[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#912277: apache2: does not start any more: AH01903: Failed to configure CA certificate chain!

Hi Stefan,

> On Monday, 29 October 2018 20:31:54 CET Thorsten Glaser wrote:
> > tglase@tglase:~ $ cat /var/log/apache2/error.log
> > [Mon Oct 29 20:18:58.090841 2018] [ssl:emerg] [pid 17306] AH01903: Failed to
> > configure CA certificate chain!
> > [Mon Oct 29 20:18:58.090919 2018] [ssl:emerg] [pid 17306] AH02311: Fatal
> > error initialising mod_ssl, exiting.
> > See /var/log/apache2/error.log for more information AH00016: Configuration
> > Failed
> 
> Have you looked into  /var/log/apache2/error.log if there is more information? 

the thing you quoted was exactly what was in /var/log/apache2/error.log
as the “cat” showed…

I just hit this on another machine, it’s the 2.4.35-1 → 2.4.37-1 upgrade
that caused the failure.

> If there is none, try adding loglevel ssl:debug and re-try.

OK, thanks for the debugging help.

That gives:

[Sun Nov 04 17:05:02.839408 2018] [ssl:info] [pid 18196] AH01887: Init: Initializing (virtual) servers for SSL
[Sun Nov 04 17:05:02.839427 2018] [ssl:info] [pid 18196] AH01914: Configuring server ci-busyapps.lan.tarent.de:443 for SSL protocol
[Sun Nov 04 17:05:02.839433 2018] [ssl:debug] [pid 18196] ssl_engine_init.c(1748): AH10083: Init: (ci-busyapps.lan.tarent.de:443) mod_md support is unavailable.
[Sun Nov 04 17:05:02.839729 2018] [ssl:emerg] [pid 18196] AH01903: Failed to configure CA certificate chain!
[Sun Nov 04 17:05:02.839739 2018] [ssl:emerg] [pid 18196] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed

So perhaps the mod_ssl backport / new feature was bad?

On a hunch, I tried a2enmod md, but that does not change much:

[Sun Nov 04 17:05:47.417353 2018] [ssl:info] [pid 18229] AH01887: Init: Initializing (virtual) servers for SSL
[Sun Nov 04 17:05:47.417371 2018] [ssl:info] [pid 18229] AH01914: Configuring server ci-busyapps.lan.tarent.de:443 for SSL protocol
[Sun Nov 04 17:05:47.417377 2018] [ssl:debug] [pid 18229] ssl_engine_init.c(1748): AH10083: Init: (ci-busyapps.lan.tarent.de:443) mod_md support is available.
[Sun Nov 04 17:05:47.417663 2018] [ssl:emerg] [pid 18229] AH01903: Failed to configure CA certificate chain!
[Sun Nov 04 17:05:47.417673 2018] [ssl:emerg] [pid 18229] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed


More debugging data points: this did not occur immediately after
the package upgrade, only when I did an /etc/init.d/apache2 stop
followed by start.

Worse, this persists after downgrading apache2, apache2-bin,
apache2-data, apache2-utils to 2.4.35-1 (?!?!?!).

Dazed and confused,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
Reply to: