Bug#773405: systemd: Systemd cannot restart apache2.service because of SSL certificate with password
Michael Biebl
biebl at debian.org
Thu Dec 18 12:09:45 GMT 2014
Am 18.12.2014 um 03:25 schrieb Dupont Francois:
> Package: systemd
> Version: 215-7
> Severity: important
>
> Dear Maintainer,
>
>
> I've created a new SSL certificate with a password for a website.
> After properly configuring my apache configuration file, I tried to restart apache2.service (after a valid apachectl -t).
> I Could'nt do it, apache refuses to restart.
> systemd seems to not give the oportunity to enter the certificate's password (needed for a proper apache2 restart/reload in this case).
>
I would suggest simply using a passwordless certificate.
If you insist on using a passphrase, you should try apache's
SSLPassPhraseDialog configuration directive.
This way you can eider feed the passphrase to apache statically via a
simple shell script which echo's the password string, or you use
systemd's password agent interface [2] to query for the password via the
systemd-ask-password command line tool.
Imho this is simply a configuration issue and not a bug in systemd, so
I'm inclined to close the bug report or maybe re-assign to the apache
package, so it can be added to its README.Debian (or a similar file)
[1] http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslpassphrasedialog
[2] http://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20141218/15920497/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list