Jack_son_
asked on
Apache2 error message
After installing an SSL certificate from a cert authority, apache2 now restarts although I get this message:
Could not reliably determine the servers fully qualified domain name, using 2001:4325:4332:432:4321:43 2d:dd43:3f ss for ServerName
I am using a domain name, but not sure if i need to put this somewhere or how I can resolve this message.
Could not reliably determine the servers fully qualified domain name, using 2001:4325:4332:432:4321:43
I am using a domain name, but not sure if i need to put this somewhere or how I can resolve this message.
ASKER
okay, that fixed this issue; but seems like it also is still only seeing the old certificate and not the new one. I have updated the path to the new cert in default-ssl file but didnt seem to fix the issue.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
We posted at the same time. What error are you getting now?
ASKER
actually, I rebooted and restarted apache2 and am still receiving the error, here is what I see now:
apache2apache2: Could not reliably determine the server's fully qualified domain name using xxx.xxx.xxx.xx for ServerName waiting apache2:
Could not reliably determine the servers fully qualified domain name, using xxx.xxx.xxx.xx for ServerName
apache2apache2: Could not reliably determine the server's fully qualified domain name using xxx.xxx.xxx.xx for ServerName waiting apache2:
Could not reliably determine the servers fully qualified domain name, using xxx.xxx.xxx.xx for ServerName
Is this actually causing a functional error, as in the cert is still not working, or is it just an annoyance error? Certs are tied to FQDNs, which are tied to IP addresses, so if you have the ServerName in the config correct, it should (in theory) actually work.
Now, that said, theory never works for me.
It's weird to me that the "guessed" ServerName is now an IPv4 address, but was IPv6 before. Can you post the relevant parts of your configuration (obfuscating what you need to like you did above)?
Mike
Now, that said, theory never works for me.
It's weird to me that the "guessed" ServerName is now an IPv4 address, but was IPv6 before. Can you post the relevant parts of your configuration (obfuscating what you need to like you did above)?
Mike
Check what output you get from 'hostname --fqdn".
If it is not same as FQDN you want, then we need to fix this.
I am not able to recollect completely but I think /etc/hosts file needs to have an entry with hostname (i.e. out of command 'hostname') and fqdn on same line.
If it is not same as FQDN you want, then we need to fix this.
I am not able to recollect completely but I think /etc/hosts file needs to have an entry with hostname (i.e. out of command 'hostname') and fqdn on same line.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
How do I disable ipv6, by just commenting it out?
Here is what i have:
x.x.x.x FPT-SERVER01 myserver.fpt.com
x.x.x.x FPT-SERVER01 myserver.fpt.com
One is internal ip and other is external ip.....let me know if this is right.
Here is what i have:
x.x.x.x FPT-SERVER01 myserver.fpt.com
x.x.x.x FPT-SERVER01 myserver.fpt.com
One is internal ip and other is external ip.....let me know if this is right.
paste below file output
/etc/sysconfig/network
/etc/sysconfig/network
ASKER
Here is the output, but network is a directory in this version, this is interfaces:
# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or
# /usr/share/doc/ifupdown/ex amples for more information.
# The loopback network interface
auto lo
iface lo inet loopback
# Label public
auto eth0
iface eth0 inet static
address 141.240.231.70
netmask 255.255.255.0
gateway 142.240.231.1
iface eth0 inet6 static
address 2001:4802:7801:0103:9128:8 87c:ff20:2 cdb
netmask 64
gateway fe80::def
dns-nameservers 49.20.0.164 49.20.0.196
# Label private
auto eth1
iface eth1 inet static
address 10.176.168.90
netmask 255.255.224.0
dns-nameservers 49.20.0.164 49.20.0.196
post-up route add -net 10.10.0.0 netmask 255.240.0.0 gw 10.10.160.1 || tr$
pre-down route del -net 10.10.0.0 netmask 255.240.0.0 gw 10.10.160.1 || t$
post-up route add -net 10.20.0.0 netmask 255.240.0.0 gw 10.10.160.1 || tr$
pre-down route del -net 10.20.0.0 netmask 255.240.0.0 gw 10.10.160.1 || t$
# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or
# /usr/share/doc/ifupdown/ex
# The loopback network interface
auto lo
iface lo inet loopback
# Label public
auto eth0
iface eth0 inet static
address 141.240.231.70
netmask 255.255.255.0
gateway 142.240.231.1
iface eth0 inet6 static
address 2001:4802:7801:0103:9128:8
netmask 64
gateway fe80::def
dns-nameservers 49.20.0.164 49.20.0.196
# Label private
auto eth1
iface eth1 inet static
address 10.176.168.90
netmask 255.255.224.0
dns-nameservers 49.20.0.164 49.20.0.196
post-up route add -net 10.10.0.0 netmask 255.240.0.0 gw 10.10.160.1 || tr$
pre-down route del -net 10.10.0.0 netmask 255.240.0.0 gw 10.10.160.1 || t$
post-up route add -net 10.20.0.0 netmask 255.240.0.0 gw 10.10.160.1 || tr$
pre-down route del -net 10.20.0.0 netmask 255.240.0.0 gw 10.10.160.1 || t$
First comment this section out.
iface eth0 inet6 static
address 2001:4802:7801:0103:9128:8 87c:ff20:2 cdb
netmask 64
gateway fe80::def
dns-nameservers 49.20.0.164 49.20.0.196
and then do IPv4 specific binding in apache to avoid listening on IPv6 by web directive.
TY/SA
iface eth0 inet6 static
address 2001:4802:7801:0103:9128:8
netmask 64
gateway fe80::def
dns-nameservers 49.20.0.164 49.20.0.196
and then do IPv4 specific binding in apache to avoid listening on IPv6 by web directive.
TY/SA
ASKER
also the main issue I am having is even though I changed out the certs, its still showing the old self signed certificate versus the new cert I purchased.
ASKER
ok commented that out; how do i do the IPv4 specific binding in apache?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
okay, made this change; it gave me a few errors and the old certificate is still the one the web server is using.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i did put the path in default-ssl file, is this the only location? I will move the old cert now and see
check conf.d/ssl.conf also..
ASKER
i moved the files out of the directory and seems now apache wont start; i moved them back and apache works.....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
okay, its working now with the new cert! Thank you
reload/restart apache and it should go away