You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Ted To <te...@theo.to> on 2016/01/16 21:18:48 UTC
[users@httpd] Apache serving up default certificate for certain domains
Hi,
Up until roughly a week ago, my VPS web server was working properly.
>From what I can see, the only change is that nss, nss-tools, openssl and
gnutls were updated. On Monday, Jan 11, I noticed that I was getting an
SSL error when running "svn up". When trying to open the url in a web
browser, the page would not open but I could open it with w3m by
accepting the certificate -- I was directed to the default CentOS apache
start page. The strange thing is that it only happens for a minority of
my domains/subdomains.
I am running Apache 2.4.6 on a Centos 7 box.
Any thoughts/suggestions for what could be going on here?
Thanks in advance!
Ted To
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache serving up default certificate for certain
domains
Posted by Ted To <te...@theo.to>.
Fixed it -- I commented out the <VirtualHost
_default_:443>...</VirtualHost> section of /etc/httpd/conf.d/ssl.conf
and it is now working again.
On 01/17/2016 11:48 AM, Ted To wrote:
> So in looking at the differences between ssl.conf and ssl.conf.rpmnew,
> in addition to my own additions for selecting cipher suites, etc, I see:
>
> 92c80
> < SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
> ---
>> SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
>
> where the 2nd line is from ssl.conf.rpmnew. Could the fact that
> ":!SEED:!IDEA" is missing from my ssl.conf be causing this problem?
>
> On 01/17/2016 11:36 AM, Ted To wrote:
>> So having run httpd -S, I can see that for port 443,
>>
>> default server theo.to (/etc/httpd/conf.d/ssl.conf:68)
>>
>> shows up (which is not right) but then shows up again:
>>
>> port 443 namevhost theo.to
>> (/etc/httpd/sites-enabled/theo.to.conf:7)
>> alias www.theo.to
>>
>> Looking in /etc/httpd/conf.d, I see that there is an ssl.conf.rpmnew.
>> Do I need to merge in changes from the new default configuration?
>>
>> Thanks,
>> Ted
>>
>> On 01/16/2016 07:44 PM, Yehuda Katz wrote:
>>> Maybe the updated openssl doesn't like something about your certificates.
>>>
>>> Does Apache have any warnings or notices when it starts up?
>>> Try running httpd -S which lists all the vhosts Apache has and see if it
>>> matches what you expect.
>>> You may also see the errors from that command (tested on RHEL 7 - not
>>> quite the same as Centos, but should be pretty close).
>>>
>>> - Y
>>>
>>> On Sat, Jan 16, 2016 at 3:18 PM, Ted To <ted@theo.to
>>> <ma...@theo.to>> wrote:
>>>
>>> Hi,
>>>
>>> Up until roughly a week ago, my VPS web server was working properly.
>>> From what I can see, the only change is that nss, nss-tools, openssl and
>>> gnutls were updated. On Monday, Jan 11, I noticed that I was getting an
>>> SSL error when running "svn up". When trying to open the url in a web
>>> browser, the page would not open but I could open it with w3m by
>>> accepting the certificate -- I was directed to the default CentOS apache
>>> start page. The strange thing is that it only happens for a minority of
>>> my domains/subdomains.
>>>
>>> I am running Apache 2.4.6 on a Centos 7 box.
>>>
>>> Any thoughts/suggestions for what could be going on here?
>>>
>>> Thanks in advance!
>>>
>>> Ted To
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> <ma...@httpd.apache.org>
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>> <ma...@httpd.apache.org>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache serving up default certificate for certain
domains
Posted by Ted To <te...@theo.to>.
So in looking at the differences between ssl.conf and ssl.conf.rpmnew,
in addition to my own additions for selecting cipher suites, etc, I see:
92c80
< SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
---
> SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
where the 2nd line is from ssl.conf.rpmnew. Could the fact that
":!SEED:!IDEA" is missing from my ssl.conf be causing this problem?
On 01/17/2016 11:36 AM, Ted To wrote:
> So having run httpd -S, I can see that for port 443,
>
> default server theo.to (/etc/httpd/conf.d/ssl.conf:68)
>
> shows up (which is not right) but then shows up again:
>
> port 443 namevhost theo.to
> (/etc/httpd/sites-enabled/theo.to.conf:7)
> alias www.theo.to
>
> Looking in /etc/httpd/conf.d, I see that there is an ssl.conf.rpmnew.
> Do I need to merge in changes from the new default configuration?
