Server should be SSL-aware but has no certificate configured

[tonym]

After upgrading the latest version with yum update * cleanup, Apache won't start any more.

/var/log/httpd/error.log has the following in it:
[error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)

What do I need to do to fix this?


A. Kloxo-MR: 7.0.0.b-2015050604

B. OS: CentOS release 5.11 (Final) i686

C. Apps:
   1. MySQL: MariaDB-server-10.0.17-1
   2. PHP: php53u-5.3.29-1.ius.el5
   3. Httpd: httpd-2.2.29-2.mr.el5
   4. Lighttpd: --uninstalled--
   5. Hiawatha: hiawatha-9.12.0-f.4.mr.el5 (also as webserver)
   6. Nginx: --uninstalled--
   7. Cache: --uninstalled--
   8. Dns: nsd-4.1.2-1.mr.el5
   9. Qmail: qmail-toaster-1.03-1.3.55.mr.el5
      - with: courier-imap-toaster-4.1.2-1.3.18.mr.el5

D. Php-type (for Httpd/proxy): suphp

E. Memory:
                total       used       free     shared    buffers     cached
   Mem:          1024        937         86          0          0        566
   -/+ buffers/cache:        370        653
   Swap:         1024         21       1002

[MRatWork]

Did you add domain?.

[tonym]

No, I hadn't changed anything - just ran the update.

I do have several domains on this server.

[MRatWork]

What's about when running 'sh /script/restart-web -y'?. Error appear?.

[tonym]

I was doing "service httpd start", but saw no error.

I tried  "sh /script/set-default-ssl" based on a suggestion you made in another forum thread.


Now it does this:
-bash-3.2# service httpd start
Starting httpd: Syntax error on line 142 of /opt/configs/apache/conf/defaults/init.conf:
SSLCACertificateFile: file '/home/kloxo/httpd/ssl/venet0_0___localhost.ca' does not exist or is empty

I am missing the .ca file:
-bash-3.2# ls -l  /home/kloxo/httpd/ssl/
total 24
-rw-r--r-- 1 root root  916 May  7 14:01 venet0_0___localhost.crt
-rw-r--r-- 1 root root  887 May  7 14:01 venet0_0___localhost.key
-rw-r--r-- 1 root root 1803 May  7 14:01 venet0_0___localhost.pem
-rw-r--r-- 1 root root  916 May  7 14:01 venet0_1___localhost.crt
-rw-r--r-- 1 root root  887 May  7 14:01 venet0_1___localhost.key
-rw-r--r-- 1 root root 1803 May  7 14:01 venet0_1___localhost.pem

[MRatWork]

Run 'sh /script/fixweb; sh /script/restart-web -y'.

[tonym]

-bash-3.2# sh /script/fixweb; sh /script/restart-web -y

- For help, type '/script/fixweb [--help|-h]'
- No argument supplied. Defaulting to localhost (master) servers

Fixing Web server config
- 'defaults' pages at 'localhost'

*** Process Time: 00:00:00:01.1890 (dd:hh:mm:ss:xxxxxx) ***


Stopping httpd:                                            [FAILED]
Starting httpd:                                            [FAILED]
-------------------------------------------------------------------

Stopping php-fpm:                                          [  OK  ]
Starting php-fpm:                                          [  OK  ]
-------------------------------------------------------------------

- For help, type '/script/restart-web [--help|-h]'

That produces these two lines in  /var/log/htppd/error.log
[Thu May 07 14:34:25 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu May 07 14:34:25 2015] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)

[MRatWork]

Did you run 'sh /script/cleanup' after update?. It's weird because Kloxo-MR 7.0 not use .ca file.

Only use .ca if this file exists.

[tonym]

I have run "sh /script/cleanup"  Twice now and a reboot.


I see in the files for my domains in /opt/configs/apache/conf/domains that there is no mention of .ca

               SSLEngine On
                SSLProtocol ALL -SSLv2 -SSLv3
                SSLHonorCipherOrder On
                #SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
                SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNUL
L
                SSLCertificateFile /home/kloxo/httpd/ssl/venet0_0___localhost.pem
                SSLCertificateKeyFile /home/kloxo/httpd/ssl/venet0_0___localhost.key

[MRatWork]

If with restart-web all running well, don't care about report from log file.

