[lug] Occasional Apache SSL Error
Ben Luey
bluey at iguanaworks.net
Sat Apr 23 17:02:51 MDT 2011
>> I'm running Debian Lenny with apache (2.2.9-10). This has been true for
>> over a year now with no problems. One month ago I changed our SSL
>> certificate as it was about to expire. The old key was 1024 bits and the
>> new one (required by godaddy) is 2048 bits. It installed fine, chrome,
>> firefox, etc accept it. Ever since then I occasionally get SSL errors
>> such as:
> Two thoughts: do you have the entire cert chain on the server? Can you turn on logging of the SSL
> and see what the server says when errors happen?
>
> You are making a plan to upgrade now that Lenny is obsolete, right?
>
I think I have the whole cert chain on the server: it just the
gd_bundle.crt that GoDaddy provides as my
SSLCertificateChainFile. Is there special apache ssl logging? The
default SSL logging (/var/log/apache2/ssl_access.log and
/var/log/apache2/error.log with log level warn doesn't show anything for
the 'bad' traffic. No record of the GET request or anything. Seeing as
it takes at ~1 week from an apache restart to occasionally get this
error, I'm not a big fan of upping the log level for everything on
apache2 and flooding my log files. Plus, this should be an error that is
logged anyway, right? Is there reason to believe that logging at info or
notice will show something?
Lenny's still got security updates for at least another year... I'll
upgrade at some point, but that just adds more variables to the
situation (it was fine before with lenny and same version of apache2),
so I'd like to fix this first.
Ben
More information about the LUG
mailing list