1 (edited by castea.webdev 2014-04-04 06:22:05)

Topic: my apache2 cannot start with default-ssl.conf included

==== Required information ====
- iRedMail version:  iRedMail-0.8.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL Initially, then MariaDB
- Linux/BSD distribution name and version:  Ubuntu Kylin 14.04
- Related log if you're reporting an issue:
====
I installed the latest  iRedMail-0.8.6. Every thing is running smoothly, even when I install mariadb which replace mysql, apache2 still running. After update/upgrade my ubuntu, apache still running.
Until when I shutdown and booting again another time, my apache2 cannot start with default-ssl.conf included, but if it's not included, apache2 can start normally. Because of that, i cannot run the webmail which need ssl.
Heres my default-ssl.conf: http://pastebin.com/MDPMtBgN

My apache2 error.log: http://pastebin.com/xFMAfSmd

Any help would be appreciated? Thank you very muc

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: my apache2 cannot start with default-ssl.conf included

*) default-ssl.conf looks fine. If Apache runs well without default-ssl.conf, it might be caused by SSL certificate.
*) According to apache error.log, did you change server hostname but use an old ssl certificate? if so, you should generate a new SSL certificate with current hostname.

[Thu Apr 03 07:55:48.432431 2014] [ssl:warn] [pid 16543] AH01909: RSA certificate configured for localhost:443 does NOT include an ID which matches the server name

3 (edited by castea.webdev 2014-04-04 06:40:22)

Re: my apache2 cannot start with default-ssl.conf included

谢谢您,thank you for your reply,

According to apache error.log, did you change server hostname but use an old ssl certificate? if so, you should generate a new SSL certificate with current hostname.

I didn't change hostname directly. But now, indeed hostname has changed.
How do I generate ssl certificate correctly? sorry, i am newbie.

Note: If I change ServerName to old hostname, the missmatch warning disappear. but apache2 still fail to start

4

Re: my apache2 cannot start with default-ssl.conf included

castea.webdev wrote:

but apache2 still fail to start

Show us new error log please.

5 (edited by castea.webdev 2014-04-05 18:11:27)

Re: my apache2 cannot start with default-ssl.conf included

Thanks for your reply.
ssl:warn appeared when default-ssl was included.
below it, appeared if default-ssl was not included. Maybe i should reinstall iredmail.

[Fri Apr 04 05:29:48.853780 2014] [ssl:warn] [pid 18077] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 04 07:45:19.904812 2014] [ssl:warn] [pid 22858] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 04 07:54:22.657836 2014] [ssl:warn] [pid 23160] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Apr 04 09:14:42.570915 2014] [mpm_prefork:notice] [pid 24465] AH00163: Apache/2.4.7 (Ubuntu) OpenSSL/1.0.1f mod_wsgi/3.4 Python/2.7.6 configured -- resuming normal operations
[Fri Apr 04 09:14:42.619078 2014] [core:notice] [pid 24465] AH00094: Command line: '/usr/sbin/apache2'
[Fri Apr 04 15:52:16.456294 2014] [mpm_prefork:notice] [pid 24465] AH00169: caught SIGTERM, shutting down
[Fri Apr 04 17:53:45.104490 2014] [mpm_prefork:notice] [pid 3152] AH00163: Apache/2.4.7 (Ubuntu) OpenSSL/1.0.1f mod_wsgi/3.4 Python/2.7.6 configured -- resuming normal operations
[Fri Apr 04 17:53:45.116867 2014] [core:notice] [pid 3152] AH00094: Command line: '/usr/sbin/apache2'

6

Re: my apache2 cannot start with default-ssl.conf included

This warn message is fine, caused by self-signed ssl certificate. You can avoid it by using a paid SSL certificate.