Server should be SSL-aware but has no certificate configured

[MRatWork]

Also inform here 'dir -l /opt/configs/apache/tpl'.

[tonym]

Her you are:

....

[tonym]

Second half (it was over the maximum forum post size):
....

[tonym]

And:

-bash-3.2# dir -l /opt/configs/apache/tpl
total 68
-rw-r--r-- 1 root root  6885 May  7 15:19 defaults.conf.tpl
-rw-r--r-- 1 root root 40182 May  7 15:19 domains.conf.tpl
-rw-r--r-- 1 root root   954 May  7 15:19 htaccess.tpl
-rw-r--r-- 1 root root   223 May  7 15:19 php5.fcgi
-rw-r--r-- 1 root root   671 May  7 15:19 php5.fcgi.tpl
-rw-r--r-- 1 root root  1578 May  7 15:19 prefork.inc.tpl
-rw-r--r-- 1 root root  3636 May  7 15:19 ~lxcenter.conf.tpl

[tonym]

The defaults.tpl and domains.tpl have a line for .ca files:
SSLCACertificatefile <?php echo $certname; ?>.ca



On a different server I have which is running the same version of Kloxo everything is working.
Files in /opt/configs/apache/conf/domains have lines for a .ca file:

        <IfModule mod_ssl.c>
                SSLEngine On
                SSLProtocol ALL -SSLv2 -SSLv3
                SSLHonorCipherOrder On
                #SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
                SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNUL
L
                SSLCertificateFile /home/kloxo/httpd/ssl/eth0___localhost.pem
                SSLCertificateKeyFile /home/kloxo/httpd/ssl/eth0___localhost.key
                SSLCACertificatefile /home/kloxo/httpd/ssl/eth0___localhost.ca
        </IfModule>

[MRatWork]

Try switch web to 'none' and then switch back to previous in 'switch programs'.

[MRatWork]

Or copy all files in /usr/local/lxlabs/kloxo/file/apache to /opt/configs/apache

[tonym]

Switch to none and then back to apache didn't change things.

After copying  /usr/local/lxlabs/kloxo/file/apache to /opt/configs/apache I get this:

-bash-3.2#  sh /script/restart-web -y

Stopping httpd:                                            [FAILED]
Starting httpd: httpd: Syntax error on line 63 of /etc/httpd/conf/httpd.conf: Syntax error on line 94 of /etc/httpd/conf.d/~lxcenter.conf: Include directory '/opt/configs/apache/conf/domains' not found
                                                           [FAILED]
-------------------------------------------------------------------

Stopping php-fpm:                                          [  OK  ]
Starting php-fpm:                                          [  OK  ]
-------------------------------------------------------------------


On the bad server I see this:
-bash-3.2# ls /opt/configs/apache/conf
defaults  globals

On the one that works, this:
[root@vps1 apache]#  ls /opt/configs/apache/conf
defaults  domains  globals  proxies  toolkits


So there is a clear difference.

[tonym]

After running cleanup, there is more in that directory.

-bash-3.2# ls /opt/configs/apache/conf
defaults  domains  globals  proxies  toolkits

So no answer there.

[MRatWork]

Usually, running cleanup will be 'refresh' (will be copy new configs from /usr/local/lxlabs/kloxo/file/apache to /opt/configs/apache; the same ways for other applications like nginx). Also create 'missing' directories like defaults and domains directory.

If cleanup not work that mean something wrong in your servers.

[MRatWork]

After running cleanup, there is more in that directory.

-bash-3.2# ls /opt/configs/apache/conf
defaults  domains  globals  proxies  toolkits

So no answer there.

Try running cleanup or fixweb + restart-web.

[tonym]

I have finally fixed this (I had used hiawathaproxy in the mean time).

There was a problem with the configuration file for one of my domains. I deleted the domain, and added it again in the kloxo web interface.

In the directory
/opt/configs/apache/conf/domains
I did:
 grep SSLCertificateFile *

One of the domains only listed two lines, all the rest had three lines.


This link led me to look at this.
http://stackoverflow.com/questions/17898135/httpd-not-starting-after-installing-certificate

6) Message "Server should be SSL-aware but has no certificate configured" in
   error log

Since 2.2.12, Apache is stricter about certain misconfigurations concerning
name based SSL virtual hosts. See NEWS.Debian.gz for more details.
And NEWS says:

  * The new support for TLS Server Name Indication added in 2.2.12 causes
    Apache to be stricter about certain misconfigurations involving name
    based SSL virtual hosts. This may result in Apache refusing to start
    with the logged error message:

        Server should be SSL-aware but has no certificate configured
        [Hint: SSLCertificateFile]

    Up to 2.2.11, Apache accepted configurations where the necessary SSL
    configuration statements were included in the first (default)
    <Virtualhost *:443> block but not in subsequent <Virtualhost *:443>
    blocks. Starting with 2.2.12, every VirtualHost block used with SSL must
    contain the SSLEngine, SSLCertificateFile, and SSLCertificateKeyFile
    directives (SSLCertificateKeyFile is optional in some cases).

    When you encounter the above problem, the output of the command

        egrep -ir '^[^#]*(sslcertificate|sslengine|virtualhost)' \
            /etc/apache2/*conf* /etc/apache2/*enabled

    may be useful to determine which VirtualHost sections need to be changed.