[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 62356] New: *:443 VirtualServer incorrectly fails with AH02572 on start up


            Bug ID: 62356
           Summary: *:443 VirtualServer incorrectly fails with AH02572 on
                    start up
           Product: Apache httpd-2
           Version: 2.4.33
          Hardware: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: All
          Assignee: bugs@xxxxxxxxxxxxxxxx
          Reporter: h751286@xxxxxxxxx
  Target Milestone: ---

I have domain

x.y.z and I have purchased a certificate for it so that people can access my
site via https

sometimes however, instead of using the correct https://x.y.z to access the
site, people use https://www.x.y.z

Certificates are pricey and I do not want to have to have 2 just so that people
can connect via x.y.z and www.x.y.z

...so what I have done is create 2 virtual servers as follows:

<VirtualHost *:443>
ServerName www.x.y.z
RewriteEngine On
RewriteRule (.*) https://x.y.z/ [R]

<VirtualHost *:443>
ServerName x.y.z
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/x_y_z.crt
SSLCertificateKeyFile /etc/pki/tls/private/x_y_z.key

As you can see, now what happens is that if someone connects using 

https://www.x.y.z all that happens is the url is rewritten to be https://x.y.z
and the second virtual host is triggered, enabling the ssl engine and applying
the appropriate certificate.

However, what actually happens is that apache fails on start up with the
following message: 

ssl:emerg] [pid 5516] AH02572: Failed to configure at least one certificate and
key for www.x.y.z:80

even though the SSLEngine is not even enabled in the first virtual machine.

NOTE, this only happens if the port is 443. if I change to be 

<VirtualHost *:[some random port that is not 443]>
ServerName www.x.y.z
RewriteEngine On
RewriteRule (.*) https://x.y.z/ [R]

then apache starts fine.

It seems to me terribly incorrect that apache is treating what is simply "the
default https port" as sacrosanct and applying rules to it that may not be
desired in every case; and are in any event configurable via other means should
they be desired. 

I can - and should be able to - to start the SSL engine on any port and
likewise I can - and should be able to - tell a browser to use any port for
communicating via https - simply by doing https://x.y.z:[any port I choose]

For this reason I am logging this behaviour as a bug.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx