Red Hat Bugzilla – Bug 80133
apacheconf SSL hard to debug requires manual editing of config file
Last modified: 2015-03-04 20:11:47 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003
Description of problem:
Ok, I see I should upgrade to 8.0 and use redhat-config-httpd.
Maybe all this is fixed there... If not,
* apacheconf doesn't have a way to start over from scratch.
(other than erasing and reinstalling the rpm).
* It doesn't have a way to switch between various configurations.
* Documents (except the man page) don't mention the alchemist files
or explain _where_ the configuration data is remembered or even
state clearly that the config file is _not_ parsed.
* loglevel changes didn't appear in the config file.
I tried to set up a webserver serving SSL with a locally generated
certificate. It took a _LONG_ time (8 hours), because I ran into
two unilluminating error messages.
First, I got failure to start apache, and the log said
Hint: SSLCertificateFile. There was such an entry, in
the <VirtualHost _default_:443> section (right after
## SSL Virtual Host Context
), but I needed one farther down, after the
# Virtual hosts
section. I also needed a SSLCertificateKeyFile entry.
This was not easy to figure out. I did it by googling for
the error message, and by reading the source code.
After I got that fixed (by editing the config file), apache
would start up, but immediately exited with
[crit] (98)Address already in use: make_sock: could not bind to port 443
This was caused by the presence of two "Listen 443" statements
in the file. The one after the comment "Apache will only listen on port 80 by
default" needed to be removed. This was also not easy to figure out.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. clear apacheconf by erasing and reinstalling it (how else?)
2. rpm -e apacheconf; rpm -ivh apacheconf-0.8.2-2.noarch.rpm
3. run apacheconf (Is there a way to make it record everthing
that was done?). It comes up with default settings.
4. Select virtual server, SSL, enable SSL, OK, Ok (alert
server name cannot be blank), enter server name, Ok, Ok to exit,
Ok to overwrite config.
5. start httpd. (it fails)
6. edit config file to insert second set of SSLCertificate... entries.
7. it comes up and runs. But if I do what the customization guide
says, I get two Listen 443 statements and it fails.
8. stop httpd, run apacheconf, select "all available addresses on port 80",
click "edit", change 80 to 443, click Ok, Ok, Ok save and exit, Ok overwrite,
edit the conf file again to add the missing SSLCertificate entries.
9. start httpd, get status: "httpd dead but subsys locked"
examine log: [crit] (98)Address already in use: make_sock: could not bind to
Actual Results: Only one "SSLCertificateFile" and "...KeyFile" entry.
Two "Listen 443" entries. (well, with the above instructions,
I got only one, because I didn't change the default from 80
to 443 -- but the RedHat customization guide said I should
add a port 443.)
Expected Results: Two "SSLCertificateFile" and "...KeyFile" entries. Is the
Only one "Listen 443" entry.
*** httpd.conf Fri Dec 20 07:27:53 2002
--- httpd.conf~ Fri Dec 20 07:24:59 2002
*** 732,739 ****
- SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
- SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
Reassinging to r-c-h and myself.
Read ya, Phil
Most of the SSL stuff should be fixed in the lastest rawhide version.
Read ya, Phil