Restoring Virtual Server Leads to Apache/SSL Error

4 posts / 0 new
Last post
#1 Fri, 01/02/2015 - 17:43
neanderslob

Restoring Virtual Server Leads to Apache/SSL Error

Hi All,

I'm currently trying to restore my virtual server backup on an Ubuntu 12.04 VPS (same operating system on which the backup was created if it might matter) with some frustration. The loading process happens without issue but apache fails when I try to start it.. This problem is, however fixed as soon as I delete the restored server.

When I look in the apache error log, I'm confronted with the following:

[Fri Jan 02 03:40:23 2015] [notice] Graceful restart requested, doing restart  
[Fri Jan 02 03:40:23 2015] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
[Fri Jan 02 03:40:23 2015] [notice] Digest: generating secret for digest authentication ...
[Fri Jan 02 03:40:23 2015] [notice] Digest: done

I checked out the virtualmin error log for the restored virutal server and found that there were some ssl issues:

[Fri Jan 02 04:11:30 2015] [error] Unable to configure permitted SSL ciphers
[Fri Jan 02 04:11:30 2015] [error] SSL Library Error: 336486680 error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command
[Fri Jan 02 04:11:30 2015] [error] SSL Library Error: 336486680 error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command

As a shot in the dark I tried disabling SSL on the restored virtual server via Virtualmin and apache started without a problem and the site came up (with no ssl of course).

What might be going on here and how might I resolve it?

Many thanks in advance!

Thu, 01/15/2015 - 16:39
neanderslob

Turned out virtualmin didn't enter into it. The issue was a conflict between apache2 and ssl given the version of ubuntu I was running (12.04).

From this excellent answer I got on AskUbuntu regarding the SSL conflict, Ubuntu 12.04 ships with OpenSSL 1.01, meaning that I had to remove +TLSv1.1:+TLSv1.2 from my apache configuration and everything worked fine.

The more preferable alternative would be to upgrade OpenSSL or the version of Ubuntu I was using.

Thu, 01/15/2015 - 17:06
andreychek

Howdy,

I'm glad you got it figured out, thanks for letting us know how you fixed it!

-Eric

Thu, 12/17/2015 - 08:14 (Reply to #3)
glimmung

Hi All,

Have just trodden this path today, and the referenced advice worked perfectly - BUT there are SSLCipherSuite lines in both: -

/etc/apache2/apache2.conf

...and: -

/etc/apache2/mods-available/ssl.conf

...and the former is the ones you want - hope this saves someone else some time!

:-)

--

Cheers,

PhilK

Topic locked