httpd currently fails to serve over TLS if the certificate file specified in httpd.conf contains an intermediate certificate ahead of the site's certificate. httpd still starts with no error indication (with rcctl) but `httpd -d` shows:
server_tls_init: failed to configure tls - failed to load private key I think this may be due to a fingerprint mismatch between the pub/private key on the server and the first cert found in the certfile (the intermediate in my case). No error is reported in error.log, and if this failure is indeed intended functionality, perhaps we should log an error as I imagine a lot of people will run into this. I'm getting this problem on the server at https://ce.gl with the compound certfile pasted below. I'm running the latest snapshot as of this mail. -----BEGIN CERTIFICATE----- MIIEtTCCA52gAwIBAgIQSOmUQNQ2SRy4uII9CUOUxzANBgkqhkiG9w0BAQsFADCB mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv cml0eSAtIEczMB4XDTE0MDYxMDAwMDAwMFoXDTI0MDYwOTIzNTk1OVowRzELMAkG A1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xIDAeBgNVBAMTF1JhcGlk U1NMIFNIQTI1NiBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAxJVjKNBOMEWvi5c0FEX4XFhK+jOObpxgq/OG/zR0siu+oYzVoqNgekC54fwi yme6YKrHmvkGf+73uoUFsAP/cq4VQUqYZNcXS1TvBcaYB5MnPk/cD8Z7i+fzBl6N 6LSuKbQeHi0WkNPqqueMO22vNln/xQr6x0y9NotkxEr1zjP5B75/RZCoCBSw0KVP 34KA2hvuwxOwmPUP+X52tea5XWi5XFCQiaQ2sXAW6rEQtWp23+G7/HjycpnPyaLU c1R3v8A5d+WuEsV4WhlF1EEZ03z1b5lr14u8LQmdSxBhwNpSw68iQ8brN35jdDAN anGO3l1bisjF15sp6K62JWGB6wIDAQABo4IBSTCCAUUwLgYIKwYBBQUHAQEEIjAg MB4GCCsGAQUFBzABhhJodHRwOi8vZy5zeW1jZC5jb20wEgYDVR0TAQH/BAgwBgEB /wIBADBMBgNVHSAERTBDMEEGCmCGSAGG+EUBBzYwMzAxBggrBgEFBQcCARYlaHR0 cDovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL2NwczA2BgNVHR8ELzAtMCug KaAnhiVodHRwOi8vZy5zeW1jYi5jb20vR2VvVHJ1c3RQQ0EtRzMuY3JsMA4GA1Ud DwEB/wQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRU3ltYW50ZWNQS0kt MS02OTcwHQYDVR0OBBYEFEz0v+g7vsIk8xtHO7VuSI4Wq68SMB8GA1UdIwQYMBaA FMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IBAQB6U7Xetu9S o1+K9YnxQsxeRoiupQiHUd4PDwLrDIJ443N9cb1D6cqKP+AlkpszM3RJXgDZcxQc C0Z2HIoNTYxsfkv3YNiBeKB40CViqxDKIugcGd1Sg2QF5Ydmrud6pDs+2HB6dqJn OdTJ+uW3HkHiCTmIHBhVCsRBr7Lz8w9CFGF0gePah1qaTYvTyY+JZhMpEeT/4t+O lgxaoaprm/38AztVDaaiJUgXH0Ko2mx+aW6g32fSbfQOahJ59XzIpTIcxDGy5ruo a2qiimBpwFd9svIxDJhlMuwIWs7GmOkhlz8seSkD9faUK1Mx85NoV+HXTzrRYaFg zrmrmK41VGOL -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIHSzCCBjOgAwIBAgIQW67ZVzRyTffPhd2TF72dcTANBgkqhkiG9w0BAQsFADBC MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS