I have found the reason and a solution to this problem: The list of vsites is missing from the end of /etc/httpd/conf/httpd.conf but replacing them still doesn't fix the problem.
I had to add both mod_perl and mod_ssl to the httpd.conf list of LoadModules, although I'm certain this could be done by changing the load order. So to summarise: Edited httpd.conf, added below the list of modules: LoadModule perl_module modules/mod_perl.so LoadModule ssl_module modules/mod_ssl.so Appended the conf.d and vhost includes to the end of the file (using a directory list in /etc/httpd/conf/vhosts for the number range): Include conf.d/*.conf Include /etc/httpd/conf/vhosts/site1 Include /etc/httpd/conf/vhosts/site2 Include /etc/httpd/conf/vhosts/site3 Include /etc/httpd/conf/vhosts/site4 Include /etc/httpd/conf/vhosts/site5 Include /etc/httpd/conf/vhosts/site6 Include /etc/httpd/conf/vhosts/site7 Include /etc/httpd/conf/vhosts/site8 Include /etc/httpd/conf/vhosts/site9 Include /etc/httpd/conf/vhosts/site10 Include /etc/httpd/conf/vhosts/site11 Include /etc/httpd/conf/vhosts/preview If a fix is rolled out via YUM, can the fact these files have been manually edited to get httpd running again be taken into consideration or more downtime may occur. -----Original Message----- From: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] On Behalf Of Richard Morgan :: Morgan Web Sent: 02 March 2018 10:12 To: 'BlueOnyx General Mailing List' Subject: [BlueOnyx:21789] Re: Strange SSL Error Hi This morning I've been greeted with httpd failing. When I try and start httpd I get the following message: # service httpd start Starting httpd: Syntax error on line 998 of /etc/httpd/conf/httpd.conf: Invalid command 'PerlConfigRequire', perhaps misspelled or defined by a module not included in the server configuration [FAILED] Looking at /var/log/yum.log shows updates to apache at 06:02 this morning so I believe it to be related to the changes for the SSL/SNI problems that were addressed recently. I have tried disabling SSL and re-enabling it. We're not using Let's Encrypt for the sites. Is anyone else experiencing this problem and know of a fix. It would be appreciated as the server is offline. Thanks, Richard -----Original Message----- From: Blueonyx [mailto:blueonyx-boun...@mail.blueonyx.it] On Behalf Of Michael Stauber Sent: 01 March 2018 19:12 To: blueonyx@mail.blueonyx.it Subject: [BlueOnyx:21787] Re: Strange SSL Error Hi Michael, > On all my servers recently I have had a problem where all the SSL > sites will stop working. They seem to be redirecting to another site > on the server but the user just gets an invalid certificate error. > > I tried restarting but that did not work. I have to click into each > site, go to the Web settings and click save. Then that site works. > This must be done for all sites. Has anyone else seen this? Any ideas > how to fix it? I received reports about this from another client a few days ago and we looked into it together. We weren't really certain what caused it and bit by bit we checked off what could have caused it. We're falling into one of the culprits of SNI when we have multiple Vsites with SSL on the same IP. If SSL is not working for site B, we get shown the SSL certificate of site A instead, causing the certificate mismatch. The underlying problem appears to be related to automated LE-cert renewals. Meaning: The problem usually only starts to manifest itself after an auto-renewal of an LE cert. When we checked the certs were OK, the paths to the certs in the siteX VirtualHost containers were correct, yet toggling SSL off and back on for the Vsite in question seemed to solve the issue, whereas an Apache restart did sometimes not solve it. I published a set of YUM updates for 5207R/5208R/5209R this morning which ties into base-apache and base-ssl to improve SSL handling. You may not yet have these. I'm not saying these updates fix the problem altogether, as the exact cause is still a bit muddy. But it should help. If it happens to you, please do the following to help with the diagnostics. Check *which* SSL certificate was offered to you instead of the correct one. - Version of BlueOnyx? 5207R/5208R or 5209R? - Was it the AdmServ SSL certificate (fqdn of the server)? - Was it the SSL cert of another Vsite on the same IP? - If so, was that the first Vsite on that IP? - Does a httpd restart fix it or did you need to enable/disable SSL? You can also go to one of the two URLs below and scan the faulty domain to get more info about the certificate that was shown: https://sslanalyzer.comodoca.com/ https://www.ssllabs.com/ssltest/index.html Then pass that information to me either here or or by email or support ticket. -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx