| View previous topic :: View next topic |
| Author |
Message |
crkpipe1
n00b
Joined: 24 Jun 2004
Posts: 4
|
 Posted: Thu Jan 06, 2005 3:27 am Post subject: Apache2 and server.crt does not exist. |
 |
|
Greetings all,
I have emerged, unmerged and remerged using every possible combination of mod_ssl, mod_php, apache, etc. . . and I cannot get apache2 to start.
The error message being returned is as follows:
Apache2 has detected a syntax error in your configuration files:
Syntax error on line 44 of /usr/lib/apache2/conf/modules.d/41_mod_ssl.default-vhost.conf:
SSLCertificateFile: file 'usr/lib/apache/conf/ssl/server.crt does not exist or is empty.
What is it exacly looking for, I was under the impression that ssl was built into the apache2 ebuild and would work?
Is there a certificate that needs to be generated that apache is looking for?
Any ideas, suggestions or solutions I thank you in advance for!
cb |
|
| Back to top |
|
 |
wolvie
n00b
Joined: 01 Mar 2004
Posts: 32
Location: Stockholm, Sweden
|
| Posted: Thu Jan 06, 2005 6:40 am Post subject: |
|
|
check the 44 of /etc/apache2/conf/modules.d/41_mod_ssl.default-vhost.conf you should find something like
| Code: | | SSLCertificateFile /path/to/server.crt |
check if this file (server.crt) exists and its not empty. if not exist or empty you can create a self signed certificate to bring apache up (assuming that you and ssl support for apache, if not just edit /etc/conf.d/apache and comment out the line:
| Code: | | APACHE2_OPTS="-D SSL" |
this line can have other options like -D PHP4, if so just wipe the -D SSL from this options and start apache)
to create this certificate run
| Code: | openssl req -new -nodes -newkey rsa:1024 -sha1 -3des -keyform PEM -keyout server.key -outform PEM -out request.pem
openssl x509 -req -in request.pem -signkey base.priv -out server.crt |
that will generate a passwordless key and certificate, which is not that secure so if you wan't a password for this change
| Code: | | openssl req -new -nodes -newkey rsa:1024 -sha1 -3des -keyform PEM -keyout base.priv -outform PEM -out request.pem |
to
| Code: | | openssl req -new -newkey rsa:1024 -sha1 -keyform PEM -keyout base.priv -outform PEM -out request.pem |
and then copy the files server.crt and server.key to the path specified on /etc/apache2/conf/modules.d/41_mod_ssl.default-vhost.conf and start apache, you can discard request.pem once the .crt file is created.. |
|
| Back to top |
|
|
crackpipe1
n00b
Joined: 08 Jan 2005
Posts: 2
|
| Posted: Sat Jan 08, 2005 4:09 am Post subject: |
|
|
Wolvie,
I tried what you have suggested and here is what happens... all I get now when I try to start apache now is the red [!!] with no error message.
I turn off the APACHE2_OPTS="-D SSL" and apache loads [OK] what is it about ssl that apache2 is not liking?
I have unmerged and remerged in various different orders and combinations using different variables in make.conf but it only seems that I can get apache2 to work by turning off the "-D SSL" option, which of course is not good.
Any suggestions or ideas I thank you in advance for!
cb |
|
| Back to top |
|
|
nobspangle
Veteran
Joined: 23 Mar 2004
Posts: 1318
Location: Manchester, UK
|
| Posted: Sat Jan 08, 2005 10:35 am Post subject: |
|
|
check your error log to see why apache is not starting.
/var/log/apache2/error_log |
|
| Back to top |
|
|
Chris..S
n00b
Joined: 10 Jan 2005
Posts: 13
|
| Posted: Mon Jan 10, 2005 8:14 pm Post subject: |
|
|
I suspect it will be missing directory /var/cache/apache2.
mkdir /var/cache/apache2
and you should be able to /etc/init.d/apache2 start
I have just completed a clean install of apache2/ssl/php. You seem to have got passed the first three changes that I needed to make. This was the last one. After that apache started ok. |
|
| Back to top |
|
|
Dagger
Retired Dev
Joined: 11 Jun 2003
Posts: 765
Location: UK
|
| Posted: Wed Jan 12, 2005 1:38 am Post subject: Re: Apache2 and server.crt does not exist. |
|
|
| crkpipe1 wrote: | Greetings all,
Apache2 has detected a syntax error in your configuration files:
Syntax error on line 44 of /usr/lib/apache2/conf/modules.d/41_mod_ssl.default-vhost.conf:
SSLCertificateFile: file 'usr/lib/apache/conf/ssl/server.crt does not exist or is empty.
cb |
Looks like your config points APACHE1 cert not APACHE2 try to change it to SSLCertificateFile: file 'usr/lib/apache2/conf/ssl/server.crt. I assume you already generated your certs.