UmFwaWRTU0wgU0hBMjU2IENBMB4XDTE2MDgxOTAwMDAwMFoXDTE5MDgxOTIzNTk1 OVowEDEOMAwGA1UEAwwFY2UuZ2wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQC9DlvOyoljoevhSYkW7F0IctgaS2mFln0shcuKwF4Lp2U0bWygE9FuxZZe fEDGlQv+6SPchoyHJxtMNB4zZ53exud+aXWfXyP85J7f2dvuzxlpiqKSU8TV1dKv hzrPP9tKN5BAjfNjKtzSkPQbBb313BR+sIGj4pVRZlce25y6v4d1tXRbDN+lNf94 6DlMLMwAejwW8BT7HhgjN2y/kotrZc6dh/jAScbUCs+sW14bVX6z0H01mWomtnn1 7CmNnIGqzVF4ZYVeJwa7hKRnkPh3uZbV1eZLGME6qYyIw6Ip77GxP2Cq4UDrO6Cl ZcS0IyUfNo6bUwVKDUdCE5RxvCXoO1dD5Tnp7NEjntXv+bLxnYTCTWyStE6Lunn3 dgaUjAgrCMFX5EmlvKusVa/LjSibvgdWlJSV4LN+WpGuvcGWWIh/NLs1MdGxgQ8J JJPUD/JTOBwofvs0x9/JrQH0bHKri72kWtCj0Ldtt4z25J/w5YcVkyNsYGykzccu 0lnz7jVWJMCpVOP0mcuu3tElsK9NtEtFmpItPeSoneq7Fuer7fIFr0vl7Um3RsHi RmWdRE1o/+9YeC3mLmCZAdX+Vr9tUYZs/HZA7YxtPh4ulCqqq4VF9mPkEN22ugAG A2W4aSoV7eTn9VauYtszncw0ga2huYAHWn+DfUbKfE0xywezDwIDAQABo4IDbTCC A2kwGwYDVR0RBBQwEoIFY2UuZ2yCCXd3dy5jZS5nbDAJBgNVHRMEAjAAMCsGA1Ud HwQkMCIwIKAeoByGGmh0dHA6Ly9ncC5zeW1jYi5jb20vZ3AuY3JsMG8GA1UdIARo MGYwZAYGZ4EMAQIBMFowKgYIKwYBBQUHAgEWHmh0dHBzOi8vd3d3LnJhcGlkc3Ns LmNvbS9sZWdhbDAsBggrBgEFBQcCAjAgDB5odHRwczovL3d3dy5yYXBpZHNzbC5j b20vbGVnYWwwHwYDVR0jBBgwFoAUl8InUJ7CyewMiDLIfK3ipgFP2m8wDgYDVR0P AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBXBggrBgEF BQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9ncC5zeW1jZC5jb20wJgYIKwYB BQUHMAKGGmh0dHA6Ly9ncC5zeW1jYi5jb20vZ3AuY3J0MIIB9gYKKwYBBAHWeQIE AgSCAeYEggHiAeAAdQDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAA AVag+RhOAAAEAwBGMEQCIFiBRHgUzAy64XjT5bpJHwktFi48C7KiXukD/Grc0YSQ AiBN+6wQkrsiJ6Y+dvsAW3uNIr55ukslWvpWyXBealLmpAB3AKS5CZC0GFgUh7sT osxncAo8NZgE+RvfuON3zQ7IDdwQAAABVqD5Gg0AAAQDAEgwRgIhAKrbjgn2rp4Z A9xsflPrPdc//Lo8EVKgK7NhY01qrH8nAiEA5/xngKESqWXbUAjtAKr/rp7Gx67H 9l7zxskMqSSjYSkAdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAA AVag+RoYAAAEAwBHMEUCIQCI5YuEx9Ncp3XRuvG86YjHuJt3owGb7objrT406HqA GgIgKD+/uXZrvGCeUO6WWMQ11JqXVaMKa5x564U1UHDDgboAdgDuS723dc5guuFC aR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAVag+RznAAAEAwBHMEUCIQDQJEPmjKq9 xrYN8DK5N9v20GBt1Ew5qEa/KbFImShG+QIgGmLKCwOYRPbJ96Cyn6p3VRGBrOLy xPYFypeaPd2iE5wwDQYJKoZIhvcNAQELBQADggEBAIv9q86HrAvTl1EcjZRMWJPc es7HP91xh6Dk3J/jTtvd7FRNo33lv2jwW+7C0UaZBY5hREdfw7pysXehwXFv4hlE +eHS5PkSRep/xIFw656JTceP8BDBwkWnaq6A9Gj9zHpis6c/CcV/99JZWDsdbdOY qJnjm+LviYeSIdDZSDX5U8b8EZNTxuRvrNaUBWHLQ7UIlE1txAqkBZlJkolpe3Ca tGQ9g2iOExUWqseKfWW/8DjA3yGr6Nz3aNjc+E7mRCN0TMZ6/OfTGdW7FgDKtFA1 dSHL84J9uCwHY0GwO0TS15ibXFKgDdA1uACYIpacEJjBQtZ8pmv+E7twjyM73GQ= -----END CERTIFICATE-----