>
> Thanks,
> Ted
>
> On 01/16/2016 07:44 PM, Yehuda Katz wrote:
>> Maybe the updated openssl doesn't like something about your certificates.
>>
>> Does Apache have any warnings or notices when it starts up?
>> Try running httpd -S which lists all the vhosts Apache has and see if it
>> matches what you expect.
>> You may also see the errors from that command (tested on RHEL 7 - not
>> quite the same as Centos, but should be pretty close).
>>
>> - Y
>>
>> On Sat, Jan 16, 2016 at 3:18 PM, Ted To <ted@theo.to
>> <ma...@theo.to>> wrote:
>>
>> Hi,
>>
>> Up until roughly a week ago, my VPS web server was working properly.
>> From what I can see, the only change is that nss, nss-tools, openssl and
>> gnutls were updated. On Monday, Jan 11, I noticed that I was getting an
>> SSL error when running "svn up". When trying to open the url in a web
>> browser, the page would not open but I could open it with w3m by
>> accepting the certificate -- I was directed to the default CentOS apache
>> start page. The strange thing is that it only happens for a minority of
>> my domains/subdomains.
>>
>> I am running Apache 2.4.6 on a Centos 7 box.
>>
>> Any thoughts/suggestions for what could be going on here?
>>
>> Thanks in advance!
>>
>> Ted To
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> <ma...@httpd.apache.org>
>> For additional commands, e-mail: users-help@httpd.apache.org
>> <ma...@httpd.apache.org>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache serving up default certificate for certain
domains
Posted by Ted To <te...@theo.to>.
So having run httpd -S, I can see that for port 443,
default server theo.to (/etc/httpd/conf.d/ssl.conf:68)
shows up (which is not right) but then shows up again:
port 443 namevhost theo.to
(/etc/httpd/sites-enabled/theo.to.conf:7)
alias www.theo.to
Looking in /etc/httpd/conf.d, I see that there is an ssl.conf.rpmnew.
Do I need to merge in changes from the new default configuration?
Thanks,
Ted
On 01/16/2016 07:44 PM, Yehuda Katz wrote:
> Maybe the updated openssl doesn't like something about your certificates.
>
> Does Apache have any warnings or notices when it starts up?
> Try running httpd -S which lists all the vhosts Apache has and see if it
> matches what you expect.
> You may also see the errors from that command (tested on RHEL 7 - not
> quite the same as Centos, but should be pretty close).
>
> - Y
>
> On Sat, Jan 16, 2016 at 3:18 PM, Ted To <ted@theo.to
> <ma...@theo.to>> wrote:
>
> Hi,
>
> Up until roughly a week ago, my VPS web server was working properly.
> From what I can see, the only change is that nss, nss-tools, openssl and
> gnutls were updated. On Monday, Jan 11, I noticed that I was getting an
> SSL error when running "svn up". When trying to open the url in a web
> browser, the page would not open but I could open it with w3m by
> accepting the certificate -- I was directed to the default CentOS apache
> start page. The strange thing is that it only happens for a minority of
> my domains/subdomains.
>
> I am running Apache 2.4.6 on a Centos 7 box.
>
> Any thoughts/suggestions for what could be going on here?
>
> Thanks in advance!
>
> Ted To
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> For additional commands, e-mail: users-help@httpd.apache.org
> <ma...@httpd.apache.org>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache serving up default certificate for certain domains
Posted by Yehuda Katz <ye...@ymkatz.net>.
Maybe the updated openssl doesn't like something about your certificates.
Does Apache have any warnings or notices when it starts up?
Try running httpd -S which lists all the vhosts Apache has and see if it
matches what you expect.
You may also see the errors from that command (tested on RHEL 7 - not quite
the same as Centos, but should be pretty close).
- Y
On Sat, Jan 16, 2016 at 3:18 PM, Ted To <te...@theo.to> wrote:
> Hi,
>
> Up until roughly a week ago, my VPS web server was working properly.
> From what I can see, the only change is that nss, nss-tools, openssl and
> gnutls were updated. On Monday, Jan 11, I noticed that I was getting an
> SSL error when running "svn up". When trying to open the url in a web
> browser, the page would not open but I could open it with w3m by
> accepting the certificate -- I was directed to the default CentOS apache
> start page. The strange thing is that it only happens for a minority of
> my domains/subdomains.
>
> I am running Apache 2.4.6 on a Centos 7 box.
>
> Any thoughts/suggestions for what could be going on here?
>
> Thanks in advance!
>
> Ted To
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>