After a yum update
, there is an error when starting apache, in /var/log/httpd/error_log
:
[notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[error] SSL Library Error: -8181 Certificate has expired
[error] Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
Now I temporary put NSSEnforceValidCerts off
in nss.conf
to have the site running. How can I fix the error?
Best Answer
Seems that a certificate was created when
mod_nss
was installed.This certificate has expired, preventing the restarting of
httpd
(Apache).Do you really use
mod_nss
?If you aren't using
mod_nss
then your best bet is to simply uninstall the package.However you have some alternatives :
Remove
nss.conf
from/etc/httpd/conf.d
(this will causemod_nss
to not be loaded).Uninstall/re-install your nss rpm modules. On re-installation a new certificate will be generated and your problem will go away for a few more years :