You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Freddie Witherden <fr...@witherden.org> on 2011/04/21 22:50:51 UTC

[users@httpd] Apache2 Fails to Start When IPv6 SSL Host is Added

Hello,

My website consists of several sub-domains running off of a Debian
Squeeze server.  Given that I have but a single IPv4 address I use an
SSL certificate which is valid for all of the sub domains.  A
configuration, in /etc/apache2/sites-available/sub1.domain.org is roughly:

<VirtualHost <IPv4>:443>
        DocumentRoot /var/www/sub1/
        ServerName sub1.domain.org
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/domain.org.crt
        SSLCertificateKeyFile /etc/apache2/ssl/domain.org.key
        SSLCertificateChainFile /etc/apache2/ssl/sub.class2.server.ca.pem
        SSLCACertificateFile /etc/apache2/ssl/ca.pem
</VirtualHost>

This works; Apache is not happy about the Common Name for all but one of
the domains, but it is fine.  Upon starting up I get asked to decrypt
domain.org.key for sub2.domain.org.  (It is always that one.)  With an
IPv6 allocation I set up AAAA records for the sub domains and created
sites-available/sub1.domain.org.ipv6 along the lines of:

<VirtualHost [<IPv6 for sub1>]:443>
        DocumentRoot /var/www/sub1/
        ServerName sub1.domain.org
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/domain.org.crt
        SSLCertificateKeyFile /etc/apache2/ssl/domain.org.key
        SSLCertificateChainFile /etc/apache2/ssl/sub.class2.server.ca.pem
        SSLCACertificateFile /etc/apache2/ssl/ca.pem
</VirtualHost>

This works for sub1.domain.org and sub3.domain.org.  All of the IPv6
hosts have their own address. But for sub2.domain.org Apache just dies
on start-up:

# /etc/init.d/apache2 stop && /etc/init.d/apache2 start
Stopping web server: apache2 ... waiting .
Starting web server: apache2Apache/2.2.16 mod_ssl/2.2.16 (Pass Phrase
Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server sub2.domain.org:443 (RSA)
Enter pass phrase:
Action 'start' failed.
The Apache error log may have more information.
 failed!

The error logs in /var/log/apache2/ contain nothing other than the
SIGTERM notification when Apache is shut down.  I am unsure why
sub2.domain.org breaks -- but wonder if it is related to that being the
domain I am asked the passphrase for.  Given the lack of lucks I am stumped.

Regards, Freddie.