Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Apache>
  3. Users
SSLEngine error
john.iliffe at iliffe
Nov 18, 2023, 12:42 PM
Post #1 of 4 (124 views)
Permalink
I'm trying to bring up Apache on a new server running Rocky Linux 9.1 and also upgrade the version
of Apache from 2.4.25 to current.

I have installed a .pem format certificate and when I try to start Apache I get this error:
----
Starting The Apache HTTP Server...
httpd[12399]: AH00526: Syntax error on line 11 of /etc/httpd/conf.d/coax.conf:
httpd[12399]: Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in
the server configuration
systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: httpd.service: Failed with result 'exit-code'.
systemd[1]: Failed to start The Apache HTTP Server.
----
To me SSLEngine looks properly coded and the same configuration worked on the previous server. Here
is what I have:

<Virtualhost *:443>
ServerName www.example.ca
ServerAlias t.example.ca
DocumentRoot /usr/httpd/example
Options -MultiViews
H2Direct on
ProxyPassMatch "^/.*\.php(/.*)?$" fcgi://127.0.0.1:9002/usr/httpd/example
SSLEngine on
SSLCipherSuite HIGH: !ADH: !SSLv2: !SSLv3: !TLSv1: !aNULL: !eNULL: !RC4: !PSK: !MD5
SSLCertificateFile /etc/httpd/conf/sslcert/www.example.pem
SSLCertificateKeyFile /etc/httpd/conf/sslcert/www.example.ca.key
SSLCACertificateFile /etc/httpd/conf/sslcert/intermediate.crt
SSLHonorCipherOrder on
Header always set Strict-Transport-Security "max-age-63072000;includeSubDomains"
</VirtualHost>

This looks to me like I missed something in the upgrade but hours of searching the documentation
haven't given me any possibilities. Any ideas would be appreciated!

John
======


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: SSLEngine error [ In reply to ]
rakmvk at gmail
Nov 18, 2023, 12:46 PM
Post #2 of 4 (124 views)
Permalink
make sure you have installed mod_ssl.

Thanks
Rakesh

On Sat, Nov 18, 2023 at 12:43?PM John <john.iliffe@iliffe.ca> wrote:
>
> I'm trying to bring up Apache on a new server running Rocky Linux 9.1 and also upgrade the version
> of Apache from 2.4.25 to current.
>
> I have installed a .pem format certificate and when I try to start Apache I get this error:
> ----
> Starting The Apache HTTP Server...
> httpd[12399]: AH00526: Syntax error on line 11 of /etc/httpd/conf.d/coax.conf:
> httpd[12399]: Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in
> the server configuration
> systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
> systemd[1]: httpd.service: Failed with result 'exit-code'.
> systemd[1]: Failed to start The Apache HTTP Server.
> ----
> To me SSLEngine looks properly coded and the same configuration worked on the previous server. Here
> is what I have:
>
> <Virtualhost *:443>
> ServerName www.example.ca
> ServerAlias t.example.ca
> DocumentRoot /usr/httpd/example
> Options -MultiViews
> H2Direct on
> ProxyPassMatch "^/.*\.php(/.*)?$" fcgi://127.0.0.1:9002/usr/httpd/example
> SSLEngine on
> SSLCipherSuite HIGH: !ADH: !SSLv2: !SSLv3: !TLSv1: !aNULL: !eNULL: !RC4: !PSK: !MD5
> SSLCertificateFile /etc/httpd/conf/sslcert/www.example.pem
> SSLCertificateKeyFile /etc/httpd/conf/sslcert/www.example.ca.key
> SSLCACertificateFile /etc/httpd/conf/sslcert/intermediate.crt
> SSLHonorCipherOrder on
> Header always set Strict-Transport-Security "max-age-63072000;includeSubDomains"
> </VirtualHost>
>
> This looks to me like I missed something in the upgrade but hours of searching the documentation
> haven't given me any possibilities. Any ideas would be appreciated!
>
> John
> ======
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: SSLEngine error [ In reply to ]
john.iliffe at iliffe
Nov 18, 2023, 1:21 PM
Post #3 of 4 (124 views)
Permalink
Right on - thank you. That lead to a whole bunch more errors but at least they are new!