_________________
95% of all computer errors occur between chair and keyboard (TM)
Join the FSF as an Associate Member!
Post under CC license. |
|
| Back to top |
|
|
mwalle
n00b
Joined: 07 Jan 2005
Posts: 25
Location: Victoria, BC
|
| Posted: Sat Jan 15, 2005 11:58 pm Post subject: |
|
|
here's what i did to solve the errors:
| Code: |
pretty ~ # openssl req -newkey rsa:1024 -keyout server.key -nodes -x509 -out server.crt
pretty ~ # openssl req -newkey rsa:1024 -keyout server.key -nodes -x509 -out server.key
pretty ~ # mv server.crt /usr/lib/apache2/conf/ssl/server.crt
pretty ~ # mv server.key /usr/lib/apache2/conf/ssl/server.key
pretty ~ # /etc/init.d/apache2 start
* Starting apache2 ...
|
at which point it ends... no [ok] or [!!]... i go to http://127.0.0.1 in firefox and i get connection refused...
So then:
| Code: |
pretty ~ # /etc/init.d/apache2 stop
* ERROR: "apache2" has not yet been started.
|
help? |
|
| Back to top |
|
|
mwalle
n00b
Joined: 07 Jan 2005
Posts: 25
Location: Victoria, BC
|
| Posted: Sun Jan 16, 2005 6:54 pm Post subject: |
|
|
after an emerge --unmerge apache and then emerging it i get:
| Code: |
pretty ~ # /etc/init.d/apache2 start
* Starting apache2 ... [ !! ]
|
so naturally i check the error log so i can copy/paste it for you people, since i don't etirely understand it:
| Code: |
pretty ~ # cat /var/log/apache2/error_log
[Sat Jan 15 10:27:19 2005] [notice] Digest: generating secret for digest authentication ...
[Sat Jan 15 10:27:19 2005] [notice] Digest: done
[Sat Jan 15 10:27:20 2005] [notice] Apache/2.0.52 (Gentoo/Linux) configured -- resuming normal operations
[Sat Jan 15 14:56:45 2005] [notice] caught SIGTERM, shutting down
|
anything will help at this point. i've had apache with ssl working in the past, it just seems to be this ebuild.
thanks |
|
| Back to top |
|
|
rickvernam
Guru
Joined: 09 Jul 2004
Posts: 313
|
| Posted: Wed Jan 19, 2005 10:11 pm Post subject: |
|
|
I was having this problem, but is has gone away now.
I looked in 'ssl_error_log' for clues, mine was located at /usr/lib/apache2/logs. Have you looked in there yet?
Here are some things I did that I think may have contributed to getting this darn thing working (my first time doing this, so I really don't know much except that I did the following and now it works)...
in /etc/conf.d/apache2.conf:
APACHE2_OPTS="-D SSL -D PHP5"
make sure to uncomment this line, I almost missed that...
in /etc/apache2/conf/modules.d/41_mod_ssl.default-vhost.conf:
line 44: SSLCertificateFile /etc/apache2/conf/ssl/server.crt
line 52: SSLCertificateKeyFile /etc/apache2/conf/ssl/server.key
server.* were generated by running the following commands in the /etc/apache2/conf/ssl folder as root. During the processes, it asks a bunch of questions, I don't know if it matters, but I answered the questions Identically for both files:
openssl req -newkey rsa:1024 -keyout server.key -nodes -x509 -out server.crt
openssl req -newkey rsa:1024 -keyout server.key -nodes -x509 -out server.key
I don't think I did anything else...but then again, even now only about 4 or 5 minutes after getting it to work, I don't remember... |
|
| Back to top |
|
|
ikshaar
Veteran
Joined: 23 Jul 2002
Posts: 1339
Location: Baltimore, MD
|
| Posted: Thu Jan 20, 2005 9:39 pm Post subject: |
|
|
Having the same problem to start apache2 (no previous apache1 was installed), I saw that the emerge ended with a warning about a missing ssl directory.
| Code: | >>> /usr/lib/apache2/logs -> /var/log/apache2
ssl
ssl
/usr/lib/portage/bin/ebuild.sh: line 384: cd: //etc/apache2/conf/ssl: No such file or directory
*
* Generating self-signed test certificate in /etc/apache2/conf/ssl...
*
>>> Regenerating /etc/ld.so.cache...
* Caching service dependencies...
>>> net-www/apache-2.0.52-r1 merged. |
As this certificate seems to be missing ...i would say there might be an error in ebuild or install script and it also does not detect that this certification creation failed.
(complete n00b on apache/web server, so I am really guessing here...)
PS: I just wanted to share a calendar with Webdav... i wish there was something simpler than apache2 for that...
_________________
"May God stands between you and harm in all the empty places where you must walk" - Babylon 5 |
|
| Back to top |
|
|
|
Networking & Security
