You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Zahid Rahman <za...@gmail.com> on 2023/02/10 14:05:19 UTC
[users@httpd] Product Bug h5bp/tls/certificate_files.conf
Hi,
Including h5bp/tls/certificate_files.conf in the virtual host conf file
is causing an error
I believe this is a product bug rather than something I may be doing.
$ sudo /etc/init.d/apache2 restart
Restarting apache2 (via systemctl): apache2.serviceJob for apache2.service
failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xeu
apache2.service" for details.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin zahidr1000@gmail.com
ServerName backbutton.org
ServerAlias www.backbutton.org
DocumentRoot /***/****/backbutton
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include backbutton_configs/h5bp/tls/ssl_engine.conf
*# Include backbutton_configs/h5bp/tls/*
*certificate_files.conf*Include
backbutton_configs/h5bp/tls/policy_balanced.conf
Include backbutton_configs/h5bp/rewrites/rewrite_nowww.conf
Include backbutton_configs/h5bp/basic.conf
Include backbutton_configs/h5bp/web_performance/cache-control.conf
Include backbutton_configs/h5bp/web_performance/cache_expiration.conf
Include backbutton_configs/h5bp/web_performance/compression.conf
Include backbutton_configs/h5bp/web_performance/content_transformation.conf
Include backbutton_configs/h5bp/web_performance/etags.conf
Include backbutton_configs/h5bp/web_performance/file_concatenation.conf
Include
backbutton_configs/h5bp/web_performance/filename-based_cache_busting.conf
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/backbutton.org-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/backbutton.org-0001/privkey.pem
</VirtualHost>
</IfModule>
Regards
Zahid
https://www <https://Backbutton.org>.backbutton.org
¯\_(ツ)_/¯
♡۶♡ ۶♡۶
<http://www.backbutton.co.uk>
Re: [users@httpd] Product Bug h5bp/tls/certificate_files.conf
Posted by Zahid Rahman <za...@gmail.com>.
On Fri, 10 Feb 2023, 23:21 Paul, <st...@stormy.ca> wrote:
> On 2023-02-10 12:50, Zahid Rahman wrote:
> > It is hardcoded in the original file see repository.
> >
> https://github.com/h5bp/server-configs-apache/blob/main/h5bp/tls/certificate_files.conf
> <
> https://github.com/h5bp/server-configs-apache/blob/main/h5bp/tls/certificate_files.conf
> >
>
> Unless I'm mistaken this is the htppd.apache.org mailing list. You refer
> to github, where there is a lot of very good material and some
> potentially less reliable by-products. In no way am I suggesting that
> "/blob/main/h5bp/" is short of common sense, but *if* you have followed
> that thread, perhaps your questions and solutions lie there?
> >
> > As I am using letsencrypt I do not need to include the file
> > h5bp/tls/certificate_files.conf as suggested by Florian.
>
> So what does 'Florian' say about your failure? (apologies, I have no
> clue about who he/she might be; from my records, not a participant in
> this mailing list.)
> >
> > I included this file because it was suggested I should in the template
> >
> https://github.com/h5bp/server-configs-apache/blob/main/vhosts/templates/example.com.conf
> <
> https://github.com/h5bp/server-configs-apache/blob/main/vhosts/templates/example.com.conf
> >
>
>
> I think the failure to detect there is already an encryption in place in
> the virtual host conf file , the error handler's failure to inform the
> user accordingly is a product bug.
>
With respect "h5bp" advertises that it is "A bunch of people creating
> open source software. Fork a project and get involved!" with 39 members
> (<https://h5bp.org/> retrieved 2023-02-10). Apache is somewhat
> exponentially more widespread.
>
> Please move your questions to where they belong.
>
> Good luck.
>
> Paul
> ---
> Tired old sys-admin
>
>
>
> >
> >
> >
> >
> >
> >
> >
> > On Fri, 10 Feb 2023, 17:26 Paul, <stormy22@stormy.ca
> > <ma...@stormy.ca>> wrote:
> >
> > On 2023-02-10 09:38, Zahid Rahman wrote:
> > > *my apache2 installation directory is /etc/apache2 not /usr/local
> > > *
> > > *looks like some kind of hard coding error
> >
> > OK -- so what/why did you "hard code" to /usr/local ?
