Bug#773405: systemd: Systemd cannot restart apache2.service because of SSL certificate with password

Michael Biebl biebl at debian.org
Thu Dec 18 12:09:45 GMT 2014


Am 18.12.2014 um 03:25 schrieb Dupont Francois:
> Package: systemd
> Version: 215-7
> Severity: important
> 
> Dear Maintainer,
> 
> 
>     I've created a new SSL certificate with a password for a website. 
>     After properly configuring my apache configuration file, I tried to restart apache2.service (after a valid apachectl -t).
>     I Could'nt do it, apache refuses to restart.
>     systemd seems to not give the oportunity to enter the certificate's password  (needed for a proper apache2 restart/reload in this case).
>     


I would suggest simply using a passwordless certificate.
If you insist on using a passphrase, you should try apache's
SSLPassPhraseDialog configuration directive.
This way you can eider feed the passphrase to apache statically via a
simple shell script which echo's the password string, or you use
systemd's password agent interface [2] to query for the password via the
systemd-ask-password command line tool.

Imho this is simply a configuration issue and not a bug in systemd, so
I'm inclined to close the bug report or maybe re-assign to the apache
package, so it can be added to its README.Debian (or a similar file)


[1] http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslpassphrasedialog
[2] http://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20141218/15920497/attachment-0002.sig>


More information about the Pkg-systemd-maintainers mailing list