ssl_stapling_init_cert: cant retrieve issuer certificate

Discussion in 'Installation/Configuration' started by Jhon Mario Lemos, Apr 6, 2017.

  1. Jhon Mario Lemos

    Jhon Mario Lemos New Member

    Hi, I am getting in the apache log a few errors and when I login to the domain I get the following message "The page is not properly redirected"

    i use debian 8
    Server version: Apache/2.4.10 (Debian)
    Server built: Feb 25 2017 10:03:55

    This is the apache log

    [Thu Apr 06 17:29:21.271329 2017] [ssl:warn] [pid 9981] AH01906: server.domain.co:8080:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Thu Apr 06 17:29:21.277319 2017] [ssl:error] [pid 9981] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=server.domain.co,OU=Ventas,O=GALES Importaciones,L=C$
    [Thu Apr 06 17:29:21.277376 2017] [ssl:error] [pid 9981] AH02567: Unable to configure certificate server.domain.co:8080:0 for stapling
    [Thu Apr 06 17:29:21.281364 2017] [ssl:warn] [pid 9981] AH01906: server.domain.co:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Thu Apr 06 17:29:21.281715 2017] [suexec:notice] [pid 9981] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
    [Thu Apr 06 17:29:21.375981 2017] [auth_digest:notice] [pid 10003] AH01757: generating secret for digest authentication ...
    [Thu Apr 06 17:29:21.383278 2017] [:notice] [pid 10007] FastCGI: process manager initialized (pid 10007)
    [ 2017-04-06 17:29:21.4070 10009/b7461700 agents/Watchdog/Main.cpp:538 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nogroup', 'default_python' => 'python', 'default_ruby' =>$
    [ 2017-04-06 17:29:21.4378 10012/b7379700 agents/HelperAgent/Main.cpp:650 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.10003/generation-0/request
    [ 2017-04-06 17:29:21.4871 10017/b6b21980 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.10003/generation-0/logging
    [ 2017-04-06 17:29:21.4903 10009/b7461700 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started!
    [Thu Apr 06 17:29:21.605503 2017] [:error] [pid 10003] python_init: Python version mismatch, expected '2.7.5+', found '2.7.9'.
    [Thu Apr 06 17:29:21.605710 2017] [:error] [pid 10003] python_init: Python executable found '/usr/bin/python'.
    [Thu Apr 06 17:29:21.605728 2017] [:error] [pid 10003] python_init: Python path being used '/usr/lib/python2.7/:/usr/lib/python2.7/plat-i386-linux-gnu:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/$
    [Thu Apr 06 17:29:21.605771 2017] [:notice] [pid 10003] mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads.
    [Thu Apr 06 17:29:21.605783 2017] [:notice] [pid 10003] mod_python: using mutex_directory /tmp
    [Thu Apr 06 17:29:21.648832 2017] [ssl:warn] [pid 10003] AH01906: server.domain.co:8080:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Thu Apr 06 17:29:21.648984 2017] [ssl:error] [pid 10003] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=server.domain.co,OU=Ventas,O=GALES Importaciones,L=$
    [Thu Apr 06 17:29:21.649003 2017] [ssl:error] [pid 10003] AH02567: Unable to configure certificate server.domain.co:8080:0 for stapling
    [Thu Apr 06 17:29:21.649757 2017] [ssl:warn] [pid 10003] AH01906: server.domain.co:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Thu Apr 06 17:29:21.666479 2017] [mpm_prefork:notice] [pid 10003] AH00163: Apache/2.4.10 (Debian) mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_fcgid/2.3.9 Phusion_Passenger/4.0.53 mod_python/3.3.1$
    [Thu Apr 06 17:29:21.666548 2017] [core:notice] [pid 10003] AH00094: Command line: '/usr/sbin/apache2'


    When I do an apachectl -S shows me the following. But it is taking me as site server.domain.co and that is the FQDN name of my server.


    *:443 server.domain.co (/etc/apache2/conf-enabled/roundcube.conf:53)
    *:8081 server.domain.co (/etc/apache2/sites-enabled/000-apps.vhost:9)
    *:80 is a NameVirtualHost
    default server server.domain.co (/etc/apache2/conf-enabled/roundcube.conf:1)
    port 80 namevhost server.domain.co (/etc/apache2/conf-enabled/roundcube.conf:1)
    port 80 namevhost server.domain.co (/etc/apache2/sites-enabled/000-default.conf:1)
    *:8080 server.domain.co (/etc/apache2/sites-enabled/000-ispconfig.vhost:9)


    Thanks for the help
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the errors that you get in the access.log file of the affected website, not the one from the global access.log. The ssl stapling message can be ignored and it is not about redirections nor is it from a domain, it is from the ISPConfig interface.
     
  3. Jhon Mario Lemos

    Jhon Mario Lemos New Member

    thanks for answering. Attach access.log from yesterday and today.
     

    Attached Files:

Share This Page