> >
> > > *$ syst$emctl status apache2.service*
> >
> > Assuming this is a typo for "systemctl status apache2.service"
> > [snip]
> > > Active: failed (Result: exit-code) since Fri 2023-02-10
> > 14:29:33
> > > UTC; 12s ago
> > [snip]
> > > Feb 10 14:29:33 ubuntu apachectl[16627]: AH00526: Syntax error on
> > line
> > > 29 of
> > /etc/apache2/backbutton_configs/h5bp/tls/certificate_files.conf:
> > > Feb 10 14:29:33 ubuntu apachectl[16627]: SSLCertificateFile: file
> > > *'/usr/local/*apache2/certs/default.crt' does not exist or is
> empty
> >
> > OK -- again, what/how/why did you hard code to /usr/local? Obviously
> > Apache can't find it. If it truly exists, permissions? (and that's a
> > long shot.)
> > [snip]
> >
> > > *$ journalctl -xeu apache2.service*
> > [snip]
> > > Feb 10 13:52:48 ubuntu apachectl[15717]: AH00526: Syntax error on
> > line
> > > 29 of
> > /etc/apache2/backbutton_configs/h5bp/tls/certificate_files.conf:
> > > Feb 10 13:52:48 ubuntu apachectl[15717]: SSLCertificateFile: file
> > > '*/usr/local/*apache2/certs/default.crt' does not exist or is
> empty
> >
> > Same error.
> >
> > Critical thinking, a rather old-fashioned concept, suggests that you
> > might, eventually, last-ditch, examine the meaning of the words "does
> > not exist".
> >
> > Good luck.
> >
> > Best,
> > Paul
> > ---
> > Tired old sys-admin, who gave up crystal ball gazing in 1954 using
> > FORTRAN on an IBM 704
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > <ma...@httpd.apache.org>
> > For additional commands, e-mail: users-help@httpd.apache.org
> > <ma...@httpd.apache.org>
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Product Bug h5bp/tls/certificate_files.conf
Posted by Zahid Rahman <za...@gmail.com>.
> With respect "h5bp" advertises that it is "A bunch of people creating
open source software. Fork a project and get involved!" with 39 members
(<https://h5bp.org/> retrieved 2023-02-10). Apache is somewhat
exponentially more widespread.
*Adding composability to a mature product with complex configuration is
progress in my book and if only 36 + 1*
* people know about it means it is quality over quantity.*
https://www <https://Backbutton.org>.backbutton.org
¯\_(ツ)_/¯
♡۶♡ ۶♡۶
<http://www.backbutton.co.uk>
On Fri, 10 Feb 2023 at 23:21, Paul <st...@stormy.ca> wrote:
> On 2023-02-10 12:50, Zahid Rahman wrote:
> > It is hardcoded in the original file see repository.
> >
> https://github.com/h5bp/server-configs-apache/blob/main/h5bp/tls/certificate_files.conf
> <
> https://github.com/h5bp/server-configs-apache/blob/main/h5bp/tls/certificate_files.conf
> >
>
> Unless I'm mistaken this is the htppd.apache.org mailing list. You refer
> to github, where there is a lot of very good material and some
> potentially less reliable by-products. In no way am I suggesting that
> "/blob/main/h5bp/" is short of common sense, but *if* you have followed
> that thread, perhaps your questions and solutions lie there?
> >
> > As I am using letsencrypt I do not need to include the file
> > h5bp/tls/certificate_files.conf as suggested by Florian.
>
> So what does 'Florian' say about your failure? (apologies, I have no
> clue about who he/she might be; from my records, not a participant in
> this mailing list.)
