Error Illegal Attempt To Re - Initialize Ssl For Server
After dist-upgrading my main Hetzner server from Lenny to Squeeze, Apache failed to come up, barfing the following error message in the alphabetically last defined and enabled virtual host's error log: [error] Illegal attempt to re-initialise SSL for server (theoretically shouldn't happen!) Well this is not theory but the real world and it did happen — and it took me a while to find out what was wrong with the configuration despite it worked with Lenny's Apache version. To avoid that others have to search as long as I had to, here's the solution: Look at all enabled sites, pick out those which have a VirtualHost on port 443 defined and verify that all these VirtualHost containers do have their own "SSLEngine On" statement. If at least one is missing, you'll run into the above mentioned error message. And it won't necessarily show up in the error log of those VirtualHosts which are missing the statement but only in the last VirtualHost (or the last VirtualHost on port 443). To find the relevant site files, I used the following one-liner: grep -lE 'VirtualHost.*443' sites-enabled/*[^~] | \ xargs grep -ci "SSLEngine On" | \ grep :0 Should work for all sites which have defined just one VirtualHost on port 443 per file. I suspect that the raise of SNI made Apache's SSL implementation more picky with regards to VirtualHosts. Oh, and kudos to this comment to an article on Debian-Administration.org because it finally pointed me in the right direction. :-) Filed under: Blogging is futile » English » Computer » Web » Apache » Tagged as: Apache, CLI, commandline, Debian, error, experience, grep, HTTPS, KMMR, Lenny, Squeeze, SSL, xargs 3 comments // show without comments // write a comment Related stories Hidden Terminals (4 shared tags) sort -h (
Jan23,2006,8:31AM Post #1 of 2 (1045 views) Permalink Apache 2 and SSL on server with multiple IPs, SSL won't load... Hey gang. I've got a problem that's been giving me fits for the past several days and I just can't figure out what's wrong. http://noone.org/blog/English/Computer/Web/Apache/Illegal%20attempt%20to%20re-initialise%20SSL.html Here's the situation: I've got an Apple Xserve, with a standard install of Apache 2.0.55 with mod_ssl. The server has 2 IP addresses assigned to it, lets call them foo.dartmouth.edu and bar.dartmouth.edu. I've also got 2 instances of Apache configured to run, since I believe http://www.gossamer-threads.com/lists/apache/users/304670 I need to do IP-based virtual hosting to accomplish what I need: foo is an HTTP server and bar needs to be an HTTP/HTTPS server. We have a key file and a Dartmouth-signed certificate built for bar.dartmouth.edu and I'm using an ssl.conf file that looks like this: ---------------- #SSL.CONF for bar.dartmouth.edu Listen 129.170.xxx.yyy:443 SSLEngine on AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:-SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache2/conf/ssl.crt/bar.crt SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/bar.key SSLCACertificatePath /usr/local/apache2/conf/ssl.crt SSLVerifyClient optional SSLVerifyDepth 5 SSLPassPhraseDialog builtin SSLSessionCache dbm:/usr/local/apache2/logs/ssl_scache SSLSessionCacheTimeout 300 AcceptMutex flock LockFile /usr/local/apache2/logs/httpd.lock SSLMutex file:/usr/local/apache2/logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin
man. http://www.unixdude.org/2013/12/12/illegal-attempt-to-re-initialise-ssl-for-server-theoretically-shouldnt-happen/ We make ourselves into one or the other." --Kokoro About Me…Disclaimer Illegal attempt to re-initialise SSL for server (theoretically shouldn’t happen! Posted by phatdee on http://marc.info/?l=apache-modssl&m=99528033410283&w=2 December 12, 2013 Posted in: Apache. Tagged: Apache, certs, configuration, SSL. Leave a Comment Just wasted about 3 hours of my life trying to error illegal figure out WTF I did to Apache that made it start giving me this error. Turns out I added a virtual_host section and added all the SSL directives, but I also had all the Global SSL directives enabled as well. Remove one set of SSL lines and finally that shit error illegal attempt stared. Now where was I? Posts navigation ← TCPTrack: Nice tool to determine TCP connection states yum reporting many errors and duplicates → Leave a Reply Cancel reply Your email address will not be published. Required fields are marked *Comment Name * Email * Website CategoriesCategories Select Category Applications & Servers(28) Apache(3) Chrome(2) Crashplan(1) Firewalls & Relates(1) NetgearR7500(1) Google Apps(1) HAProxy(1) Java(1) Kickstart(4) LVM(2) Nvidia(1) Package Manager(1) Postfix(3) Rdesktop(1) Sysctl(1) Systemd(1) Termbin & Fiche(1) Wireshark(3) Authentication(11) LDAP(2) Windows 2008R2(5) Backups(4) Bash(18) Cheatsheets(7) Commands(114) Ack(1) Cronjobs(4) Curl(1) Date(1) Dd(1) DiskCache(1) Dstat(1) Find(2) Fonts(1) Gdb(1) Grep(5) Grub(3) Htop(1) Kill(1) Lftp(1) Memory(3) Netcat(1) Netstat(1) NFS(1) Ngircd - IRCD(1) Nmap(1) Nscd(1) NTP(1) OpenVPN(1) PAM(1) RPM(3) Rsync(4) RT Tracker(2) Sar(1) Sed & Awk(4) Seq(1) Skype(1) Socat(1) SSH/SSHD(10) Sudo(5) Swap(1) Swat(1) System Loggers(3) Syslogd(1) Tail(2) Tar(2) TCPdump(3) TCPWrappers(1) Terminals(1) Useful Commands(3) VIM(7) Vsftpd(3) Wget(1) XML(1) Yum(1) Configurations(1) Databases(8) Mysql(5) Distros(17) Debian(1) novel
at> Date: 2001-07-16 10:41:53 [Download message RAW] Thanks for your quick response but "SSLEngine on" does not appears two times in my httpd.conf (I wished that would have been the problem) Can you (or anybody else!) think of an other reason (->solution) for my problem? Help needed! Lukas Feiler /************************** EndlosProduktion Kusch Senoner OEG lukas.feiler@endlos.at www.endlos.at **************************/ ----- Original Message ----- From: