GCE Debian Wheezy VM stops at Pass phrase protected Apache2 SSL Cert. dialog

To: debian-cloud <debian-cloud@lists.debian.org>
Subject: GCE Debian Wheezy VM stops at Pass phrase protected Apache2 SSL Cert. dialog
From: Jose R R <Jose.r.r@metztli-it.com>
Date: Sun, 19 Oct 2014 09:11:47 -0700
Message-id: <[🔎] CAM12Q5Ti_w8-GQ2LJbN1f9P-nzH1U_HRbmdEVOk=hU+azHiseA@mail.gmail.com>

Niltze, all-

Well, doing my part in the security of the Web :p

I run Apache web server in a GCE VM [different email account than this
one] and decided to acquire an SSL certificate which I successfully
installed under Debian Wheezy a few days ago.

For added security, I pass-phrased-protected the SSL certificate so
that when I restart the web server I need to input my pass phrase.

I had no issues whatsoever until today that I did an: apt-get
dist-upgrade for a newer kernel. Upon doing a reboot I found out that
my port 22 is closed but my web server ports 80 and 443 are open.

I used nmap to scan for my open ports as well as the tcping utility.

Accordingly, I get the message connection refused whenever I use
gcloud or ssh to attempt to log into my GCE instance.

After using gcutil and gcloud to reset my GCE instance -- multiple
times -- the outcome was the same. Accordingly I did:

gcloud compute instances get-serial-port-output myInstance

Below is the last message of the output that indicates that GCE Debian
Wheezy instance needs the passphrase before proceeding further (and
starting sshd):

----------------------------------------------------------------------------------------
...
Oct 19 07:53:51 myInstance acpid: 1 rule loaded
Oct 19 07:53:51 myInstance acpid: waiting for events: event logging is off
[....] Starting web server: apache2Apache/2.2.22 mod_ssl/2.2.22 (Pass
Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server myInstance.x.xyz-host.internal:443 (RSA)
Enter pass phrase:
--------------------------------------------------------------------------------------

I tried detaching the disk to subsequently mount onto another instance
but the command fails with:
--------------------------------------------------------------------------------
ERROR: (gcloud.compute.instances.detach-disk) There was a problem
modifying the resource:
 - Hot-remove of the root disk is not supported.
-------------------------------------------------------------------------------

Now, gcutil and gcloud utilities can reset (reboot) the instance but
can not shut it down completely (that I'm aware) -- which would allow
me to detach the disk.

Is there a way to provide (as parameter) the passphrase that the web
server requires to start apache2 and thus continue/complete the boot
process to start ssh server so that port 22 will be opened?

Best Professional Regards


-- 
Jose R R
http://www.metztli-it.com
---------------------------------------------------------------------------------------------
NEW Apache OpenOffice 4.1.1! Download for GNU/Linux, Mac OS, Windows.
---------------------------------------------------------------------------------------------
Daylight Saving Time in USA & Canada ends: Sunday, November 02, 2014
---------------------------------------------------------------------------------------------

Reply to:

Follow-Ups:
- Re: GCE Debian Wheezy VM stops at Pass phrase protected Apache2 SSL Cert. dialog
  - From: Jimmy Kaplowitz <jkaplowitz@google.com>

Prev by Date: Wheezy 7.7 AMIs now available
Next by Date: Re: GCE Debian Wheezy VM stops at Pass phrase protected Apache2 SSL Cert. dialog
Previous by thread: Wheezy 7.7 AMIs now available
Next by thread: Re: GCE Debian Wheezy VM stops at Pass phrase protected Apache2 SSL Cert. dialog
Index(es):
- Date
- Thread