Bug#541607: apache2: fails to start because of SSL configuration changes
Thanks for the info.
On Saturday 05 September 2009, Julian Mehnle wrote:
> /etc/apache2/apache2.conf:NameVirtualHost *:80
> /etc/apache2/apache2.conf:NameVirtualHost *:443
> /etc/apache2/sites-enabled/00default:<VirtualHost *:80>
> /etc/apache2/sites-enabled/00default: SSLEngine off
> /etc/apache2/sites-enabled/00default:</VirtualHost>
> /etc/apache2/sites-enabled/00default:<VirtualHost *:443>
> /etc/apache2/sites-enabled/00default: SSLEngine on
> /etc/apache2/sites-enabled/00default: SSLCertificateFile
> /etc/ssl/certs/www.cer.pem /etc/apache2/sites-enabled/00default:
> SSLCertificateKeyFile /etc/ssl/private/www.cer+key.pem
> /etc/apache2/sites-enabled/00default:</VirtualHost>
...
> /etc/apache2/sites-enabled/SITE01.A:<VirtualHost *:80 *:443>
> /etc/apache2/sites-enabled/SITE01.A:</VirtualHost>
That's a rather interesting abuse of the apache configuration. I would
not have thought that it worked, but I immediately see how it is
useful. But I am pretty sure it only worked by accident. You are
relying on the fact that a virtual host inherits the SSL* settings
from its corresponding default virtual host There is nothing in the
documentation that this is an intended behaviour. Virtual hosts should
only inherit from the main server configuration.
Now, since there is proper support for ssl name based virtual hosts
since 2.2.12, this broke. The "fix" would be to use something like
this:
Put the contents of SITE01.A without the VirtualHost lines into some
file outside of sites-enabled. Then in sites-enabled/SITE01.A, put
something like:
<VirtualHost *:80>
Include /etc/apache2/sites-includes/SITE01.A
</VirtualHost>
<VirtualHost *:443>
Include /etc/apache2/sites-includes/SITE01.A
SSLEngine on
SSLCertificateFile /etc/ssl/certs/www.cer.pem
SSLCertificateKeyFile /etc/ssl/private/www.cer+key.pem
</VirtualHost>
You will also need to add the SSL* directives to the other *:443
virtual hosts.
Can you try that?
Cheers,
Stefan
Reply to: