Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Apache2 error message

Posted on 2014-02-16
22
448 Views
Last Modified: 2014-02-17
After installing an SSL certificate from a cert authority, apache2 now restarts although I get this message:

Could not reliably determine the servers fully qualified domain name, using 2001:4325:4332:432:4321:432d:dd43:3fss for ServerName

I am using a domain name, but not sure if i need to put this somewhere or how I can resolve this message.
0
Comment
Question by:Jack_son_
  • 10
  • 7
  • 3
  • +2
22 Comments
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 39863695
you need to define the host name in /etc/hosts
reload/restart apache and it should go away
0
 

Author Comment

by:Jack_son_
ID: 39863802
okay, that fixed this issue; but seems like it also is still only seeing the old certificate and not the new one.  I have updated the path to the new cert in default-ssl file but didnt seem to fix the issue.
0
 
LVL 12

Assisted Solution

by:junipllc
junipllc earned 100 total points
ID: 39863807
Put the directive:

ServerName hostname.example.com

into your apache2.conf or httpd.conf. Ubuntu uses apache2.conf and CentOS uses httpd.conf.

Of course, hostname.example.com should be your actual FQDN.

I believe this will remove the error, but I can't be sure since I don't know any more details about your particular setup. Try it first and if it doesn't work, post back.

Best,

Michael
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 12

Expert Comment

by:junipllc
ID: 39863810
We posted at the same time. What error are you getting now?
0
 

Author Comment

by:Jack_son_
ID: 39863832
actually, I rebooted and restarted apache2 and am still receiving the error, here is what I see now:

apache2apache2:  Could not reliably determine the server's fully qualified domain name using xxx.xxx.xxx.xx for ServerName waiting apache2:  
Could not reliably determine the servers fully qualified domain name, using xxx.xxx.xxx.xx for ServerName
0
 
LVL 12

Expert Comment

by:junipllc
ID: 39863854
Is this actually causing a functional error, as in the cert is still not working, or is it just an annoyance error? Certs are tied to FQDNs, which are tied to IP addresses, so if you have the ServerName in the config correct, it should (in theory) actually work.

Now, that said, theory never works for me.

It's weird to me that the "guessed" ServerName is now an IPv4 address, but was IPv6 before. Can you post the relevant parts of your configuration (obfuscating what you need to like you did above)?

Mike
0
 
LVL 2

Expert Comment

by:c_kedar
ID: 39864194
Check what output you get from 'hostname --fqdn".
If it is not same as FQDN you want, then we need to fix this.

I am not able to recollect completely but I think /etc/hosts file needs to have an entry with hostname (i.e. out of command 'hostname')  and fqdn on same line.
0
 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 400 total points
ID: 39864411
if you are not using IPv6 then disable it under /etc/sysconfig/network and also opt out apache <directive> from using the IPv6.

TY/SA
0
 

Author Comment

by:Jack_son_
ID: 39864501
How do I disable ipv6, by just commenting it out?

Here is what i have:

x.x.x.x  FPT-SERVER01  myserver.fpt.com
x.x.x.x  FPT-SERVER01  myserver.fpt.com

One is internal ip and other is external ip.....let me know if this is right.
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39864543
paste below file output

/etc/sysconfig/network
0
 

Author Comment

by:Jack_son_
ID: 39864598
Here is the output, but network is a directory in this version, this is interfaces:

# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or
# /usr/share/doc/ifupdown/examples for more information.
# The loopback network interface
auto lo
iface lo inet loopback

# Label public
auto eth0
iface eth0 inet static
    address 141.240.231.70
    netmask 255.255.255.0
    gateway 142.240.231.1
iface eth0 inet6 static
    address 2001:4802:7801:0103:9128:887c:ff20:2cdb
    netmask 64
    gateway fe80::def
    dns-nameservers 49.20.0.164 49.20.0.196

# Label private
auto eth1
iface eth1 inet static
    address 10.176.168.90
    netmask 255.255.224.0
    dns-nameservers 49.20.0.164 49.20.0.196
    post-up route add -net 10.10.0.0 netmask 255.240.0.0 gw 10.10.160.1 || tr$
    pre-down route del -net 10.10.0.0 netmask 255.240.0.0 gw 10.10.160.1 || t$
    post-up route add -net 10.20.0.0 netmask 255.240.0.0 gw 10.10.160.1 || tr$
    pre-down route del -net 10.20.0.0 netmask 255.240.0.0 gw 10.10.160.1 || t$
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39864604
First comment this section out.

iface eth0 inet6 static
    address 2001:4802:7801:0103:9128:887c:ff20:2cdb
    netmask 64
    gateway fe80::def
    dns-nameservers 49.20.0.164 49.20.0.196

and then do IPv4 specific binding in apache to avoid listening on IPv6 by web directive.

TY/SA
0
 

Author Comment

by:Jack_son_
ID: 39864610
also the main issue I am having is even though I changed out the certs, its still showing the old self signed certificate versus the new cert I purchased.
0
 

Author Comment

by:Jack_son_
ID: 39864653
ok commented that out; how do i do the IPv4 specific binding in apache?
0
 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 400 total points
ID: 39864666
instead of <VirtualHost *:80>  use <VirtualHost IP:80>
0
 

Author Comment

by:Jack_son_
ID: 39864692
okay, made this change; it gave me a few errors and the old certificate is still the one the web server is using.
0
 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 400 total points
ID: 39864704
Did you specify the new cert location in web directive ? Move old certificate from the directory including keys.

TY/SA
0
 

Author Comment

by:Jack_son_
ID: 39864712
i did put the path in default-ssl file, is this the only location?  I will move the old cert now and see
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39864715
check conf.d/ssl.conf also..
0
 

Author Comment

by:Jack_son_
ID: 39864726
i moved the files out of the directory and seems now apache wont start;  i moved them back and apache works.....
0
 
LVL 13

Accepted Solution

by:
Sandy earned 400 total points
ID: 39864797
That means Apache still looking for old certs hence you need to search their entry in conf file and modify to use the new cert.

TY/SA
0
 

Author Comment

by:Jack_son_
ID: 39864851
okay, its working now with the new cert!  Thank you
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question