You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Rainer Jung <ra...@kippdata.de> on 2011/05/26 11:42:54 UTC
[users@httpd] Re: 2.2.19 (and probably earlier) won't let you make non-ssl vhosts
on 443?
On 26.05.2011 11:10, Issac Goldstand wrote:
> I just upgraded a machine from 2.2.8 to 2.2.19 and suddenly Apache
> wouldn't let me run non-SSL vhosts on port 443. A snippet like below:
>
> <VirtualHost a.b.c.d:443>
> DocumentRoot /home/foo/httpdocs
> ServerName foo
> <Directory "/home/foo/httpdocs/">
> allow from all
> Options +Indexes
> </Directory>
> </VirtualHost>
>
> Suddenly caused the following fatal startup error to be logged:
> [error] Server should be SSL-aware but has no certificate configured
> [Hint: SSLCertificateFile] ((null):0)
>
> Was this an intentional decision made some while ago that I just didn't
> know about or is it a bug?
>
> (I'd personally only expect to see that with an explicit SSLEngine On
> and no certificate/key files configured)
Could it be this entry from the 2.2.12 changelog:
*) Set Listen protocol to "https" if port is set to 443 and no proto is
specified (as documented but not implemented). PR 46066
[Dan Poirier <poirier pobox.com>]
Regards,
Rainer
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: 2.2.19 (and probably earlier) won't let you make non-ssl vhosts on 443?
Posted by Stefan Fritsch <sf...@sfritsch.de>.
On Thursday 26 May 2011, Plüm, Rüdiger, VF-Group wrote:
> > > Suddenly caused the following fatal startup error to be logged:
> > > [error] Server should be SSL-aware but has no certificate
> > > configured [Hint: SSLCertificateFile] ((null):0)
> > Could it be this entry from the 2.2.12 changelog:
> > *) Set Listen protocol to "https" if port is set to 443 and
> >
> > no proto is
> >
> > specified (as documented but not implemented). PR 46066
> > [Dan Poirier <poirier pobox.com>]
> Yes thats it:
> http://svn.apache.org/viewvc?view=revision&revision=727769
>
> You should use
>
> Listen a.b.c.d:443 http
>
> instead of
>
> Listen a.b.c.d:443
>
> to fix this.
The error handling really sucks. For example,
Listen 443
<VirtualHost *:443>
# nothing about ssl here
...
</VirtualHost>
gives the above message. Note the "((null):0)" at the end which should
be config filename and line number. Adding "SSLEngine off" to the
vhost still causes the same error, but this time with filename/line
number.
Adding SSLCertificateFile+SSLCertificateKeyFile to the vhost, but
ommiting "SSLEngine" changes the message to
"ops, no RSA, DSA or ECC server certificate found for 'localhost:0'?!"
Which is plain wrong, because the server does have a certificate. And
port 0, seriously? Does anyone have some spare cycles to improve this?
Cheers,
Stefan
RE: 2.2.19 (and probably earlier) won't let you make non-ssl vhosts on 443?
Posted by "Plüm, Rüdiger, VF-Group" <ru...@vodafone.com>.
> -----Original Message-----
> From: Rainer Jung [mailto:rainer.jung@kippdata.de]
> Sent: Donnerstag, 26. Mai 2011 11:43
> To: dev@httpd.apache.org
> Cc: users@httpd.apache.org
> Subject: Re: 2.2.19 (and probably earlier) won't let you make
> non-ssl vhosts on 443?
>
> On 26.05.2011 11:10, Issac Goldstand wrote:
> > I just upgraded a machine from 2.2.8 to 2.2.19 and suddenly Apache
> > wouldn't let me run non-SSL vhosts on port 443. A snippet
> like below:
> >
> > <VirtualHost a.b.c.d:443>
> > DocumentRoot /home/foo/httpdocs
> > ServerName foo
> > <Directory "/home/foo/httpdocs/">
> > allow from all
> > Options +Indexes
> > </Directory>
> > </VirtualHost>
> >
> > Suddenly caused the following fatal startup error to be logged:
> > [error] Server should be SSL-aware but has no certificate configured
> > [Hint: SSLCertificateFile] ((null):0)
> >
> > Was this an intentional decision made some while ago that I
> just didn't
> > know about or is it a bug?
> >
> > (I'd personally only expect to see that with an explicit
> SSLEngine On
> > and no certificate/key files configured)
>
> Could it be this entry from the 2.2.12 changelog:
>
> *) Set Listen protocol to "https" if port is set to 443 and
> no proto is
> specified (as documented but not implemented). PR 46066
> [Dan Poirier <poirier pobox.com>]
>
Yes thats it: http://svn.apache.org/viewvc?view=revision&revision=727769
You should use
Listen a.b.c.d:443 http
instead of
Listen a.b.c.d:443
to fix this.
Regards
Rüdiger