Apache2 error message

After installing an SSL certificate from a cert authority, apache2 now restarts although I get this message:

Could not reliably determine the servers fully qualified domain name, using 2001:4325:4332:432:4321:432d:dd43:3fss for ServerName

I am using a domain name, but not sure if i need to put this somewhere or how I can resolve this message.
Jack_son_Asked:
Who is Participating?
 
SandyCommented:
That means Apache still looking for old certs hence you need to search their entry in conf file and modify to use the new cert.

TY/SA
0
 
Seth SimmonsSr. Systems AdministratorCommented:
you need to define the host name in /etc/hosts
reload/restart apache and it should go away
0
 
Jack_son_Author Commented:
okay, that fixed this issue; but seems like it also is still only seeing the old certificate and not the new one.  I have updated the path to the new cert in default-ssl file but didnt seem to fix the issue.
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
junipllcCommented:
Put the directive:

ServerName hostname.example.com

into your apache2.conf or httpd.conf. Ubuntu uses apache2.conf and CentOS uses httpd.conf.

Of course, hostname.example.com should be your actual FQDN.

I believe this will remove the error, but I can't be sure since I don't know any more details about your particular setup. Try it first and if it doesn't work, post back.

Best,

Michael
0
 
junipllcCommented:
We posted at the same time. What error are you getting now?
0
 
Jack_son_Author Commented:
actually, I rebooted and restarted apache2 and am still receiving the error, here is what I see now:

apache2apache2:  Could not reliably determine the server's fully qualified domain name using xxx.xxx.xxx.xx for ServerName waiting apache2:  
Could not reliably determine the servers fully qualified domain name, using xxx.xxx.xxx.xx for ServerName
0
 
junipllcCommented:
Is this actually causing a functional error, as in the cert is still not working, or is it just an annoyance error? Certs are tied to FQDNs, which are tied to IP addresses, so if you have the ServerName in the config correct, it should (in theory) actually work.

Now, that said, theory never works for me.

It's weird to me that the "guessed" ServerName is now an IPv4 address, but was IPv6 before. Can you post the relevant parts of your configuration (obfuscating what you need to like you did above)?

Mike
0
 
c_kedarCommented:
Check what output you get from 'hostname --fqdn".
If it is not same as FQDN you want, then we need to fix this.

I am not able to recollect completely but I think /etc/hosts file needs to have an entry with hostname (i.e. out of command 'hostname')  and fqdn on same line.
0
 
SandyCommented:
if you are not using IPv6 then disable it under /etc/sysconfig/network and also opt out apache <directive> from using the IPv6.

TY/SA
0
 
Jack_son_Author Commented:
How do I disable ipv6, by just commenting it out?

Here is what i have:

x.x.x.x  FPT-SERVER01  myserver.fpt.com
x.x.x.x  FPT-SERVER01  myserver.fpt.com

One is internal ip and other is external ip.....let me know if this is right.
0
 
SandyCommented:
paste below file output

/etc/sysconfig/network
0
 
Jack_son_Author Commented:
Here is the output, but network is a directory in this version, this is interfaces:

# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or
# /usr/share/doc/ifupdown/examples for more information.
# The loopback network interface
auto lo
iface lo inet loopback

# Label public
auto eth0
iface eth0 inet static
    address 141.240.231.70
    netmask 255.255.255.0
    gateway 142.240.231.1
iface eth0 inet6 static
    address 2001:4802:7801:0103:9128:887c:ff20:2cdb
    netmask 64
    gateway fe80::def
    dns-nameservers 49.20.0.164 49.20.0.196

# Label private
auto eth1
iface eth1 inet static
    address 10.176.168.90
    netmask 255.255.224.0
    dns-nameservers 49.20.0.164 49.20.0.196
    post-up route add -net 10.10.0.0 netmask 255.240.0.0 gw 10.10.160.1 || tr$
    pre-down route del -net 10.10.0.0 netmask 255.240.0.0 gw 10.10.160.1 || t$
    post-up route add -net 10.20.0.0 netmask 255.240.0.0 gw 10.10.160.1 || tr$
    pre-down route del -net 10.20.0.0 netmask 255.240.0.0 gw 10.10.160.1 || t$
0
 
SandyCommented:
First comment this section out.

iface eth0 inet6 static
    address 2001:4802:7801:0103:9128:887c:ff20:2cdb
    netmask 64
    gateway fe80::def
    dns-nameservers 49.20.0.164 49.20.0.196

and then do IPv4 specific binding in apache to avoid listening on IPv6 by web directive.

TY/SA
0
 
Jack_son_Author Commented:
also the main issue I am having is even though I changed out the certs, its still showing the old self signed certificate versus the new cert I purchased.
0
 
Jack_son_Author Commented:
ok commented that out; how do i do the IPv4 specific binding in apache?
0
 
SandyCommented:
instead of <VirtualHost *:80>  use <VirtualHost IP:80>
0
 
Jack_son_Author Commented:
okay, made this change; it gave me a few errors and the old certificate is still the one the web server is using.
0
 
SandyCommented:
Did you specify the new cert location in web directive ? Move old certificate from the directory including keys.

TY/SA
0
 
Jack_son_Author Commented:
i did put the path in default-ssl file, is this the only location?  I will move the old cert now and see
0
 
SandyCommented:
check conf.d/ssl.conf also..
0
 
Jack_son_Author Commented:
i moved the files out of the directory and seems now apache wont start;  i moved them back and apache works.....
0
 
Jack_son_Author Commented:
okay, its working now with the new cert!  Thank you
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.