> >
> > I included this file because it was suggested I should in the template
> >
> https://github.com/h5bp/server-configs-apache/blob/main/vhosts/templates/example.com.conf
> <
> https://github.com/h5bp/server-configs-apache/blob/main/vhosts/templates/example.com.conf
> >
>
> With respect "h5bp" advertises that it is "A bunch of people creating
> open source software. Fork a project and get involved!" with 39 members
> (<https://h5bp.org/> retrieved 2023-02-10). Apache is somewhat
> exponentially more widespread.
>
> Please move your questions to where they belong.
>
> Good luck.
>
> Paul
> ---
> Tired old sys-admin
>
>
>
> >
> >
> >
> >
> >
> >
> >
> > On Fri, 10 Feb 2023, 17:26 Paul, <stormy22@stormy.ca
> > <ma...@stormy.ca>> wrote:
> >
> > On 2023-02-10 09:38, Zahid Rahman wrote:
> > > *my apache2 installation directory is /etc/apache2 not /usr/local
> > > *
> > > *looks like some kind of hard coding error
> >
> > OK -- so what/why did you "hard code" to /usr/local ?
> >
> > > *$ syst$emctl status apache2.service*
> >
> > Assuming this is a typo for "systemctl status apache2.service"
> > [snip]
> > > Active: failed (Result: exit-code) since Fri 2023-02-10
> > 14:29:33
> > > UTC; 12s ago
> > [snip]
> > > Feb 10 14:29:33 ubuntu apachectl[16627]: AH00526: Syntax error on
> > line
> > > 29 of
> > /etc/apache2/backbutton_configs/h5bp/tls/certificate_files.conf:
> > > Feb 10 14:29:33 ubuntu apachectl[16627]: SSLCertificateFile: file
> > > *'/usr/local/*apache2/certs/default.crt' does not exist or is
> empty
> >
> > OK -- again, what/how/why did you hard code to /usr/local? Obviously
> > Apache can't find it. If it truly exists, permissions? (and that's a
> > long shot.)
> > [snip]
> >
> > > *$ journalctl -xeu apache2.service*
> > [snip]
> > > Feb 10 13:52:48 ubuntu apachectl[15717]: AH00526: Syntax error on
> > line
> > > 29 of
> > /etc/apache2/backbutton_configs/h5bp/tls/certificate_files.conf:
> > > Feb 10 13:52:48 ubuntu apachectl[15717]: SSLCertificateFile: file
> > > '*/usr/local/*apache2/certs/default.crt' does not exist or is
> empty
> >
> > Same error.
> >
> > Critical thinking, a rather old-fashioned concept, suggests that you
> > might, eventually, last-ditch, examine the meaning of the words "does
> > not exist".
> >
> > Good luck.
> >
> > Best,
> > Paul
> > ---
> > Tired old sys-admin, who gave up crystal ball gazing in 1954 using
> > FORTRAN on an IBM 704
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > <ma...@httpd.apache.org>
> > For additional commands, e-mail: users-help@httpd.apache.org
> > <ma...@httpd.apache.org>
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Product Bug h5bp/tls/certificate_files.conf
Posted by Paul <st...@stormy.ca>.
On 2023-02-10 12:50, Zahid Rahman wrote:
> It is hardcoded in the original file see repository.
> https://github.com/h5bp/server-configs-apache/blob/main/h5bp/tls/certificate_files.conf <https://github.com/h5bp/server-configs-apache/blob/main/h5bp/tls/certificate_files.conf>
Unless I'm mistaken this is the htppd.apache.org mailing list. You refer
to github, where there is a lot of very good material and some
potentially less reliable by-products. In no way am I suggesting that
"/blob/main/h5bp/" is short of common sense, but *if* you have followed
that thread, perhaps your questions and solutions lie there?
>
> As I am using letsencrypt I do not need to include the file
> h5bp/tls/certificate_files.conf as suggested by Florian.
So what does 'Florian' say about your failure? (apologies, I have no
clue about who he/she might be; from my records, not a participant in
this mailing list.)
