I broke my Apache 2.4 install and I need help!

@lbutlr kremels at kreme.com
Tue Apr 10 06:16:26 UTC 2018

On 2018-04-03 (12:32 MDT), Johan Hendriks <joh.hendriks at gmail.com> wrote:
> Op 03/04/2018 om 00:56 schreef @lbutlr:
>> On 2018-04-02 (16:40 MDT), William Dudley <wfdudley at gmail.com> wrote:
>> This is what a virtual host looks like for me in apache24. I never put any hosts into http.conf other than a base name that is actually unused for web access. Everything is in user/name.conf or extras/httpd-vhosts.conf
>> <VirtualHost *:443>
>>   ServerName oursite.example.net
>>   DocumentRoot /usr/local/www/oursite
>>   SSLEngine on
>>   SSLCertificateFile /usr/local/etc/dehydrated/certs/covisp.net/cert.pem
>>   SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/covisp.net/privkey.pem
>>   SSLCertificateChainFile /usr/local/etc/dehydrated/certs/covisp.net/chain.pem
>>   SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
>>   SSLHonorCipherOrder on
>>   # I am not sure this is needed or best for TLSv1.2, but it works for us
>>   Header always set Strict-Transport-Security "max-age=15638400; includeSubdomains;"
>> </VirtualHost>          
> The documentation of apache states that SSLCertificateChainFile is
> deprecated and SSLCertificateFile will handle your cert and chain in one
> file. See apache docs
> http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatechainfile
> I do not think this helps with your problem but it is cleaner to not use
> deprecated configs.

I am not the OP with the problem, I was just sharing the configuration that I have that works.

it looks like I should change that to 

SSLCertificateFile /usr/local/etc/dehydrated/certs/covisp.net/chain.pem

I'll give that a try next time I'm editing configs.

Don't congratulate yourself too much, or berate yourself either. You
choices are half chance; so are everybody else's.

More information about the freebsd-questions mailing list