1

My server runs Apache HTTPD 2.2.16 with OpenSSL 0.9.8e on Debian Squeeze runs Roundcube 0.95 on a vhost with an SSL cert. It works fine. The cert will expire on the 21st January. Debian Squeeze has not had updates for years.

I created, like usual a new cert from the same provider ( startSSL) and put replaced the old certs with the new .key and .crt (pem) like I have done every other year. The passphrase on the private .key has been removed.

When I restarted Apache, the SSL serving pages served blank pages. I did not see errors in the error.log. I could see the access.log showing my browser hitting the site with a 200 response. But Roundcube was not there. Replacing the .key and .crt with the old versions restored everything.

How else could I debug this?

jww
  • 97,681
  • 90
  • 411
  • 885
Soph
  • 11
  • 1
  • What do you get with the new ssl cert on a ssl checker like https://www.sslshopper.com/ssl-checker.html or https://www.ssllabs.com/ssltest/ ? – Julien B. Jan 16 '17 at 18:19
  • gives an ok certificate with the new details e.g 
    Valid from Sun, 15 Jan 2017 20:28:01 UTC
Valid until Wed, 15 Jan 2020 20:28:01 UTC (expires in 2 years and 11 months)
     – Soph Jan 16 '17 at 18:53
  • and the web server no longer servers any content.... – Soph Jan 16 '17 at 18:57
  • Chrome gave the error: NET::ERR_CERT_REVOKED but the cert is valid. – Soph Jan 16 '17 at 19:21
  • I have emailed StartSSL why my new certificate has been revoked. However their web site states this is not revoked. – Soph Jan 16 '17 at 19:23
  • _Maybe_ https://www.startssl.com/NewsDetails?date=20161103 but AFAICT Chrome 56 and Firefox 51 aren't released yet -- and anyway those should result in no request at all, not a 200/blank response. Do you allow plain HTTP access to your server/app and if so does that work? Can you make an HTTPS request with `curl` or `wget` or similar and see if the response is really empty or just something that doesn't display properly? – dave_thompson_085 Jan 16 '17 at 21:19
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. Also see [Where do I post questions about Dev Ops?](http://meta.stackexchange.com/q/134306) – jww Jan 16 '17 at 23:48
  • Problem solved : Apple no longer recognised StartSSL root certificates. https://bugzilla.mozilla.org/show_bug.cgi?id=1311832 https://startssl.com/NewsDetails?date=20160919 – Soph Jan 17 '17 at 17:39

0 Answers0