>
> I included this file because it was suggested I should in the template
> https://github.com/h5bp/server-configs-apache/blob/main/vhosts/templates/example.com.conf <https://github.com/h5bp/server-configs-apache/blob/main/vhosts/templates/example.com.conf>
With respect "h5bp" advertises that it is "A bunch of people creating
open source software. Fork a project and get involved!" with 39 members
(<https://h5bp.org/> retrieved 2023-02-10). Apache is somewhat
exponentially more widespread.
Please move your questions to where they belong.
Good luck.
Paul
---
Tired old sys-admin
>
>
>
>
>
>
>
> On Fri, 10 Feb 2023, 17:26 Paul, <stormy22@stormy.ca
> <ma...@stormy.ca>> wrote:
>
> On 2023-02-10 09:38, Zahid Rahman wrote:
> > *my apache2 installation directory is /etc/apache2 not /usr/local
> > *
> > *looks like some kind of hard coding error
>
> OK -- so what/why did you "hard code" to /usr/local ?
>
> > *$ syst$emctl status apache2.service*
>
> Assuming this is a typo for "systemctl status apache2.service"
> [snip]
> > Active: failed (Result: exit-code) since Fri 2023-02-10
> 14:29:33
> > UTC; 12s ago
> [snip]
> > Feb 10 14:29:33 ubuntu apachectl[16627]: AH00526: Syntax error on
> line
> > 29 of
> /etc/apache2/backbutton_configs/h5bp/tls/certificate_files.conf:
> > Feb 10 14:29:33 ubuntu apachectl[16627]: SSLCertificateFile: file
> > *'/usr/local/*apache2/certs/default.crt' does not exist or is empty
>
> OK -- again, what/how/why did you hard code to /usr/local? Obviously
> Apache can't find it. If it truly exists, permissions? (and that's a
> long shot.)
> [snip]
>
> > *$ journalctl -xeu apache2.service*
> [snip]
> > Feb 10 13:52:48 ubuntu apachectl[15717]: AH00526: Syntax error on
> line
> > 29 of
> /etc/apache2/backbutton_configs/h5bp/tls/certificate_files.conf:
> > Feb 10 13:52:48 ubuntu apachectl[15717]: SSLCertificateFile: file
> > '*/usr/local/*apache2/certs/default.crt' does not exist or is empty
>
> Same error.
>
> Critical thinking, a rather old-fashioned concept, suggests that you
> might, eventually, last-ditch, examine the meaning of the words "does
> not exist".
>
> Good luck.
>
> Best,
> Paul
> ---
> Tired old sys-admin, who gave up crystal ball gazing in 1954 using
> FORTRAN on an IBM 704
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> <ma...@httpd.apache.org>
> For additional commands, e-mail: users-help@httpd.apache.org
> <ma...@httpd.apache.org>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Product Bug h5bp/tls/certificate_files.conf
Posted by Zahid Rahman <za...@gmail.com>.
It is hardcoded in the original file see repository.
https://github.com/h5bp/server-configs-apache/blob/main/h5bp/tls/certificate_files.conf
As I am using letsencrypt I do not need to include the file
h5bp/tls/certificate_files.conf as suggested by Florian.
I included this file because it was suggested I should in the template
https://github.com/h5bp/server-configs-apache/blob/main/vhosts/templates/example.com.conf
On Fri, 10 Feb 2023, 17:26 Paul, <st...@stormy.ca> wrote:
> On 2023-02-10 09:38, Zahid Rahman wrote:
> > *my apache2 installation directory is /etc/apache2 not /usr/local
> > *
> > *looks like some kind of hard coding error
>
> OK -- so what/why did you "hard code" to /usr/local ?
>
> > *$ syst$emctl status apache2.service*
>
> Assuming this is a typo for "systemctl status apache2.service"
> [snip]
> > Active: failed (Result: exit-code) since Fri 2023-02-10 14:29:33
> > UTC; 12s ago
> [snip]
> > Feb 10 14:29:33 ubuntu apachectl[16627]: AH00526: Syntax error on line
> > 29 of /etc/apache2/backbutton_configs/h5bp/tls/certificate_files.conf:
> > Feb 10 14:29:33 ubuntu apachectl[16627]: SSLCertificateFile: file
> > *'/usr/local/*apache2/certs/default.crt' does not exist or is empty
>
> OK -- again, what/how/why did you hard code to /usr/local? Obviously
> Apache can't find it. If it truly exists, permissions? (and that's a
> long shot.)
