Here is an interesting issue I ran into today while setting up a new VM. I had copied the Apache conf file and SSL/TLS certificate files onto my new server as root using wget. All of the file's ownerships and permissions looked right and I thought I was ready to go. Then I ran into these two misleading errors:
Could not open configuration file /etc/httpd/conf.d/ssl.conf: Permission denied
and
SSLCertificateFile: file '/etc/pki/tls/certs/mydomain.com.crt' does not exist or is empty
Contrary to what Apache reported, the ssl.conf file did have the correct permissions and the crt file did exist and had contents. So what gives? Our trusty SELinux friend is at it again, it seems. Because I had copied these files in from somewhere else, SELinux was detecting something off. It is an easy fix, though. Just run this command, specifing each of the files above:
restorecon -v /etc/httpd/conf.d/ssl.conf
and
restorecon -Rv /etc/pki/tls/certs/
That -R is for "recursive" and it means I want it to do the whole directory.
After fixing up the SELinux permissions for these files I brought in, everything started up just fine!
No comments:
Post a Comment