After upgrading from Sarge to Etch your Apache2 service may stop responding to (listening for) SSL requests on port 443. If so, check if your SSL virtual hosts are wrapped with an SSL define check. Eg:

Searching around, the most common "fix" is to remove the IfDefine SSL block. This is even noted as the solution the user found for #395936. Another solution is suggested, to test for modules-enabled/ssl.load in the startup code. In #301155 the same problem is reported and removing the IfDefine block is suggested. Claus poses the same question that I have "So, how am I supposed to enable SSL (i.e. where to add the -DSSL) in the correct way?"

The If blocks let us write our configuration in such a way that the server starts and runs with limited functionality when a given condition is or is not met. The trouble with IfDefine blocks, is making sure the right -D option was given to the various entry points of starting or restarting the Apache service. It's flexibility is also a source of confusion for end users.

The apache2.2-common package includes mod_ssl, so why should it ever be missing? If you didn't want an SSL site, then you shouldn't have configured it. That line of reasoning falls in line with the fix of just removing the blocks. Another advantage of removing the If blocks is that the failure is less silent. The server will fail to start with some message about not understanding a SSL directive rather than starting but not listening on that port.

The right fix should take into account the possible future of the Debian Apache2 packages. What if mod_ssl isn't included or installed by default? Your apache2 service may not start up if the block isn't wrapped in <IfModule mod_ssl.c>. Even if mod_ssl is compiled in, the test still works if an AddModule directive has been called.

So, if your SSL isn't working on apache2 after upgrading from Sarge to Etch, remove the IfDefine SSL blocks, or change them to IfModule mod_ssl.c blocks.


CategoryProposedDeletion CategoryNetwork CategorySoftware CategoryDebugging