> [snip]
>
> > *$ journalctl -xeu apache2.service*
> [snip]
> > Feb 10 13:52:48 ubuntu apachectl[15717]: AH00526: Syntax error on line
> > 29 of /etc/apache2/backbutton_configs/h5bp/tls/certificate_files.conf:
> > Feb 10 13:52:48 ubuntu apachectl[15717]: SSLCertificateFile: file
> > '*/usr/local/*apache2/certs/default.crt' does not exist or is empty
>
> Same error.
>
> Critical thinking, a rather old-fashioned concept, suggests that you
> might, eventually, last-ditch, examine the meaning of the words "does
> not exist".
>
> Good luck.
>
> Best,
> Paul
> ---
> Tired old sys-admin, who gave up crystal ball gazing in 1954 using
> FORTRAN on an IBM 704
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] Product Bug h5bp/tls/certificate_files.conf
Posted by Paul <st...@stormy.ca>.
On 2023-02-10 09:38, Zahid Rahman wrote:
> *my apache2 installation directory is /etc/apache2 not /usr/local
> *
> *looks like some kind of hard coding error
OK -- so what/why did you "hard code" to /usr/local ?
> *$ syst$emctl status apache2.service*
Assuming this is a typo for "systemctl status apache2.service"
[snip]
> Active: failed (Result: exit-code) since Fri 2023-02-10 14:29:33
> UTC; 12s ago
[snip]
> Feb 10 14:29:33 ubuntu apachectl[16627]: AH00526: Syntax error on line
> 29 of /etc/apache2/backbutton_configs/h5bp/tls/certificate_files.conf:
> Feb 10 14:29:33 ubuntu apachectl[16627]: SSLCertificateFile: file
> *'/usr/local/*apache2/certs/default.crt' does not exist or is empty
OK -- again, what/how/why did you hard code to /usr/local? Obviously
Apache can't find it. If it truly exists, permissions? (and that's a
long shot.)
[snip]
> *$ journalctl -xeu apache2.service*
[snip]
> Feb 10 13:52:48 ubuntu apachectl[15717]: AH00526: Syntax error on line
> 29 of /etc/apache2/backbutton_configs/h5bp/tls/certificate_files.conf:
> Feb 10 13:52:48 ubuntu apachectl[15717]: SSLCertificateFile: file
> '*/usr/local/*apache2/certs/default.crt' does not exist or is empty
Same error.
Critical thinking, a rather old-fashioned concept, suggests that you
might, eventually, last-ditch, examine the meaning of the words "does
not exist".
Good luck.
Best,
Paul
---
Tired old sys-admin, who gave up crystal ball gazing in 1954 using
FORTRAN on an IBM 704
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Product Bug h5bp/tls/certificate_files.conf
Posted by Antony Stone <An...@apache.open.source.it>.
On Friday 10 February 2023 at 14:38:13, Zahid Rahman wrote:
> *my apache2 installation directory is /etc/apache2 not /usr/local *
Do you really meant that Apache is *installed* under /etc/apache2!?
I think you mean that its configuration files are there.
It should be *installed* in /usr/sbin/apache2 with some libraries in
/usr/lib/apache2
Antony.
--
"In fact I wanted to be John Cleese and it took me some time to realise that
the job was already taken."
- Douglas Adams
Please reply to the list;
please *don't* CC me.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Product Bug h5bp/tls/certificate_files.conf
Posted by Zahid Rahman <za...@gmail.com>.
*my apache2 installation directory is /etc/apache2 not /usr/local *
*looks like some kind of hard coding error *
*$ syst$emctl status apache2.service*
× apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor
preset: enabled)
Active: failed (Result: exit-code) since Fri 2023-02-10 14:29:33 UTC;
12s ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 16624 ExecStart=/usr/sbin/apachectl start (code=exited,
status=1/FAILURE)
CPU: 188ms
Feb 10 14:29:33 ubuntu systemd[1]: Starting The Apache HTTP Server...