John
======
On Sat, 2023-11-18 at 12:46 -0800, rakesh r wrote:
> make sure you have installed mod_ssl.
>
> Thanks
> Rakesh
>
> On Sat, Nov 18, 2023 at 12:43?PM John <john.iliffe@iliffe.ca> wrote:
> >
> > I'm trying to bring up Apache on a new server running Rocky Linux 9.1 and also upgrade the
> > version
> > of Apache from 2.4.25 to current.
> >
> > I have installed a .pem format certificate and when I try to start Apache I get this error:
> > ----
> > Starting The Apache HTTP Server...
> > httpd[12399]: AH00526: Syntax error on line 11 of /etc/httpd/conf.d/coax.conf:
> > httpd[12399]: Invalid command 'SSLEngine', perhaps misspelled or defined by a module not
> > included in
> > the server configuration
> > systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
> > systemd[1]: httpd.service: Failed with result 'exit-code'.
> > systemd[1]: Failed to start The Apache HTTP Server.
> > ----
> > To me SSLEngine looks properly coded and the same configuration worked on the previous server. 
> > Here
> > is what I have:
> >
> > <Virtualhost *:443>
> >    ServerName www.example.ca
> >         ServerAlias t.example.ca
> >    DocumentRoot /usr/httpd/example
> >    Options -MultiViews
> >    H2Direct on
> >    ProxyPassMatch "^/.*\.php(/.*)?$" fcgi://127.0.0.1:9002/usr/httpd/example
> >    SSLEngine on
> >    SSLCipherSuite HIGH: !ADH: !SSLv2: !SSLv3: !TLSv1: !aNULL: !eNULL: !RC4: !PSK: !MD5
> >    SSLCertificateFile /etc/httpd/conf/sslcert/www.example.pem
> >    SSLCertificateKeyFile /etc/httpd/conf/sslcert/www.example.ca.key
> >    SSLCACertificateFile /etc/httpd/conf/sslcert/intermediate.crt
> >    SSLHonorCipherOrder on
> >    Header always set Strict-Transport-Security "max-age-63072000;includeSubDomains"
> > </VirtualHost>
> >
> > This looks to me like I missed something in the upgrade but hours of searching the documentation
> > haven't given me any possibilities.  Any ideas would be appreciated!
> >
> > John
> > ======
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: SSLEngine error [ In reply to ]
cyberfarer at gmail
Nov 18, 2023, 1:57 PM
Post #4 of 4 (124 views)
Permalink
Have you enabled the Apache SSL module?

To install mod_ssl, run:

dnf install mod_ssl

To enable the mod_ssl module, run:

apachectl restart httpd apachectl -M | grep ssl

You will see:

ssl_module (shared)

https://docs.rockylinux.org/guides/web/mod_SSL_apache/

On Sat, 18 Nov 2023 at 15:43, John <john.iliffe@iliffe.ca> wrote:

> I'm trying to bring up Apache on a new server running Rocky Linux 9.1 and
> also upgrade the version
> of Apache from 2.4.25 to current.
>
> I have installed a .pem format certificate and when I try to start Apache
> I get this error:
> ----
> Starting The Apache HTTP Server...
> httpd[12399]: AH00526: Syntax error on line 11 of
> /etc/httpd/conf.d/coax.conf:
> httpd[12399]: Invalid command 'SSLEngine', perhaps misspelled or defined
> by a module not included in
> the server configuration
> systemd[1]: httpd.service: Main process exited, code=exited,
> status=1/FAILURE
> systemd[1]: httpd.service: Failed with result 'exit-code'.
> systemd[1]: Failed to start The Apache HTTP Server.
> ----
> To me SSLEngine looks properly coded and the same configuration worked on
> the previous server. Here
> is what I have:
>
> <Virtualhost *:443>
> ServerName www.example.ca
> ServerAlias t.example.ca
> DocumentRoot /usr/httpd/example
> Options -MultiViews
> H2Direct on
> ProxyPassMatch "^/.*\.php(/.*)?$" fcgi://
> 127.0.0.1:9002/usr/httpd/example
> SSLEngine on
> SSLCipherSuite HIGH: !ADH: !SSLv2: !SSLv3: !TLSv1: !aNULL: !eNULL:
> !RC4: !PSK: !MD5
> SSLCertificateFile /etc/httpd/conf/sslcert/www.example.pem
> SSLCertificateKeyFile /etc/httpd/conf/sslcert/www.example.ca.key
> SSLCACertificateFile /etc/httpd/conf/sslcert/intermediate.crt
> SSLHonorCipherOrder on
> Header always set Strict-Transport-Security
> "max-age-63072000;includeSubDomains"
> </VirtualHost>
>
> This looks to me like I missed something in the upgrade but hours of
> searching the documentation
> haven't given me any possibilities. Any ideas would be appreciated!
>
> John
> ======
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal