You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Freddie Witherden <fr...@witherden.org> on 2011/04/21 22:50:51 UTC
[users@httpd] Apache2 Fails to Start When IPv6 SSL Host is Added
Hello,
My website consists of several sub-domains running off of a Debian
Squeeze server. Given that I have but a single IPv4 address I use an
SSL certificate which is valid for all of the sub domains. A
configuration, in /etc/apache2/sites-available/sub1.domain.org is roughly:
<VirtualHost <IPv4>:443>
DocumentRoot /var/www/sub1/
ServerName sub1.domain.org
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/domain.org.crt
SSLCertificateKeyFile /etc/apache2/ssl/domain.org.key
SSLCertificateChainFile /etc/apache2/ssl/sub.class2.server.ca.pem
SSLCACertificateFile /etc/apache2/ssl/ca.pem
</VirtualHost>
This works; Apache is not happy about the Common Name for all but one of
the domains, but it is fine. Upon starting up I get asked to decrypt
domain.org.key for sub2.domain.org. (It is always that one.) With an
IPv6 allocation I set up AAAA records for the sub domains and created
sites-available/sub1.domain.org.ipv6 along the lines of:
<VirtualHost [<IPv6 for sub1>]:443>
DocumentRoot /var/www/sub1/
ServerName sub1.domain.org
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/domain.org.crt
SSLCertificateKeyFile /etc/apache2/ssl/domain.org.key
SSLCertificateChainFile /etc/apache2/ssl/sub.class2.server.ca.pem
SSLCACertificateFile /etc/apache2/ssl/ca.pem
</VirtualHost>
This works for sub1.domain.org and sub3.domain.org. All of the IPv6
hosts have their own address. But for sub2.domain.org Apache just dies
on start-up:
# /etc/init.d/apache2 stop && /etc/init.d/apache2 start
Stopping web server: apache2 ... waiting .
Starting web server: apache2Apache/2.2.16 mod_ssl/2.2.16 (Pass Phrase
Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server sub2.domain.org:443 (RSA)
Enter pass phrase:
Action 'start' failed.
The Apache error log may have more information.
failed!
The error logs in /var/log/apache2/ contain nothing other than the
SIGTERM notification when Apache is shut down. I am unsure why
sub2.domain.org breaks -- but wonder if it is related to that being the
domain I am asked the passphrase for. Given the lack of lucks I am stumped.
Regards, Freddie.