Skip to main content

"Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]" [Resolved]

After recently upgrading Apache2 to version 2.2.31 I found a strange behaviour in SSL VirtualHost setup.

A few of the website I'm hosting were showing the certificate for the default host even if the client was Server Name Identification aware, and this happened only with a few of them. This shows as the common Firefox's/Chrome's passport-warning about you being possibly scammed if you're browsing your home banking, but that simply was not the case.

To be clear, if server host.hostingdomain.org has its own SSL, attempting to access https://www.hostedsite.org reports certificate for host.hostingdomain.org, but a few https://www.hostedsite.me reported the correct certificate.

All sites are hosted on the same IP address, on port 443. The truth is that VirtualHosting works on the HTTP side and redirects SNI-aware clients to SSL automatically, so it's backward compatible with SNI-unaware clients.

Examining error logs for the offending VirtualHosts shown the following text

[Tue Dec 25 16:02:45 2012] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] (/path/to/www.site.org.conf:20)

and in fact the vhost was correctly configured with SSLCertificateFile.

The question is obvious: how to fix that?


Asked April 21, 2017
Posted Under: Network
42 views
4 Answers

It happens that it could be a bug in the most recent version of Apache.

Solution 1: downgrade to the latest stable

Solution 2: edit listen.conf

Replace Listen *:443 (or Listen 443 according to your setup) with Listen *:443 http

Credit


Answered April 21, 2017
 
Solution 2: should that be httpd.conf not listen.conf – zzapper Mar 17 '16 at 15:00
 CanDoerz  5 months ago
 
Thank you for pointing this out! You saved me a lot of wondering around... I wonder why apache is making life harder!? – tftd Mar 18 '13 at 22:20
 CanDoerz  5 months ago

I had the same exact problem, and what worked for me was unbelievably simple

edit /etc/apache2/ports.conf (for ubuntu, or httpd.conf )

change "Listen 443" to "Listen 443 http" under ssl_module


Answered April 21, 2017
 
This answer is applicable for apache on my apache2.4 lamp stack, ubuntu. Other answer is "listen.conf" - should be ports.conf – Nick Jun 26 '16 at 2:40
 CanDoerz  5 months ago
 
The accepted answer seems outdated. This answer was more useful and accurate. +1 – Parag Magunia Mar 26 '16 at 1:42
 CanDoerz  5 months ago
 
This is already in the accepted answer. – Sven Jun 28 '15 at 8:13
 CanDoerz  5 months ago

Another solution for this is to ensure that all of your :443 vhosts include the TLS configuration.

This problem was recently introduced in Debian wheezy and I got the solution from http://blog.noizeramp.com/2010/10/03/apache-2-and-ssl-configuration/.


Answered April 21, 2017

It should be like this: # If you add NameVirtualHost *:443 here, you will also have to change # the VirtualHost statement in /etc/apache2/sites-available/default-ssl # to # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. NameVirtualHost *:443 Listen 443 http

I was in this trouble too. So thanks others how shared.


Answered April 21, 2017
Your Answer
D:\Adnan\Candoerz\CandoProject\vQA