Turnkey Lamp dist-upgrade broke Apache

Ryan's picture

Now Apache won't start and I get this error in the log:

[error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)

I'm working on a fix and I'll make sure to post back here when I find something. In the meantime if anyone has creative solutions in mind I'm all ears.

Jeremy Davis's picture

But first thing I'd consider doing is recreating the self signed cert... Perhaps also try disabling SSL to see if you can get it to start.

Good luck.

Ryan's picture

Is there a way to re-run the self signed cert program that is ran on first boot? I've tried manually to no effect... This line in the log seems to be problematic, not sure how to fix:

 

[Thu May 09 20:03:56 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) 


Ryan's picture

All Turnkey distros are susceptible! Luckily the fix is not that difficult.

Find any virtual hosts that are running SSL without specifically directing those hosts to the .pem file and then edit them to include that directive. A great reference is the phpmyadmin file which will definitely have the correct entry. 

This is incorrect:

<VirtualHost *:443>
</VirtualHost>

Make them say this:

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/cert.pem
</VirtualHost>

I also used this opportunity to regenerate my self signed certificates which were due to expire eventually anyway.

Apache used to inherit these settings from the sites-default but no longer! Be aware, Debian users all over are experiencing this problem and are scarmbling to repair once working configurations. But, thanks to great communities like this one the answers are out there.

Good luck!

 

Link to solution on StackOverflow


Post new comment