[tonym]

restart-web can't start apache, so it isn't running yet.

I found files here that mention a .ca file:

-bash-3.2# pwd
/usr/local/lxlabs/kloxo/file/apache/conf/globals
-bash-3.2# grep ssl *
_init_main.macro:<Macro init_main $ip $port $portssl $dirindex $certname>
_init_main.macro:Listen ${ip}:${portssl}
_init_main.macro:       NameVirtualHost ${ip}:${portssl}
_init_main.macro:<VirtualHost ${ip}:${portssl}>
_init_main.macro:       <IfModule mod_ssl.c>
_init_main.macro:               SSLCertificateFile /home/kloxo/httpd/ssl/${certname}.crt
_init_main.macro:               SSLCertificateKeyFile /home/kloxo/httpd/ssl/${certname}.key
_init_main.macro:               SSLCACertificatefile /home/kloxo/httpd/ssl/${certname}.ca
_web_cp.macro:<Macro web_cp $ip $port $portssl $domain $webdocroot $dirindex $certname>
_web_cp.macro:<VirtualHost ${ip}:${portssl}>
_web_cp.macro:  <IfModule mod_ssl.c>
_web_cp.macro:          SSLCertificateFile /home/kloxo/httpd/ssl/${certname}.crt
_web_cp.macro:          SSLCertificateKeyFile /home/kloxo/httpd/ssl/${certname}.key
_web_cp.macro:          SSLCACertificatefile /home/kloxo/httpd/ssl/${certname}.ca
_web_redirect_local.macro:<Macro web_redirect_local $ip $port $portssl $user $domain $serveralias $webdocroot $webmaildocroot $dirindex $certname $redirectfrom $redirectto>
_web_redirect_local.macro:      Redirect /kloxo "https://cp.${domain}:${kloxoportssl}"
_web_redirect_local.macro:      Redirect /kloxononssl "http://cp.${domain}:${kloxoportnonssl}"
_web_redirect_local.macro:<VirtualHost ${ip}:${portssl}>
_web_redirect_local.macro:      <IfModule mod_ssl.c>
_web_redirect_local.macro:              SSLCertificateFile /home/kloxo/httpd/ssl/${certname}.pem
_web_redirect_local.macro:              SSLCertificateKeyFile /home/kloxo/httpd/ssl/${certname}.key
_web_redirect_local.macro:              SSLCACertificatefile /home/kloxo/httpd/ssl/${certname}.ca
_web_redirect_local.macro:      Redirect /kloxo "https://cp.${domain}:${kloxoportssl}"
_web_redirect_local.macro:      Redirect /kloxononssl "http://cp.${domain}:${kloxoportnonssl}"
_web_redirect_remote.macro:<Macro web_redirect_remote $ip $port $portssl $user $domain $serveralias $webdocroot $webmaildocroot $dirindex $certname $protocol $redirectfrom $redirectto>
_web_redirect_remote.macro:     Redirect /kloxo "https://cp.${domain}:${kloxoportssl}"
_web_redirect_remote.macro:     Redirect /kloxononssl "http://cp.${domain}:${kloxoportnonssl}"
_web_redirect_remote.macro:<VirtualHost ${ip}:${portssl}>
_web_redirect_remote.macro:     <IfModule mod_ssl.c>
_web_redirect_remote.macro:             SSLCertificateFile /home/kloxo/httpd/ssl/${certname}.pem
_web_redirect_remote.macro:             SSLCertificateKeyFile /home/kloxo/httpd/ssl/${certname}.key
_web_redirect_remote.macro:             SSLCACertificatefile /home/kloxo/httpd/ssl/${certname}.ca
_web_redirect_remote.macro:     Redirect /kloxo "https://cp.${domain}:${kloxoportssl}"
_web_redirect_remote.macro:     Redirect /kloxononssl "http://cp.${domain}:${kloxoportnonssl}"
_web_redirect_www.macro:<Macro web_redirect_www $ip $port $portssl $user $domain $serveralias $webdocroot $webmaildocroot $dirindex $certname $protocol $kloxoportssl $kloxoportnonssl>
