Solved

Apache2 error message

Posted on 2014-02-16
22
440 Views
Last Modified: 2014-02-17
After installing an SSL certificate from a cert authority, apache2 now restarts although I get this message:

Could not reliably determine the servers fully qualified domain name, using 2001:4325:4332:432:4321:432d:dd43:3fss for ServerName

I am using a domain name, but not sure if i need to put this somewhere or how I can resolve this message.
0
Comment
Question by:Jack_son_
  • 10
  • 7
  • 3
  • +2
22 Comments
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 39863695
you need to define the host name in /etc/hosts
reload/restart apache and it should go away
0
 

Author Comment

by:Jack_son_
ID: 39863802
okay, that fixed this issue; but seems like it also is still only seeing the old certificate and not the new one.  I have updated the path to the new cert in default-ssl file but didnt seem to fix the issue.
0
 
LVL 12

Assisted Solution

by:junipllc
junipllc earned 100 total points
ID: 39863807
Put the directive:

ServerName hostname.example.com

into your apache2.conf or httpd.conf. Ubuntu uses apache2.conf and CentOS uses httpd.conf.

Of course, hostname.example.com should be your actual FQDN.

I believe this will remove the error, but I can't be sure since I don't know any more details about your particular setup. Try it first and if it doesn't work, post back.

Best,

Michael
0
 
LVL 12

Expert Comment

by:junipllc
ID: 39863810
We posted at the same time. What error are you getting now?
0
 

Author Comment

by:Jack_son_
ID: 39863832
actually, I rebooted and restarted apache2 and am still receiving the error, here is what I see now:

apache2apache2:  Could not reliably determine the server's fully qualified domain name using xxx.xxx.xxx.xx for ServerName waiting apache2:  
Could not reliably determine the servers fully qualified domain name, using xxx.xxx.xxx.xx for ServerName
0
 
LVL 12

Expert Comment

by:junipllc
ID: 39863854
Is this actually causing a functional error, as in the cert is still not working, or is it just an annoyance error? Certs are tied to FQDNs, which are tied to IP addresses, so if you have the ServerName in the config correct, it should (in theory) actually work.

Now, that said, theory never works for me.

It's weird to me that the "guessed" ServerName is now an IPv4 address, but was IPv6 before. Can you post the relevant parts of your configuration (obfuscating what you need to like you did above)?

Mike
0
 
LVL 2

Expert Comment

by:c_kedar
ID: 39864194
Check what output you get from 'hostname --fqdn".
If it is not same as FQDN you want, then we need to fix this.

I am not able to recollect completely but I think /etc/hosts file needs to have an entry with hostname (i.e. out of command 'hostname')  and fqdn on same line.
0
 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 400 total points
ID: 39864411
if you are not using IPv6 then disable it under /etc/sysconfig/network and also opt out apache <directive> from using the IPv6.

TY/SA
0
 

Author Comment

by:Jack_son_
ID: 39864501
How do I disable ipv6, by just commenting it out?

Here is what i have:

x.x.x.x  FPT-SERVER01  myserver.fpt.com
x.x.x.x  FPT-SERVER01  myserver.fpt.com

One is internal ip and other is external ip.....let me know if this is right.
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39864543
paste below file output

/etc/sysconfig/network
0
 

Author Comment

by:Jack_son_
ID: 39864598
Here is the output, but network is a directory in this version, this is interfaces:

# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or
# /usr/share/doc/ifupdown/examples for more information.
# The loopback network interface
auto lo
iface lo inet loopback

# Label public
auto eth0
iface eth0 inet static
    address 141.240.231.70
    netmask 255.255.255.0
    gateway 142.240.231.1
iface eth0 inet6 static
    address 2001:4802:7801:0103:9128:887c:ff20:2cdb
    netmask 64
    gateway fe80::def
    dns-nameservers 49.20.0.164 49.20.0.196

# Label private
auto eth1
iface eth1 inet static
    address 10.176.168.90
    netmask 255.255.224.0
    dns-nameservers 49.20.0.164 49.20.0.196
    post-up route add -net 10.10.0.0 netmask 255.240.0.0 gw 10.10.160.1 || tr$
    pre-down route del -net 10.10.0.0 netmask 255.240.0.0 gw 10.10.160.1 || t$
    post-up route add -net 10.20.0.0 netmask 255.240.0.0 gw 10.10.160.1 || tr$
    pre-down route del -net 10.20.0.0 netmask 255.240.0.0 gw 10.10.160.1 || t$
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 13

Expert Comment

by:Sandy
ID: 39864604
First comment this section out.

iface eth0 inet6 static
    address 2001:4802:7801:0103:9128:887c:ff20:2cdb
    netmask 64
    gateway fe80::def
    dns-nameservers 49.20.0.164 49.20.0.196

and then do IPv4 specific binding in apache to avoid listening on IPv6 by web directive.

TY/SA
0
 

Author Comment

by:Jack_son_
ID: 39864610
also the main issue I am having is even though I changed out the certs, its still showing the old self signed certificate versus the new cert I purchased.
0
 

Author Comment

by:Jack_son_
ID: 39864653
ok commented that out; how do i do the IPv4 specific binding in apache?
0
 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 400 total points
ID: 39864666
instead of <VirtualHost *:80>  use <VirtualHost IP:80>
0
 

Author Comment

by:Jack_son_
ID: 39864692
okay, made this change; it gave me a few errors and the old certificate is still the one the web server is using.
0
 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 400 total points
ID: 39864704
Did you specify the new cert location in web directive ? Move old certificate from the directory including keys.

TY/SA
0
 

Author Comment

by:Jack_son_
ID: 39864712
i did put the path in default-ssl file, is this the only location?  I will move the old cert now and see
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39864715
check conf.d/ssl.conf also..
0
 

Author Comment

by:Jack_son_
ID: 39864726
i moved the files out of the directory and seems now apache wont start;  i moved them back and apache works.....
0
 
LVL 13

Accepted Solution

by:
Sandy earned 400 total points
ID: 39864797
That means Apache still looking for old certs hence you need to search their entry in conf file and modify to use the new cert.

TY/SA
0
 

Author Comment

by:Jack_son_
ID: 39864851
okay, its working now with the new cert!  Thank you
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now