Wednesday, November 4, 2015

apache 2.2 - SSL Library Error: -8181 Certificate has expired



After a yum update, there is an error when starting apache, in /var/log/httpd/error_log:



[notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[error] SSL Library Error: -8181 Certificate has expired
[error] Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.



Now I temporary put NSSEnforceValidCerts off in nss.conf to have the site running. How can I fix the error?


Answer



Seems that a certificate was created when mod_nss was installed.



This certificate has expired, preventing the restarting of httpd (Apache).



Do you really use mod_nss ?



If you aren't using mod_nss then your best bet is to simply uninstall the package.




However you have some alternatives :




  • Remove nss.conf from /etc/httpd/conf.d (this will cause mod_nss to not be loaded).


  • Uninstall/re-install your nss rpm modules. On re-installation a new
    certificate will be generated and your problem will go away for a
    few more years :



    rpm -e mod_nss
    rm /etc/httpd/alias/*

    yum install mod_nss
    service httpd restart


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...