You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Issac Goldstand <ma...@beamartyr.net> on 2011/05/26 11:10:49 UTC
[users@httpd] 2.2.19 (and probably earlier) won't let you make non-ssl vhosts on
443?
I just upgraded a machine from 2.2.8 to 2.2.19 and suddenly Apache
wouldn't let me run non-SSL vhosts on port 443. A snippet like below:
<VirtualHost a.b.c.d:443>
DocumentRoot /home/foo/httpdocs
ServerName foo
<Directory "/home/foo/httpdocs/">
allow from all
Options +Indexes
</Directory>
</VirtualHost>
Suddenly caused the following fatal startup error to be logged:
[error] Server should be SSL-aware but has no certificate configured
[Hint: SSLCertificateFile] ((null):0)
Was this an intentional decision made some while ago that I just didn't
know about or is it a bug?
(I'd personally only expect to see that with an explicit SSLEngine On
and no certificate/key files configured)
Issac
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: 2.2.19 (and probably earlier) won't let you make non-ssl vhosts
on 443?
Posted by Issac Goldstand <ma...@beamartyr.net>.
On 26/05/2011 12:16, Reindl Harald wrote:
>
> Am 26.05.2011 11:10, schrieb Issac Goldstand:
>> I just upgraded a machine from 2.2.8 to 2.2.19 and suddenly Apache
>> wouldn't let me run non-SSL vhosts on port 443. A snippet like below:
>>
>> <VirtualHost a.b.c.d:443>
>> DocumentRoot /home/foo/httpdocs
>> ServerName foo
>> <Directory "/home/foo/httpdocs/">
>> allow from all
>> Options +Indexes
>> </Directory>
>> </VirtualHost>
>>
>> Suddenly caused the following fatal startup error to be logged:
>> [error] Server should be SSL-aware but has no certificate configured
>> [Hint: SSLCertificateFile] ((null):0)
>>
>> Was this an intentional decision made some while ago that I just didn't
>> know about or is it a bug?
>>
>> (I'd personally only expect to see that with an explicit SSLEngine On
>> and no certificate/key files configured)
> 443 == https
>
> why anybody should use it for http?
> there are thousands of other ports (81, 82, 83, 8080...)
>
Maybe they have some sort of funky config where something in front of
Apache is doing the SSL, and for some odd reason it's important for them
for the vhost to run on 443 regardless.
People have funny ideas sometimes.
I'm not saying that it's intelligent thinging, but regardless the point
is that it breaks compatibility of config files inside the same minor
version of Apache which is... not so good.
Issac
Re: 2.2.19 (and probably earlier) won't let you make non-ssl vhosts
on 443?
Posted by Reindl Harald <h....@thelounge.net>.
Am 26.05.2011 11:10, schrieb Issac Goldstand:
> I just upgraded a machine from 2.2.8 to 2.2.19 and suddenly Apache
> wouldn't let me run non-SSL vhosts on port 443. A snippet like below:
>
> <VirtualHost a.b.c.d:443>
> DocumentRoot /home/foo/httpdocs
> ServerName foo
> <Directory "/home/foo/httpdocs/">
> allow from all
> Options +Indexes
> </Directory>
> </VirtualHost>
>
> Suddenly caused the following fatal startup error to be logged:
> [error] Server should be SSL-aware but has no certificate configured
> [Hint: SSLCertificateFile] ((null):0)
>
> Was this an intentional decision made some while ago that I just didn't
> know about or is it a bug?
>
> (I'd personally only expect to see that with an explicit SSLEngine On
> and no certificate/key files configured)
443 == https
why anybody should use it for http?
there are thousands of other ports (81, 82, 83, 8080...)
Re: 2.2.19 (and probably earlier) won't let you make non-ssl vhosts on 443?
Posted by Stefan Fritsch <sf...@sfritsch.de>.
On Thursday 26 May 2011, Plüm, Rüdiger, VF-Group wrote:
> > > Suddenly caused the following fatal startup error to be logged:
> > > [error] Server should be SSL-aware but has no certificate
> > > configured [Hint: SSLCertificateFile] ((null):0)
> > Could it be this entry from the 2.2.12 changelog:
> > *) Set Listen protocol to "https" if port is set to 443 and
> >
> > no proto is
> >
> > specified (as documented but not implemented). PR 46066
> > [Dan Poirier <poirier pobox.com>]
> Yes thats it:
> http://svn.apache.org/viewvc?view=revision&revision=727769
>
> You should use
>
> Listen a.b.c.d:443 http
>
> instead of
>
> Listen a.b.c.d:443
>
> to fix this.
The error handling really sucks. For example,
Listen 443
<VirtualHost *:443>
# nothing about ssl here
...
</VirtualHost>
gives the above message. Note the "((null):0)" at the end which should
be config filename and line number. Adding "SSLEngine off" to the
vhost still causes the same error, but this time with filename/line
number.
