[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

GCE Debian Wheezy VM stops at Pass phrase protected Apache2 SSL Cert. dialog

Niltze, all-

Well, doing my part in the security of the Web :p

I run Apache web server in a GCE VM [different email account than this
one] and decided to acquire an SSL certificate which I successfully
installed under Debian Wheezy a few days ago.

For added security, I pass-phrased-protected the SSL certificate so
that when I restart the web server I need to input my pass phrase.

I had no issues whatsoever until today that I did an: apt-get
dist-upgrade for a newer kernel. Upon doing a reboot I found out that
my port 22 is closed but my web server ports 80 and 443 are open.

I used nmap to scan for my open ports as well as the tcping utility.

Accordingly, I get the message connection refused whenever I use
gcloud or ssh to attempt to log into my GCE instance.

After using gcutil and gcloud to reset my GCE instance -- multiple
times -- the outcome was the same. Accordingly I did:

gcloud compute instances get-serial-port-output myInstance

Below is the last message of the output that indicates that GCE Debian
Wheezy instance needs the passphrase before proceeding further (and
starting sshd):

Oct 19 07:53:51 myInstance acpid: 1 rule loaded
Oct 19 07:53:51 myInstance acpid: waiting for events: event logging is off
[....] Starting web server: apache2Apache/2.2.22 mod_ssl/2.2.22 (Pass
Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server myInstance.x.xyz-host.internal:443 (RSA)
Enter pass phrase:

I tried detaching the disk to subsequently mount onto another instance
but the command fails with:
ERROR: (gcloud.compute.instances.detach-disk) There was a problem
modifying the resource:
 - Hot-remove of the root disk is not supported.

Now, gcutil and gcloud utilities can reset (reboot) the instance but
can not shut it down completely (that I'm aware) -- which would allow
me to detach the disk.

Is there a way to provide (as parameter) the passphrase that the web
server requires to start apache2 and thus continue/complete the boot
process to start ssh server so that port 22 will be opened?

Best Professional Regards

Jose R R
NEW Apache OpenOffice 4.1.1! Download for GNU/Linux, Mac OS, Windows.
Daylight Saving Time in USA & Canada ends: Sunday, November 02, 2014

Reply to: