[Eisfair] Apache certs_dehydrated Problem nach Reboot
Dirk Alberti
Howy-1 at gmx.de
So Mai 14 07:46:48 CEST 2017
Hallo zusammen,
nach Reboot wegen Kernelupdate auf 3.1.2 (bisher alles Ok) startete der
Apache nicht mehr, wegen Problem mit SSL.
[Sun May 14 07:20:34.456694 2017] [ssl:error] [pid 29157] AH02579: Init:
Private key
not found
[Sun May 14 07:20:34.456735 2017] [ssl:error] [pid 29157] SSL Library
Error: error:0D
0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun May 14 07:20:34.456817 2017] [ssl:error] [pid 29157] SSL Library
Error: error:0D
08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Sun May 14 07:20:34.456833 2017] [ssl:error] [pid 29157] SSL Library
Error: error:0D
0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun May 14 07:20:34.456848 2017] [ssl:error] [pid 29157] SSL Library
Error: error:0D
07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Sun May 14 07:20:34.456862 2017] [ssl:error] [pid 29157] SSL Library
Error: error:04
093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Sun May 14 07:20:34.456875 2017] [ssl:error] [pid 29157] SSL Library
Error: error:0D
0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sun May 14 07:20:34.456890 2017] [ssl:error] [pid 29157] SSL Library
Error: error:0D
07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
(Type=PKCS8_PRIV_KEY
_INFO)
[Sun May 14 07:20:34.456926 2017] [ssl:emerg] [pid 29157] AH02564:
Failed to configur
e encrypted (?) private key ******.no-ip.biz:443:0, check
/usr/local/ssl/certs/apac
he.pem
Also ich habe daraus gelesen, dass er den Private Key nicht findet.
Erst ein Aufruf und Abspeichern des Setup von certs_dehydrated brachte
die Lösung:
version: v0.92.1
creating domains.txt file ...
creating well-known configuration ...
creating certs_dehydrated configuration ...
creating index.html file ...
creating files/links required by eisfair ...
+ domain '*******.no-ip.biz':
- link '/usr/local/ssl/csr/******.no-ip.biz.csr' created/updated.
- link '/usr/local/ssl/private/******.no-ip.biz.key' created/updated.
- link '/usr/local/ssl/newcerts/******.no-ip.biz.crt' created/updated.
- file '/usr/local/ssl/newcerts/******.no-ip.biz.dh' exists.
- file '/usr/local/ssl/certs/******.no-ip.biz.pem' created.
checking symbolic links to certificate ...
+ domain '******.no-ip.biz':
- link 'apache.pem' ok.
- link 'exim.pem' ok.
- link 'imapd.pem' ok.
- link 'ipop3d.pem' ok.
- link 'mini_httpd.pem' ok.
- link 'pure-ftpd.pem' ok.
looking for dead symbolic link to certificate files ...
adding cronjob ...
creating logrotate configuration ...
Creating Apache2 configuration ...
usermod: no changes
activating modules...
done activating modules
* Disabling subversion WebDAV access ...
requesting/updating certificate(s) ...
# INFO: Using main config file /etc/dehydrated/config
Processing ******.no-ip.biz
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
+ Valid till Aug 5 10:16:00 2017 GMT (Longer than 30 days). Skipping
renew!
finished.
Und ab dann lief auch der Apache wieder...
Was läuft da quer? Am Kernelupdate dürfte es ja wohl kaum liegen.
Vielleicht liegts auch an den Basteleien und Tests mit dem Certs-Paket,
die ich in den letzten Tagen mit Jürgen Edner durchgezogen habe. Doch an
certs_dehydrated haben wir ja nichts verändert bzw. in den Certs-Ordnern
"gewildert"...
Gruß
Dirk
Mehr Informationen über die Mailingliste Eisfair