Ssl – Mac OS X Server 10.6 refusing to serve web pages after SSL certificate replacement

apache-2.2mac-osx-serverosx-snow-leopardsslssl-certificate

I run a web site that is hosted on an Apple Xserve running Mac OS X Server 10.6. Today, I replaced an expired SSL certificate with a newly acquired certificate. I also deleted the old certificate. I made these changes with the Server Admin tool.

The certificate appears valid—the software says so, and displays all the correct information. It also claims that the web service is running. However, since I made that one change, my server refuses to serve web pages. Any attempt to load a page is immediately refused. Other services, such as Apple Remote Desktop, SSH, AFP, etc. all work fine, it's just Apache that refuses connections.

I've restarted the server, and also restarted Apache, using both Server Admin and apachectl. The latter tool also believe Apache to be running, but I can't connect to it.

I've tried comparing my /etc/apache2 folder with a copy from backup, but as suspected, all of the changes relate to SSL certificates and appear innocuous to me. I've hit a brick wall on this; nothing appears to be wrong, Google returns no hits, and yet my site is broken. My hope is that one of you fine people who knows more about this than I will be able to at least give me a hint at what might be wrong.

Thanks!

Edit: Last couple lines in the error log:

[Mon Sep 13 13:30:11 2010] [warn] [client 65.55.3.193] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
[Mon Sep 13 13:31:20 2010] [notice] caught SIGTERM, shutting down

Best Answer

Ok, here is what happened because I just had the same exact problem and this is also a production web server, but re-installing was a last resort. I could not find a solution posted on any web site, and the conclusion on this web page did not exactly make me feel optimistic...

In the Console log it showed me the following:

12/9/10 9:40:37 PM  com.apple.launchd[1]    (org.apache.httpd[16022]) Exited with exit code: 1
12/9/10 9:40:37 PM  com.apple.launchd[1]    (org.apache.httpd) Throttling respawn: Will start in 10 seconds
12/9/10 9:40:47 PM  org.apache.httpd[16025] Syntax error on line 13 of /etc/apache2/sites/0005_any_80_support.conf:
12/9/10 9:40:47 PM  org.apache.httpd[16025] SSLCertificateFile: file '/etc/certificates/www.mydomainname.com.DC32C1B3A9A0E1502E704365A74810BBDE62C643.cert.pem' does not exist or is empty

When I looked in the /etc/certificates directory, I could see the certificate that I added today, and the old one which the 0005_any_80_support.conf file referred to had a size of zero. I edited this file to the correct certificate, and my webserver was instantly back up and running.

So, deleting a certificate in Server Admin only clears out the contents of the file and then it also does not fix the configuration files

Now, I have to go find myself a Tootsie Pop, because I feel I've earned it.

Related Topic