"Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]" error

Question

After recently upgrading Apache2 to version 2.2.31 I found a strange behaviour in SSL VirtualHost setup.

A few of the website I'm hosting were showing the certificate for the default host even if the client was Server Name Identification aware, and this happened only with a few of them. This shows as the common Firefox's/Chrome's passport-warning about you being possibly scammed if you're browsing your home banking, but that simply was not the case.

To be clear, if server host.hostingdomain.org has its own SSL, attempting to access https://www.hostedsite.org reports certificate for host.hostingdomain.org, but a few https://www.hostedsite.me reported the correct certificate.

All sites are hosted on the same IP address, on port 443. The truth is that VirtualHosting works on the HTTP side and redirects SNI-aware clients to SSL automatically, so it's backward compatible with SNI-unaware clients.

Examining error logs for the offending VirtualHosts shown the following text

[Tue Dec 25 16:02:45 2012] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] (/path/to/www.site.org.conf:20)

and in fact the vhost was correctly configured with SSLCertificateFile.

The question is obvious: how to fix that?

score 38 · Accepted Answer · edited Jun 11 '20 at 10:02

38

It happens that it could be a bug in the most recent version of Apache.

Solution 1: downgrade to the latest stable

Solution 2: edit `listen.conf`

Replace Listen *:443 (or Listen 443 according to your setup) with Listen *:443 http

Credit

edited Jun 11 '20 at 10:02

Community

1

answered Dec 26 '12 at 00:43

usr-local-ΕΨΗΕΛΩΝ

2,339
7
33
50

1

Thank you for pointing this out! You saved me a lot of wondering around... I wonder why apache is making life harder!? – tftd Mar 18 '13 at 22:20
2

Solution 2: should that be httpd.conf not listen.conf – zzapper Mar 17 '16 at 15:00
1

Note, this happened to me this morning... ended up I needed to add that "http" to the listen lin in /etc/httpd/conf.d/ssl.conf - oh, I did not have to downgrade... – Scott Jan 04 '18 at 13:49
Solutions are alternate, you don't need to downgrade if adding listen.conf – usr-local-ΕΨΗΕΛΩΝ Jan 04 '18 at 14:29

score 10 · Answer 2 · answered Jun 28 '15 at 04:29

10

I had the same exact problem, and what worked for me was unbelievably simple

edit /etc/apache2/ports.conf (for ubuntu, or httpd.conf )

change "Listen 443" to "Listen 443 http" under ssl_module

answered Jun 28 '15 at 04:29

Justice O.

215
2
3

This is already in the accepted answer. – Sven Jun 28 '15 at 08:13
2

The accepted answer seems outdated. This answer was more useful and accurate. +1 – pmagunia Mar 26 '16 at 01:42
This answer is applicable for apache on my apache2.4 lamp stack, ubuntu. Other answer is "listen.conf" - should be ports.conf – Nick Jun 26 '16 at 02:40

score 2 · Answer 3 · answered Jan 11 '15 at 19:49

2

Another solution for this is to ensure that all of your :443 vhosts include the TLS configuration.

This problem was recently introduced in Debian wheezy and I got the solution from http://blog.noizeramp.com/2010/10/03/apache-2-and-ssl-configuration/.

answered Jan 11 '15 at 19:49

François Marier

381
2
3
12

This was my problem. I duplicated a vhost in my `httpd.conf` but failed to include the lines specifying the TLS configuration. Adding the various TLS settings back in (SSLEngine, SSLCipherSuite, SSLCertificateFile, and SSLCertificateKeyFile) fixed the problem. – rinogo Oct 12 '18 at 21:05

"Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]" error

3 Answers3

Solution 1: downgrade to the latest stable

Solution 2: edit `listen.conf`

Linked

"Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]" error

3 Answers3

Solution 1: downgrade to the latest stable

Solution 2: edit listen.conf

Linked

Solution 2: edit `listen.conf`