Adding SSLCertificateFile+SSLCertificateKeyFile to the vhost, but
ommiting "SSLEngine" changes the message to
"ops, no RSA, DSA or ECC server certificate found for 'localhost:0'?!"
Which is plain wrong, because the server does have a certificate. And
port 0, seriously? Does anyone have some spare cycles to improve this?
Cheers,
Stefan
RE: 2.2.19 (and probably earlier) won't let you make non-ssl vhosts on 443?
Posted by "Plüm, Rüdiger, VF-Group" <ru...@vodafone.com>.
> -----Original Message-----
> From: Rainer Jung [mailto:rainer.jung@kippdata.de]
> Sent: Donnerstag, 26. Mai 2011 11:43
> To: dev@httpd.apache.org
> Cc: users@httpd.apache.org
> Subject: Re: 2.2.19 (and probably earlier) won't let you make
> non-ssl vhosts on 443?
>
> On 26.05.2011 11:10, Issac Goldstand wrote:
> > I just upgraded a machine from 2.2.8 to 2.2.19 and suddenly Apache
> > wouldn't let me run non-SSL vhosts on port 443. A snippet
> like below:
> >
> > <VirtualHost a.b.c.d:443>
> > DocumentRoot /home/foo/httpdocs
> > ServerName foo
> > <Directory "/home/foo/httpdocs/">
> > allow from all
> > Options +Indexes
> > </Directory>
> > </VirtualHost>
> >
> > Suddenly caused the following fatal startup error to be logged:
> > [error] Server should be SSL-aware but has no certificate configured
> > [Hint: SSLCertificateFile] ((null):0)
> >
> > Was this an intentional decision made some while ago that I
> just didn't
> > know about or is it a bug?
> >
> > (I'd personally only expect to see that with an explicit
> SSLEngine On
> > and no certificate/key files configured)
>
> Could it be this entry from the 2.2.12 changelog:
>
> *) Set Listen protocol to "https" if port is set to 443 and
> no proto is
> specified (as documented but not implemented). PR 46066
> [Dan Poirier <poirier pobox.com>]
>
Yes thats it: http://svn.apache.org/viewvc?view=revision&revision=727769
You should use
Listen a.b.c.d:443 http
instead of
Listen a.b.c.d:443
to fix this.
Regards
Rüdiger
Re: 2.2.19 (and probably earlier) won't let you make non-ssl vhosts
on 443?
Posted by Rainer Jung <ra...@kippdata.de>.
On 26.05.2011 11:10, Issac Goldstand wrote:
> I just upgraded a machine from 2.2.8 to 2.2.19 and suddenly Apache
> wouldn't let me run non-SSL vhosts on port 443. A snippet like below:
>
> <VirtualHost a.b.c.d:443>
> DocumentRoot /home/foo/httpdocs
> ServerName foo
> <Directory "/home/foo/httpdocs/">
> allow from all
> Options +Indexes
> </Directory>
> </VirtualHost>
>
> Suddenly caused the following fatal startup error to be logged:
> [error] Server should be SSL-aware but has no certificate configured
> [Hint: SSLCertificateFile] ((null):0)
>
> Was this an intentional decision made some while ago that I just didn't
> know about or is it a bug?
>
> (I'd personally only expect to see that with an explicit SSLEngine On
> and no certificate/key files configured)
Could it be this entry from the 2.2.12 changelog:
*) Set Listen protocol to "https" if port is set to 443 and no proto is
specified (as documented but not implemented). PR 46066
[Dan Poirier <poirier pobox.com>]
Regards,
Rainer
[users@httpd] Re: 2.2.19 (and probably earlier) won't let you make non-ssl vhosts
on 443?
Posted by Rainer Jung <ra...@kippdata.de>.
On 26.05.2011 11:10, Issac Goldstand wrote:
> I just upgraded a machine from 2.2.8 to 2.2.19 and suddenly Apache
> wouldn't let me run non-SSL vhosts on port 443. A snippet like below:
>
> <VirtualHost a.b.c.d:443>
> DocumentRoot /home/foo/httpdocs
> ServerName foo
> <Directory "/home/foo/httpdocs/">
> allow from all
> Options +Indexes
> </Directory>
> </VirtualHost>
>
> Suddenly caused the following fatal startup error to be logged:
> [error] Server should be SSL-aware but has no certificate configured
> [Hint: SSLCertificateFile] ((null):0)
>
> Was this an intentional decision made some while ago that I just didn't
> know about or is it a bug?
>
> (I'd personally only expect to see that with an explicit SSLEngine On
> and no certificate/key files configured)
Could it be this entry from the 2.2.12 changelog:
*) Set Listen protocol to "https" if port is set to 443 and no proto is
specified (as documented but not implemented). PR 46066
[Dan Poirier <poirier pobox.com>]
Regards,
Rainer
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org