_web_redirect_www.macro:        Redirect /kloxo "https://cp.${domain}:${kloxoportssl}"
_web_redirect_www.macro:        Redirect /kloxononssl "http://cp.${domain}:${kloxoportnonssl}"
_web_redirect_www.macro:<VirtualHost ${ip}:${portssl}>
_web_redirect_www.macro:        <IfModule mod_ssl.c>
_web_redirect_www.macro:                SSLCertificateFile /home/kloxo/httpd/ssl/${certname}.pem
_web_redirect_www.macro:                SSLCertificateKeyFile /home/kloxo/httpd/ssl/${certname}.key
_web_redirect_www.macro:                SSLCACertificatefile /home/kloxo/httpd/ssl/${certname}.ca
_web_redirect_www.macro:        Redirect /kloxo "https://cp.${domain}:${kloxoportssl}"
_web_redirect_www.macro:        Redirect /kloxononssl "http://cp.${domain}:${kloxoportnonssl}"
_web_standard_awstats_standard.macro:<Macro web_standard $ip $port $portssl $user $domain $serveralias $webdocroot $webmaildocroot $dirindex $certname $protocol $kloxoportssl $kloxoportnonssl>
_web_standard_awstats_standard.macro:   Redirect /kloxo "https://cp.${domain}:${kloxoportssl}"
_web_standard_awstats_standard.macro:   Redirect /kloxononssl "http://cp.${domain}:${kloxoportnonssl}"
_web_standard_awstats_standard.macro:<VirtualHost ${ip}:${portssl}>
_web_standard_awstats_standard.macro:   <IfModule mod_ssl.c>
_web_standard_awstats_standard.macro:           SSLCertificateFile /home/kloxo/httpd/ssl/${certname}.pem
_web_standard_awstats_standard.macro:           SSLCertificateKeyFile /home/kloxo/httpd/ssl/${certname}.key
_web_standard_awstats_standard.macro:           SSLCACertificatefile /home/kloxo/httpd/ssl/${certname}.ca
_web_standard_awstats_standard.macro:   Redirect /kloxo "https://cp.${domain}:${kloxoportssl}"
_web_standard_awstats_standard.macro:   Redirect /kloxononssl "http://cp.${domain}:${kloxoportnonssl}"
_web_standard_awstats_statsdirprotect.macro:<Macro web_standard $ip $port $portssl $user $domain $serveralias $webdocroot $webmaildocroot $dirindex $certname $protocol $kloxoportssl $kloxoportnonssl>
_web_standard_awstats_statsdirprotect.macro:    Redirect /kloxo "https://cp.${domain}:${kloxoportssl}"
_web_standard_awstats_statsdirprotect.macro:    Redirect /kloxononssl "http://cp.${domain}:${kloxoportnonssl}"
_web_standard_awstats_statsdirprotect.macro:<VirtualHost ${ip}:${portssl}>
_web_standard_awstats_statsdirprotect.macro:    <IfModule mod_ssl.c>
_web_standard_awstats_statsdirprotect.macro:            SSLCertificateFile /home/kloxo/httpd/ssl/${certname}.pem
_web_standard_awstats_statsdirprotect.macro:            SSLCertificateKeyFile /home/kloxo/httpd/ssl/${certname}.key
_web_standard_awstats_statsdirprotect.macro:            SSLCACertificatefile /home/kloxo/httpd/ssl/${certname}.ca
_web_standard_awstats_statsdirprotect.macro:    Redirect /kloxo "https://cp.${domain}:${kloxoportssl}"
_web_standard_awstats_statsdirprotect.macro:    Redirect /kloxononssl "http://cp.${domain}:${kloxoportnonssl}"
_web_standard_webalizer_standard.macro:<Macro web_standard $ip $port $portssl $user $domain $serveralias $webdocroot $webmaildocroot $dirindex $certname $protocol $kloxoportssl $kloxoportnonssl>
_web_standard_webalizer_standard.macro: Redirect /kloxo "https://cp.${domain}:${kloxoportssl}"