Feb 10 14:29:33 ubuntu apachectl[16627]: AH00526: Syntax error on line 29
of /etc/apache2/backbutton_configs/h5bp/tls/certificate_files.conf:
Feb 10 14:29:33 ubuntu apachectl[16627]: SSLCertificateFile: file
*'/usr/local/*apache2/certs/default.crt' does not exist or is empty
Feb 10 14:29:33 ubuntu apachectl[16624]: Action 'start' failed.
Feb 10 14:29:33 ubuntu apachectl[16624]: The Apache error log may have more
information.
Feb 10 14:29:33 ubuntu systemd[1]: apache2.service: Control process exited,
code=exited, status=1/FAILURE
Feb 10 14:29:33 ubuntu systemd[1]: apache2.service: Failed with result
'exit-code'.
Feb 10 14:29:33 ubuntu systemd[1]: Failed to start The Apache HTTP Server.
*$ journalctl -xeu apache2.service*
Subject: A start job for unit apache2.service has begun execution
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit apache2.service has begun execution.
░░
░░ The job identifier is 12254.
Feb 10 13:52:48 ubuntu apachectl[15717]: AH00526: Syntax error on line 29
of /etc/apache2/backbutton_configs/h5bp/tls/certificate_files.conf:
Feb 10 13:52:48 ubuntu apachectl[15717]: SSLCertificateFile: file '
*/usr/local/*apache2/certs/default.crt' does not exist or is empty
Feb 10 13:52:48 ubuntu apachectl[15714]: Action 'start' failed.
Feb 10 13:52:48 ubuntu apachectl[15714]: The Apache error log may have more
information.
Feb 10 13:52:48 ubuntu systemd[1]: apache2.service: Control process exited,
code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ An ExecStart= process belonging to unit apache2.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
https://www <https://Backbutton.org>.backbutton.org
¯\_(ツ)_/¯
♡۶♡ ۶♡۶
<http://www.backbutton.co.uk>
On Fri, 10 Feb 2023 at 14:23, Florian Schwalm <fl...@flo-films.de> wrote:
> What is the output of running journalctl -xeu apache2.service?
>
> If you included the file from the repository unchanged the files mentioned
> there probably do not exist on your machine and they shouldn't.
>
> The configurations from the h5bp/server-configs-apache repository are not
> all plug and play, for some you MUST read the comments in the files and
> adjust the given directives to your own system.
>
> Since you already have letsencrypt TLS rules in your configuration I don't
> think you should include h5bp/tls/certificate_files.conf at all.
>
>
> Am 10. Februar 2023 15:05:19 MEZ schrieb Zahid Rahman <
> zahidr1000@gmail.com>:
>>
>> Hi,
>>
>> Including h5bp/tls/certificate_files.conf in the virtual host conf file
>> is causing an error
>> I believe this is a product bug rather than something I may be doing.
>>
>> $ sudo /etc/init.d/apache2 restart
>> Restarting apache2 (via systemctl): apache2.serviceJob for
>> apache2.service failed because the control process exited with error code.
>> See "systemctl status apache2.service" and "journalctl -xeu
>> apache2.service" for details.
