Control: clone 877341 -1 Control: reassign -1 src:apache2 Control: retitle -1 apache2: please include mod_md patch in apache2 Control: severity -1 normal Control: block 877341 by -1
Hi Axel, you are right and I intended to fill an bug on apache2 to get the patch included. But I didn't get to it yet. So here we are... Apache2 maintainers, could you please include: https://raw.githubusercontent.com/icing/mod_md/v0.9.7/patches/mod_ssl_md-2.4.x-v5.diff My apache2 ppa has to patch for quite some time and there was no bug report related to it, so it should be very safe to include (I also checked with upstream maintainer whether it has any downside, and according to him, it does not). Cheers, Ondrej On Sat, 30 Sep 2017 at 10:30 Axel Beckert <a...@debian.org> wrote: Package: libapache2-mod-md Version: 0.9.0-1 Severity: grave Dear Ondřej, I've installed libapache2-mod-md on a machine (Raspberry Pi) running Debian Unstable where apache2 was already installed. I've disabled all previous site configurations and wrote a new site configuration from scratch and only enabled that site: ---8<--- ServerAdmin a...@deuxchevaux.org ServerName ….deuxchevaux.org ManagedDomain ….deuxchevaux.org # Requires libapache2-mod-md ≥ 0.9.4 #MDRequireHttps temporary DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined <VirtualHost *:80> Protocols h2 h2c http/1.1 </VirtualHost> <IfModule mod_ssl.c> <VirtualHost *:443> Protocols h2 http/1.1 SSLEngine on </VirtualHost> </IfModule> --->8--- "apache2ctl configtest" said that everything is fine: "Syntax OK". Upon "service apache2 restart" I though got the following lines in the error.log: ---8<--- [Sat Sep 30 18:39:45.407137 2017] [ssl:emerg] [pid 4976:tid 1995292672] AH02572: Failed to configure at least one certificate and key for …. deuxchevaux.org:443 [Sat Sep 30 18:39:45.407356 2017] [ssl:emerg] [pid 4976:tid 1995292672] SSL Library Error: error:02001002:system library:fopen:No such file or directory (fopen('/etc/apache2/md/domains/….deuxchevaux.org/privkey.pem ','r')) [Sat Sep 30 18:39:45.407449 2017] [ssl:emerg] [pid 4976:tid 1995292672] SSL Library Error: error:2006D080:BIO routines:BIO_new_file:no such file [Sat Sep 30 18:39:45.407621 2017] [ssl:emerg] [pid 4976:tid 1995292672] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned [Sat Sep 30 18:39:45.407675 2017] [ssl:emerg] [pid 4976:tid 1995292672] AH02312: Fatal error initialising mod_ssl, exiting. AH00016: Configuration Failed --->8--- According to https://github.com/icing/mod_md/wiki/2.4.x-Installation, this module needs either Apache 2.5/2.6 (not yet in Debian) or a patched Apache 2.4, otherwise I'd get the AH02572 error message and an SSL Library Error. Which I got, see above. So I checked apache2's changelog.Debian.gz for inclusion of such a patch but found none. I also checked https://bugs.debian.org/src:apache2 for an according request to include such a patch, but haven't found any either. So I assume that libapache2-mod-md is currently not usable at all with plain Debian unstable. -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 'stable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental') Architecture: armhf (armv7l) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages libapache2-mod-md depends on: ii apache2-bin [apache2-api-20120211] 2.4.27-6 ii libapr1 1.6.2-1 ii libaprutil1 1.6.0-2 ii libc6 2.24-17 ii libcurl3-gnutls 7.55.1-1 ii libjansson4 2.10-1 ii libssl1.1 1.1.0f-5 libapache2-mod-md recommends no packages. libapache2-mod-md suggests no packages. -- no debconf information -- Ondřej Surý <ond...@sury.org>