I'm currently running 2.2.11-r2, and everything is working fine. When I upgrade to apache-2.2.14-r1, it refuses to start. This shows up in the logs: [info] Init: Seeding PRNG with 1160 bytes of entropy [info] Loading certificate & private key of SSL-aware server [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0) The certificates, of course, exist and are valid. Portage emits a warning about the SSL directory, but it shouldn't apply in this case. From elog: The location of SSL certificates has changed. If you are upgrading from www-servers/apache-2.2.13 or earlier (or remerged *any* apache version), you might want to move your old certificates from /etc/apache2/ssl/ to /etc/ssl/apache2/ and update your config files. However, I'm not using the default server.crt/key provided by Gentoo, and so my SSLCertificateFile directives are all still correct. Strace shows that they're being loaded: stat64("/etc/apache2/ssl/wildcard.michael.orlitzky.com /wildcard.michael.orlitzky.com.crt", {st_mode=S_IFREG|0400, st_size=1684, ...}) = 0 stat64("/etc/apache2/ssl/wildcard.michael.orlitzky.com /wildcard.michael.orlitzky.com.key", {st_mode=S_IFREG|0400, st_size=1679, ...}) = 0 I have even tried copying and symlinking those two directories together, in case the new path was hard-coded somewhere. No luck.
I had a similar problem. Mine was a configuration error. I had "Listen myhost.com:443" set for my SSL vhost, which is no longer valid. I changed it to "Listen 443" and it works again.
It works in apache-2.2.11-r2, and not in apache-2.2.14-r1. I can switch back and forth to cause/resolve the issue without touching the configs.
I have similar problem, after disabling SSL and VHOST SSL I can start it for non SSL vhosts (I am only using vhosts)
Same problem here for me
So can we upgrade this to major again? Assuming we're not hallucinating, it's a pretty big deal when apache doesn't start. At the very least, your sites are down while 2.2.11-r2 recompiles.
Just downgraded to 2.2.11-r2 and everything works again. even left ssl keys at new location /etc/ssl/apache2 so yes, i think I'm not hallucinating and this is a major bug
Alright, marking it major again.
As far as i can tell from here it's not a major bug, it's more like a major "need to fix all ssl vhosts we use". We ran into the same problem and thought it's a bug. It seems it's caused (at least in our case) by the ssl-cert-per-site support apache has. Some friends reported so far it used to be a USE flag called sni which could be or not be activated for apache. 2.2.14-r1 does not have sni as a possible USE flag. So, our fix was to let the SSL directives into the 00_default_ssl_vhost.conf, and add in the VirtualHosts in the other .conf file the lines: SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/ssl/apache2/server.crt SSLCertificateKeyFile /etc/ssl/apache2/server.key (we also use the following, dunno if it's critical for the setup to work: SSLOptions StrictRequire SSLProtocol all -SSLv2) Now, just like by magic, it works, all sites are up. Hope this helps.
Thanks for this info. I had a VirtualHost *.443 in another my.conf file, which presented the actual problem. Moving this virtual host to 00_default_ssl_vhost.conf solved the problem. Adding the SSL* lines to my.conf should also work. Seems this is not a bug in apache? It just requires the SSL* now for every virtual host?
It seems so. According to the apache changelog for version 2.2.12, they added the following: "mod_ssl: Add server name indication support (RFC 4366) and better support for name based virtual hosts with SSL. PR 34607" It contains the former sni USE flag in the description (server name indication), so i guess this was the first version that requires all the SSL* lines specified per SSL vhost. RFC 4366 is exactly about this (see chapter 3.1. Server Name Indication). PR 34607 is also about sni (support in Apache 2.3 backported to 2.2.x): https://issues.apache.org/bugzilla/show_bug.cgi?id=34607 Maybe this change should get in the eselect news to spare the admins the time to google for a fix or downgrade to 2.2.11.
In my case, all of the vhosts were configured correctly before the upgrade. However, I had some SSL configuration being performed outside of a vhost, i.e. as defaults at the top level. After the upgrade, apache would refuse to start if anything containing SSL configuration directives did not have a certificate assigned to it. My top-level defaults didn't have a certificate, because any request will be caught by *some* vhost, and the vhosts do have certificates. What's worse, apache crashes when I attempt to assign a certificate at the top level (I don't know if this is new behavior or not, since the certificate was never needed before). Ultimately, I had to move all of my top-level configuration in to the individual vhosts to get it going again.
this is clearly a configuration error
For info, I had the same issue and found one or both of the following resolved the issue: Change all Listen {IP address / hostname}:443 to Listen 443 (most likely fix) Move SSL certificates from /etc/apache2/ssl/* to /etc/ssl/apache2/* (the new preferred location according to the post install notes)
