Re: 2.2.19 (and probably earlier) won't let you make non-ssl vhosts on 443?
Am 26.05.2011 11:10, schrieb Issac Goldstand: > I just upgraded a machine from 2.2.8 to 2.2.19 and suddenly Apache > wouldn't let me run non-SSL vhosts on port 443. A snippet like below: > > > DocumentRoot /home/foo/httpdocs > ServerName foo > > allow from all > Options +Indexes > > > > Suddenly caused the following fatal startup error to be logged: > [error] Server should be SSL-aware but has no certificate configured > [Hint: SSLCertificateFile] ((null):0) > > Was this an intentional decision made some while ago that I just didn't > know about or is it a bug? > > (I'd personally only expect to see that with an explicit SSLEngine On > and no certificate/key files configured) 443 == https why anybody should use it for http? there are thousands of other ports (81, 82, 83, 8080...) signature.asc Description: OpenPGP digital signature
Re: 2.2.19 (and probably earlier) won't let you make non-ssl vhosts on 443?
On 26/05/2011 12:16, Reindl Harald wrote: > > Am 26.05.2011 11:10, schrieb Issac Goldstand: >> I just upgraded a machine from 2.2.8 to 2.2.19 and suddenly Apache >> wouldn't let me run non-SSL vhosts on port 443. A snippet like below: >> >> >> DocumentRoot /home/foo/httpdocs >> ServerName foo >> >> allow from all >> Options +Indexes >> >> >> >> Suddenly caused the following fatal startup error to be logged: >> [error] Server should be SSL-aware but has no certificate configured >> [Hint: SSLCertificateFile] ((null):0) >> >> Was this an intentional decision made some while ago that I just didn't >> know about or is it a bug? >> >> (I'd personally only expect to see that with an explicit SSLEngine On >> and no certificate/key files configured) > 443 == https > > why anybody should use it for http? > there are thousands of other ports (81, 82, 83, 8080...) > Maybe they have some sort of funky config where something in front of Apache is doing the SSL, and for some odd reason it's important for them for the vhost to run on 443 regardless. People have funny ideas sometimes. I'm not saying that it's intelligent thinging, but regardless the point is that it breaks compatibility of config files inside the same minor version of Apache which is... not so good. Issac
Re: 2.2.19 (and probably earlier) won't let you make non-ssl vhosts on 443?
On 26.05.2011 11:10, Issac Goldstand wrote: > I just upgraded a machine from 2.2.8 to 2.2.19 and suddenly Apache > wouldn't let me run non-SSL vhosts on port 443. A snippet like below: > > > DocumentRoot /home/foo/httpdocs > ServerName foo > > allow from all > Options +Indexes > > > > Suddenly caused the following fatal startup error to be logged: > [error] Server should be SSL-aware but has no certificate configured > [Hint: SSLCertificateFile] ((null):0) > > Was this an intentional decision made some while ago that I just didn't > know about or is it a bug? > > (I'd personally only expect to see that with an explicit SSLEngine On > and no certificate/key files configured) Could it be this entry from the 2.2.12 changelog: *) Set Listen protocol to "https" if port is set to 443 and no proto is specified (as documented but not implemented). PR 46066 [Dan Poirier ] Regards, Rainer
RE: 2.2.19 (and probably earlier) won't let you make non-ssl vhosts on 443?
> -Original Message- > From: Rainer Jung [mailto:rainer.j...@kippdata.de] > Sent: Donnerstag, 26. Mai 2011 11:43 > To: dev@httpd.apache.org > Cc: us...@httpd.apache.org > Subject: Re: 2.2.19 (and probably earlier) won't let you make > non-ssl vhosts on 443? > > On 26.05.2011 11:10, Issac Goldstand wrote: > > I just upgraded a machine from 2.2.8 to 2.2.19 and suddenly Apache > > wouldn't let me run non-SSL vhosts on port 443. A snippet > like below: > > > > > > DocumentRoot /home/foo/httpdocs > > ServerName foo > > > > allow from all > > Options +Indexes > > > > > > > > Suddenly caused the following fatal startup error to be logged: > > [error] Server should be SSL-aware but has no certificate configured > > [Hint: SSLCertificateFile] ((null):0) > > > > Was this an intentional decision made some while ago that I > just didn't > > know about or is it a bug? > > > > (I'd personally only expect to see that with an explicit > SSLEngine On > > and no certificate/key files configured) > > Could it be this entry from the 2.2.12 changelog: > > *) Set Listen protocol to "https" if port is set to 443 and > no proto is > specified (as documented but not implemented). PR 46066 > [Dan Poirier ] > Yes thats it: http://svn.apache.org/viewvc?view=revision&revision=727769 You should use Listen a.b.c.d:443 http instead of Listen a.b.c.d:443 to fix this. Regards Rüdiger
Re: 2.2.19 (and probably earlier) won't let you make non-ssl vhosts on 443?
On Thursday 26 May 2011, Plüm, Rüdiger, VF-Group wrote: > > > Suddenly caused the following fatal startup error to be logged: > > > [error] Server should be SSL-aware but has no certificate > > > configured [Hint: SSLCertificateFile] ((null):0) > > Could it be this entry from the 2.2.12 changelog: > > *) Set Listen protocol to "https" if port is set to 443 and > > > > no proto is > > > > specified (as documented but not implemented). PR 46066 > > [Dan Poirier ] > Yes thats it: > http://svn.apache.org/viewvc?view=revision&revision=727769 > > You should use > > Listen a.b.c.d:443 http > > instead of > > Listen a.b.c.d:443 > > to fix this. The error handling really sucks. For example, Listen 443 # nothing about ssl here ... gives the above message. Note the "((null):0)" at the end which should be config filename and line number. Adding "SSLEngine off" to the vhost still causes the same error, but this time with filename/line number. Adding SSLCertificateFile+SSLCertificateKeyFile to the vhost, but ommiting "SSLEngine" changes the message to "ops, no RSA, DSA or ECC server certificate found for 'localhost:0'?!" Which is plain wrong, because the server does have a certificate. And port 0, seriously? Does anyone have some spare cycles to improve this? Cheers, Stefan