_web_standard_webalizer_standard.macro: Redirect /kloxononssl "http://cp.${domain}:${kloxoportnonssl}"
_web_standard_webalizer_standard.macro:<VirtualHost ${ip}:${portssl}>
_web_standard_webalizer_standard.macro: <IfModule mod_ssl.c>
_web_standard_webalizer_standard.macro:         SSLCertificateFile /home/kloxo/httpd/ssl/${certname}.pem
_web_standard_webalizer_standard.macro:         SSLCertificateKeyFile /home/kloxo/httpd/ssl/${certname}.key
_web_standard_webalizer_standard.macro:         SSLCACertificatefile /home/kloxo/httpd/ssl/${certname}.ca
_web_standard_webalizer_standard.macro: Redirect /kloxo "https://cp.${domain}:${kloxoportssl}"
_web_standard_webalizer_standard.macro: Redirect /kloxononssl "http://cp.${domain}:${kloxoportnonssl}"
_web_standard_webalizer_statsdirprotect.macro:<Macro web_standard $ip $port $portssl $user $domain $serveralias $webdocroot $webmaildocroot $dirindex $certname $protocol $kloxoportssl $kloxoportnonssl>
_web_standard_webalizer_statsdirprotect.macro:  Redirect /kloxo "https://cp.${domain}:${kloxoportssl}"
_web_standard_webalizer_statsdirprotect.macro:  Redirect /kloxononssl "http://cp.${domain}:${kloxoportnonssl}"
_web_standard_webalizer_statsdirprotect.macro:<VirtualHost ${ip}:${portssl}>
_web_standard_webalizer_statsdirprotect.macro:  <IfModule mod_ssl.c>
_web_standard_webalizer_statsdirprotect.macro:          SSLCertificateFile /home/kloxo/httpd/ssl/${certname}.pem
_web_standard_webalizer_statsdirprotect.macro:          SSLCertificateKeyFile /home/kloxo/httpd/ssl/${certname}.key
_web_standard_webalizer_statsdirprotect.macro:          SSLCACertificatefile /home/kloxo/httpd/ssl/${certname}.ca
_web_standard_webalizer_statsdirprotect.macro:  Redirect /kloxo "https://cp.${domain}:${kloxoportssl}"
_web_standard_webalizer_statsdirprotect.macro:  Redirect /kloxononssl "http://cp.${domain}:${kloxoportnonssl}"
_webmail_redirect.macro:<Macro webmail_redirect $ip $port $portssl $domain $protocol $webmailremote>
_webmail_redirect.macro:<VirtualHost ${ip}:${portssl}>
_webmail_standard.macro:<Macro webmail_standard $ip $port $portssl $user $domain $serveralias $webdocroot $webmaildocroot $dirindex $certname>
_webmail_standard.macro:<VirtualHost ${ip}:${portssl}>
_webmail_standard.macro:        <IfModule mod_ssl.c>
_webmail_standard.macro:                SSLCertificateFile /home/kloxo/httpd/ssl/${certname}.pem
_webmail_standard.macro:                SSLCertificateKeyFile /home/kloxo/httpd/ssl/${certname}.key
_webmail_standard.macro:                SSLCACertificatefile /home/kloxo/httpd/ssl/${certname}.ca

[tonym]

yum check-update shows a new release now:
kloxomr7.noarch   7.0.0.b-2015050703.mr     mratwork-release-neutral-noarch

Should I install that?

[MRatWork]

Kloxo-MR using mod_define instead mod_macro. Your info is template for macro where implementing if Kloxo-MR ready for httpd24.

Because Kloxo-MR 7.0 still in beta step, better always update if ready. Don't forget running 'sh /script/cleanup' after yum update.

[tonym]

I've done that, but apache still doesn't start.

[error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)

[MRatWork]

inform here your one of domain config in /opt/configs/apache/conf/domains.