Apache doesn't start after updating ISPConfig and creating a new certificate

Discussion in 'Installation/Configuration' started by S.A.L., Nov 27, 2019.

  1. S.A.L.

    S.A.L. New Member

    Hi,

    [edit]
    Forgot the most important information:
    Server: Debian GNU/Linux 9.11 (stretch)
    ISPConfig Version: 3.1.15p2
    [/edit]
    today I updated ISPconfig. And because of a not updating let's encrypt certificate I thought it would be a good idea to create a new certificate during the update of ispconfig. So what I've done during the update is to say "yes" when he asked to create a new ISPConfig SSL certificate.
    And now every time I try to start apache, he asks me for the passphrase of the SSL/TLS keys:
    Code:
    Enter passphrase for SSL/TLS keys for server.mydomain.de:8080 (RSA):
    But I have not set a passphrase by myself. So I don't know which passphrase he wants.
    After typing the wrong passphrase two times he says:
    Code:
    Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.
    In apaches error.log I see this errors:
    Code:
    [Wed Nov 27 23:01:29.859272 2019] [ssl:emerg] [pid 10779] AH02580: Init: Pass phrase incorrect for key server.mydomain.de:8080:0
[Wed Nov 27 23:01:29.859386 2019] [ssl:emerg] [pid 10779] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Nov 27 23:01:29.859400 2019] [ssl:emerg] [pid 10779] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Wed Nov 27 23:01:29.859410 2019] [ssl:emerg] [pid 10779] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Nov 27 23:01:29.859420 2019] [ssl:emerg] [pid 10779] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Wed Nov 27 23:01:29.859431 2019] [ssl:emerg] [pid 10779] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Wed Nov 27 23:01:29.859439 2019] [ssl:emerg] [pid 10779] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Wed Nov 27 23:01:29.859462 2019] [ssl:emerg] [pid 10779] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Wed Nov 27 23:01:29.859469 2019] [ssl:emerg] [pid 10779] AH02312: Fatal error initialising mod_ssl, exiting.
[Wed Nov 27 23:01:29.859476 2019] [ssl:emerg] [pid 10779] AH02564: Failed to configure encrypted (?) private key server.mydomain.de:8080:0, check /usr/local/ispconfig/interface/ssl/ispserver.key
AH00016: Configuration Failed
    Does anyone have an idea what I can do to start apache again?
    Thanks a lot in advance!

    Regards
    Steffen
     
    Last edited: Nov 27, 2019
    S.A.L., Nov 27, 2019
    #1
  2. S.A.L.

    S.A.L. New Member

    OK, I found out how to get apache running again with a workaround. I commented the old certificate lines and added new lines with the snakeoil certificate. So the SSL Configuration looks now like this:
    Code:
      # SSL Configuration
  SSLEngine On
  SSLProtocol All -SSLv3
  SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
#  SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
#  SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
#  SSLCACertificateFile /usr/local/ispconfig/interface/ssl/ispserver.bundle
    That works for the moment. I now have to check why Let's encrypt can't update the domain under which ispconfig is available. But that's another problem that was discussed several times here as I've seen. So I hope I get the solutions from these threads.
     
    S.A.L., Dec 1, 2019
    #2

Share This Page