts file for this domain, all the domains on the server look pretty much the same, though.
<VirtualHost *:80>
DocumentRoot /Users/pipper/Sites/Default
ServerName spartn.com
ServerAlias www.spartn.com
ErrorLog /usr/local/var/log/httpd/error_log
CustomLog /usr/local/var/log/httpd/access_log common
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /Users/pipper/Sites/Default
ServerName spartn.com
ServerAlias www.spartn.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/spartn.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/spartn.com/privkey.pem
</VirtualHost>
@rg305 here is what I have:
spartn:~ pipper$ grep -Eri 'ServerName|ServerAlias' /usr/local/bin/httpd
Binary file /usr/local/bin/httpd matches
rg305
May 20, 2018, 2:14am
7
grep through the folder that has the vhost config file(s).
What folder are they in?
The vhosts files are in the /usr/local/etc/httpd/extra/vhosts. The vhosts file can be read, because the sites load on port 80 without the Include statement for the httpd-ssl in the httpd.conf
rg305
May 20, 2018, 9:55pm
9
Please show:
grep -Eri 'ServerName|ServerAlias|VirtualHost|Listen' /usr/local/etc/httpd/extra
It returned quote a few lines, so I’ve put it in a text file in the “cloud”:
https://cl.ly/rhzB
rg305
May 20, 2018, 11:12pm
11
Ok, please post the contents of these blocks:
/usr/local/etc/httpd/extra/httpd-ssl.conf:<VirtualHost _default_:443>
/usr/local/etc/httpd/extra/httpd-ssl.conf:</VirtualHost>
/usr/local/etc/httpd/extra/httpd-vhosts.conf:<VirtualHost *:80>
/usr/local/etc/httpd/extra/httpd-vhosts.conf: ServerName spartn.com
/usr/local/etc/httpd/extra/httpd-vhosts.conf: ServerAlias www.spartn.com
/usr/local/etc/httpd/extra/httpd-vhosts.conf:</VirtualHost>
/usr/local/etc/httpd/extra/vhosts/_default.conf:<VirtualHost *:80>
/usr/local/etc/httpd/extra/vhosts/_default.conf: ServerName spartn.com
/usr/local/etc/httpd/extra/vhosts/_default.conf: ServerAlias www.spartn.com
/usr/local/etc/httpd/extra/vhosts/_default.conf:</VirtualHost>
and the contents of this file:
/usr/local/etc/httpd/extra/vhosts/spartn.com.conf
and also this output:
grep -Ri include /usr/local/etc/httpd/
schoen
May 21, 2018, 12:22am
12
In a number of other threads, an Apache VirtualHost _default:443
has turned out to be the problem somehow (for example maybe here it doesn't have a certificate assigned in that virtual host?).
rg305
May 21, 2018, 12:48am
13
Yes, I’m also leaning in that direction.
Just a bit more methodically and ever so deliberate in showing why we decided to look there.
rg305:
/usr/local/etc/httpd/extra/httpd-ssl.conf:<VirtualHost _default_:443>
/usr/local/etc/httpd/extra/httpd-ssl.conf:</VirtualHost>
Everything is commented out in that section, except:
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
and
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
and
CustomLog "/usr/local/var/log/httpd/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
/usr/local/etc/httpd/extra/httpd-vhosts.conf:<VirtualHost *:80>
is
<VirtualHost *:80>
DocumentRoot "/Users/pipper/Sites/Default"
ServerName spartn.com
ServerAlias www.spartn.com
/usr/local/etc/httpd/extra/vhosts/_default.conf:<VirtualHost *:80>
is
<VirtualHost *:80>
DocumentRoot "/Users/pipper/Sites/Default"
ServerName spartn.com
ServerAlias www.spartn.com
and the contents of this file:
/usr/local/etc/httpd/extra/vhosts/spartn.com.conf
is
<VirtualHost *:80>
DocumentRoot /Users/pipper/Sites/Default
ServerName spartn.com
ServerAlias www.spartn.com
ErrorLog /usr/local/var/log/httpd/error_log
CustomLog /usr/local/var/log/httpd/access_log common
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /Users/pipper/Sites/Default
ServerName spartn.com
ServerAlias www.spartn.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/spartn.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/spartn.com/privkey.pem
</VirtualHost>
and also this output:
grep -Ri include /usr/local/etc/httpd/
Included in this link: https://cl.ly/rhGu
rg305
May 21, 2018, 1:44pm
15
I can’t find any overlap…….
1 Like
schoen
May 21, 2018, 3:59pm
16
I don’t understand the _default_
thing very well, but it seemed like some other users solved their problems by completely commenting out a _default_
virtual host.
1 Like
@schoen @rg305 removing the _default did it! Everything works like a champ now
Thank you for your help. I am very grateful
Dennis
system
Closed
June 20, 2018, 5:02pm
18
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.