I broke my Apache 2.4 install and I need help!

Johan Hendriks joh.hendriks at gmail.com
Tue Apr 3 18:32:35 UTC 2018

Op 03/04/2018 om 00:56 schreef @lbutlr:
> On 2018-04-02 (16:40 MDT), William Dudley <wfdudley at gmail.com> wrote:
>> I've managed to get my apache install working without any SSL stuff
>> running.  That's progress.
> This is what a virtual host looks like for me in apache24. I never put any hosts into http.conf other than a base name that is actually unused for web access. Everything is in user/name.conf or extras/httpd-vhosts.conf
> <VirtualHost *:443>
>    ServerName oursite.example.net
>    DocumentRoot /usr/local/www/oursite
>    SSLEngine on
>    SSLCertificateFile /usr/local/etc/dehydrated/certs/covisp.net/cert.pem
>    SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/covisp.net/privkey.pem
>    SSLCertificateChainFile /usr/local/etc/dehydrated/certs/covisp.net/chain.pem
>    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
>    SSLHonorCipherOrder on
>    # I am not sure this is needed or best for TLSv1.2, but it works for us
>    Header always set Strict-Transport-Security "max-age=15638400; includeSubdomains;"
> </VirtualHost>          
The documentation of apache states that SSLCertificateChainFile is
deprecated and SSLCertificateFile will handle your cert and chain in one
file. See apache docs
I do not think this helps with your problem but it is cleaner to not use
deprecated configs.

Johan Hendriks

More information about the freebsd-questions mailing list