>>
>>
>> <IfModule mod_ssl.c>
>> <VirtualHost *:443>
>> ServerAdmin zahidr1000@gmail.com
>> ServerName backbutton.org
>> ServerAlias www.backbutton.org
>> DocumentRoot /***/****/backbutton
>> ErrorLog ${APACHE_LOG_DIR}/error.log
>> CustomLog ${APACHE_LOG_DIR}/access.log combined
>>
>>
>> Include backbutton_configs/h5bp/tls/ssl_engine.conf
>> *# Include backbutton_configs/h5bp/tls/*
>> *certificate_files.conf*Include
>> backbutton_configs/h5bp/tls/policy_balanced.conf
>>
>> Include backbutton_configs/h5bp/rewrites/rewrite_nowww.conf
>>
>> Include backbutton_configs/h5bp/basic.conf
>> Include backbutton_configs/h5bp/web_performance/cache-control.conf
>> Include backbutton_configs/h5bp/web_performance/cache_expiration.conf
>> Include backbutton_configs/h5bp/web_performance/compression.conf
>> Include
>> backbutton_configs/h5bp/web_performance/content_transformation.conf
>> Include backbutton_configs/h5bp/web_performance/etags.conf
>> Include backbutton_configs/h5bp/web_performance/file_concatenation.conf
>> Include
>> backbutton_configs/h5bp/web_performance/filename-based_cache_busting.conf
>>
>> Include /etc/letsencrypt/options-ssl-apache.conf
>> SSLCertificateFile /etc/letsencrypt/live/backbutton.org-0001/fullchain.pem
>> SSLCertificateKeyFile
>> /etc/letsencrypt/live/backbutton.org-0001/privkey.pem
>> </VirtualHost>
>> </IfModule>
>>
>> Regards
>> Zahid
>>
>>
>> https://www <https://Backbutton.org>.backbutton.org
>> ¯\_(ツ)_/¯
>> ♡۶♡ ۶♡۶
>>
>> <http://www.backbutton.co.uk>
>>
>
Re: [users@httpd] Product Bug h5bp/tls/certificate_files.conf
Posted by Florian Schwalm <fl...@flo-films.de>.
What is the output of running journalctl -xeu apache2.service?
If you included the file from the repository unchanged the files mentioned there probably do not exist on your machine and they shouldn't.
The configurations from the h5bp/server-configs-apache repository are not all plug and play, for some you MUST read the comments in the files and adjust the given directives to your own system.
Since you already have letsencrypt TLS rules in your configuration I don't think you should include h5bp/tls/certificate_files.conf at all.
Am 10. Februar 2023 15:05:19 MEZ schrieb Zahid Rahman <za...@gmail.com>:
>Hi,
>
>Including h5bp/tls/certificate_files.conf in the virtual host conf file
>is causing an error
>I believe this is a product bug rather than something I may be doing.
>
>$ sudo /etc/init.d/apache2 restart
>Restarting apache2 (via systemctl): apache2.serviceJob for apache2.service
>failed because the control process exited with error code.
>See "systemctl status apache2.service" and "journalctl -xeu
>apache2.service" for details.
>
>
><IfModule mod_ssl.c>
><VirtualHost *:443>
> ServerAdmin zahidr1000@gmail.com
> ServerName backbutton.org
> ServerAlias www.backbutton.org
> DocumentRoot /***/****/backbutton
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
>
>
>Include backbutton_configs/h5bp/tls/ssl_engine.conf
>*# Include backbutton_configs/h5bp/tls/*
>*certificate_files.conf*Include
> backbutton_configs/h5bp/tls/policy_balanced.conf
>
>Include backbutton_configs/h5bp/rewrites/rewrite_nowww.conf
>
>Include backbutton_configs/h5bp/basic.conf
>Include backbutton_configs/h5bp/web_performance/cache-control.conf
>Include backbutton_configs/h5bp/web_performance/cache_expiration.conf
>Include backbutton_configs/h5bp/web_performance/compression.conf
>Include backbutton_configs/h5bp/web_performance/content_transformation.conf
>Include backbutton_configs/h5bp/web_performance/etags.conf
>Include backbutton_configs/h5bp/web_performance/file_concatenation.conf
>Include
>backbutton_configs/h5bp/web_performance/filename-based_cache_busting.conf
>
>Include /etc/letsencrypt/options-ssl-apache.conf
>SSLCertificateFile /etc/letsencrypt/live/backbutton.org-0001/fullchain.pem
>SSLCertificateKeyFile /etc/letsencrypt/live/backbutton.org-0001/privkey.pem
></VirtualHost>
></IfModule>
>
>Regards
>Zahid
>
>
>https://www <https://Backbutton.org>.backbutton.org
>¯\_(ツ)_/¯
>♡۶♡ ۶♡۶
>
><http://www.backbutton.co.uk>