After a yum update, there is an error when starting apache, in /var/log/httpd/error_log:
[notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[error] SSL Library Error: -8181 Certificate has expired
[error] Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
Now I temporary put NSSEnforceValidCerts off in nss.conf to have the site running. How can I fix the error?
Answer
Seems that a certificate was created when mod_nss was installed.
This certificate has expired, preventing the restarting of httpd (Apache).
Do you really use mod_nss ?
If you aren't using mod_nss then your best bet is to simply uninstall the package.
However you have some alternatives :
Remove
nss.conffrom/etc/httpd/conf.d(this will causemod_nssto not be loaded).Uninstall/re-install your nss rpm modules. On re-installation a new
certificate will be generated and your problem will go away for a
few more years :rpm -e mod_nss
rm /etc/httpd/alias/*
yum install mod_nss
service httpd restart
No comments:
Post a Comment