Bug#877341: libapache2-mod-md: Doesn't seem to work at all: "AH02572: Failed to configure at least one certificate and key" (seems to require a patched version of mod_ssl / apache2)

Axel Beckert Sat, 30 Sep 2017 10:30:33 -0700

Package: libapache2-mod-md
Version: 0.9.0-1
Severity: grave

Dear Ondřej,


I've installed libapache2-mod-md on a machine (Raspberry Pi) running
Debian Unstable where apache2 was already installed.

I've disabled all previous site configurations and wrote a new site
configuration from scratch and only enabled that site:

---8<---
ServerAdmin a...@deuxchevaux.org
ServerName ….deuxchevaux.org
ManagedDomain ….deuxchevaux.org

# Requires libapache2-mod-md ≥ 0.9.4
#MDRequireHttps temporary

DocumentRoot /var/www/html

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

<VirtualHost *:80>
    Protocols h2 h2c http/1.1
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    Protocols h2 http/1.1

    SSLEngine on
</VirtualHost>
</IfModule>
--->8---

"apache2ctl configtest" said that everything is fine: "Syntax OK".

Upon "service apache2 restart" I though got the following lines in the
error.log:

---8<---
[Sat Sep 30 18:39:45.407137 2017] [ssl:emerg] [pid 4976:tid 1995292672] 
AH02572: Failed to configure at least one certificate and key for 
….deuxchevaux.org:443 
[Sat Sep 30 18:39:45.407356 2017] [ssl:emerg] [pid 4976:tid 1995292672] SSL 
Library Error: error:02001002:system library:fopen:No such file or directory 
(fopen('/etc/apache2/md/domains/….deuxchevaux.org/privkey.pem','r')) 
[Sat Sep 30 18:39:45.407449 2017] [ssl:emerg] [pid 4976:tid 1995292672] SSL 
Library Error: error:2006D080:BIO routines:BIO_new_file:no such file 
[Sat Sep 30 18:39:45.407621 2017] [ssl:emerg] [pid 4976:tid 1995292672] SSL 
Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no 
certificate assigned 
[Sat Sep 30 18:39:45.407675 2017] [ssl:emerg] [pid 4976:tid 1995292672] 
AH02312: Fatal error initialising mod_ssl, exiting. 
AH00016: Configuration Failed 
--->8---

According to https://github.com/icing/mod_md/wiki/2.4.x-Installation,
this module needs either Apache 2.5/2.6 (not yet in Debian) or a patched
Apache 2.4, otherwise I'd get the AH02572 error message and an SSL
Library Error. Which I got, see above.

So I checked apache2's changelog.Debian.gz for inclusion of such a patch
but found none. I also checked https://bugs.debian.org/src:apache2 for
an according request to include such a patch, but haven't found any
either.

So I assume that libapache2-mod-md is currently not usable at all with
plain Debian unstable.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'unstable-debug'), (500, 
'buildd-unstable'), (500, 'stable'), (1, 'experimental-debug'), (1, 
'buildd-experimental'), (1, 'experimental')
Architecture: armhf (armv7l)

Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C:en 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libapache2-mod-md depends on:
ii  apache2-bin [apache2-api-20120211]  2.4.27-6
ii  libapr1                             1.6.2-1
ii  libaprutil1                         1.6.0-2
ii  libc6                               2.24-17
ii  libcurl3-gnutls                     7.55.1-1
ii  libjansson4                         2.10-1
ii  libssl1.1                           1.1.0f-5

libapache2-mod-md recommends no packages.

libapache2-mod-md suggests no packages.

-- no debconf information

Bug#877341: libapache2-mod-md: Doesn't seem to work at all: "AH02572: Failed to configure at least one certificate and key" (seems to require a patched version of mod_ssl / apache2)

Reply via email to