httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted To <...@theo.to>
Subject Re: [users@httpd] Apache serving up default certificate for certain domains
Date Sun, 17 Jan 2016 17:45:52 GMT
Fixed it -- I commented out the <VirtualHost
_default_:443>...</VirtualHost> section of /etc/httpd/conf.d/ssl.conf
and it is now working again.

On 01/17/2016 11:48 AM, Ted To wrote:
> So in looking at the differences between ssl.conf and ssl.conf.rpmnew,
> in addition to my own additions for selecting cipher suites, etc, I see:
> 
> 92c80
> < SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
> ---
>> SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
> 
> where the 2nd line is from ssl.conf.rpmnew.  Could the fact that
> ":!SEED:!IDEA" is missing from my ssl.conf be causing this problem?
> 
> On 01/17/2016 11:36 AM, Ted To wrote:
>> So having run httpd -S, I can see that for port 443,
>>
>>          default server theo.to (/etc/httpd/conf.d/ssl.conf:68)
>>
>> shows up (which is not right) but then shows up again:
>>
>>          port 443 namevhost theo.to
>> (/etc/httpd/sites-enabled/theo.to.conf:7)
>>                  alias www.theo.to
>>
>> Looking in /etc/httpd/conf.d, I see that there is an ssl.conf.rpmnew.
>> Do I need to merge in changes from the new default configuration?
>>
>> Thanks,
>> Ted
>>
>> On 01/16/2016 07:44 PM, Yehuda Katz wrote:
>>> Maybe the updated openssl doesn't like something about your certificates.
>>>
>>> Does Apache have any warnings or notices when it starts up?
>>> Try running httpd -S which lists all the vhosts Apache has and see if it
>>> matches what you expect.
>>> You may also see the errors from that command (tested on RHEL 7 - not
>>> quite the same as Centos, but should be pretty close).
>>>
>>> - Y
>>>
>>> On Sat, Jan 16, 2016 at 3:18 PM, Ted To <ted@theo.to
>>> <mailto:ted@theo.to>> wrote:
>>>
>>>     Hi,
>>>
>>>     Up until roughly a week ago, my VPS web server was working properly.
>>>     From what I can see, the only change is that nss, nss-tools, openssl and
>>>     gnutls were updated.  On Monday, Jan 11, I noticed that I was getting an
>>>     SSL error when running "svn up".  When trying to open the url in a web
>>>     browser, the page would not open but I could open it with w3m by
>>>     accepting the certificate -- I was directed to the default CentOS apache
>>>     start page.  The strange thing is that it only happens for a minority of
>>>     my domains/subdomains.
>>>
>>>     I am running Apache 2.4.6 on a Centos 7 box.
>>>
>>>     Any thoughts/suggestions for what could be going on here?
>>>
>>>     Thanks in advance!
>>>
>>>     Ted To
>>>
>>>     ---------------------------------------------------------------------
>>>     To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>     <mailto:users-unsubscribe@httpd.apache.org>
>>>     For additional commands, e-mail: users-help@httpd.apache.org
>>>     <mailto:users-help@httpd.apache.org>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message