Control: clone 877341 -1
Control: reassign -1 src:apache2
Control: retitle -1 apache2: please include mod_md patch in apache2
Control: severity -1 normal
Control: block 877341 by -1
Hi Axel,
you are right and I intended to fill an bug on apache2 to get the patch included. But I didn't get to it yet. So here we are...
Apache2 maintainers, could you please include:
https://raw.githubusercontent.com/icing/mod_md/v0.9.7/patches/mod_ssl_md-2.4.x-v5.diffMy apache2 ppa has to patch for quite some time and there was no bug report related to it, so it should be very safe to include (I also checked with upstream maintainer whether it has any downside, and according to him, it does not).
Cheers,
Ondrej
On Sat, 30 Sep 2017 at 10:30 Axel Beckert <
abe@debian.org> wrote:
Package: libapache2-mod-md
Version: 0.9.0-1
Severity: grave
Dear Ondřej,
I've installed libapache2-mod-md on a machine (Raspberry Pi) running
Debian Unstable where apache2 was already installed.
I've disabled all previous site configurations and wrote a new site
configuration from scratch and only enabled that site:
---8<---
ServerAdmin
abe@deuxchevaux.org ServerName ….
deuxchevaux.org ManagedDomain ….
deuxchevaux.org # Requires libapache2-mod-md ≥ 0.9.4
#MDRequireHttps temporary
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<VirtualHost *:80>
Protocols h2 h2c http/1.1
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
Protocols h2 http/1.1
SSLEngine on
</VirtualHost>
</IfModule>
--->8---
"apache2ctl configtest" said that everything is fine: "Syntax OK".
Upon "service apache2 restart" I though got the following lines in the
error.log:
---8<---
[Sat Sep 30 18:39:45.407137 2017] [ssl:emerg] [pid 4976:tid 1995292672] AH02572: Failed to configure at least one certificate and key for ….
deuxchevaux.org:443 [Sat Sep 30 18:39:45.407356 2017] [ssl:emerg] [pid 4976:tid 1995292672] SSL Library Error: error:02001002:system library:fopen:No such file or directory (fopen('/etc/apache2/md/domains/….
deuxchevaux.org/privkey.pem','r'))
[Sat Sep 30 18:39:45.407449 2017] [ssl:emerg] [pid 4976:tid 1995292672] SSL Library Error: error:2006D080:BIO routines:BIO_new_file:no such file
[Sat Sep 30 18:39:45.407621 2017] [ssl:emerg] [pid 4976:tid 1995292672] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Sat Sep 30 18:39:45.407675 2017] [ssl:emerg] [pid 4976:tid 1995292672] AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed
--->8---
According to
https://github.com/icing/mod_md/wiki/2.4.x-Installation,
this module needs either Apache 2.5/2.6 (not yet in Debian) or a patched
Apache 2.4, otherwise I'd get the AH02572 error message and an SSL
Library Error. Which I got, see above.
So I checked apache2's changelog.Debian.gz for inclusion of such a patch
but found none. I also checked
https://bugs.debian.org/src:apache2 for
an according request to include such a patch, but haven't found any
either.
So I assume that libapache2-mod-md is currently not usable at all with
plain Debian unstable.
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 'stable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: armhf (armv7l)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages libapache2-mod-md depends on:
ii apache2-bin [apache2-api-20120211] 2.4.27-6
ii libapr1 1.6.2-1
ii libaprutil1 1.6.0-2
ii libc6 2.24-17
ii libcurl3-gnutls 7.55.1-1
ii libjansson4 2.10-1
ii libssl1.1 1.1.0f-5
libapache2-mod-md recommends no packages.
libapache2-mod-md suggests no packages.
-- no debconf information