[users@httpd] certbot no longer working?

2025-02-18 Thread joe a 
Got an email this morning from LEt's Encrypt (perhaps their last?) that 
certs were to expire soon.


Checking logs, etc. seems like certbot was working fine for quite a 
while, with the last renew bring in December.  Expires in March.


No problems reported by apachectl configtest  or  apach2ectl configtest,

But /var/log/letsencyrpt.log shows, in part

. . .
2025-02-18 14:33:05,837:ERROR:certbot.util:Error while running apachectl 
configtest.


crypto/fips/fips.c:161: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
/usr/sbin/apachectl: line 83: 23935 Aborted (core 
dumped) $HTTPD -t


2025-02-18 
14:33:05,837:DEBUG:certbot._internal.plugins.disco:Misconfigured 
PluginEntryPoint#apache: Error while running apachectl configtest.


crypto/fips/fips.c:161: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
/usr/sbin/apachectl: line 83: 23935 Aborted (core 
dumped) $HTTPD -t

 . . .

I think these entries may be due to attempting to run certbot --apache 
from command line.  running certbot alone yells at me saying it could 
not configure the webserver.


Some place to start?  Obvious cause?

I configured this some time ago and, disuse and aging brain, leave me 
without a clue, currently.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Error logs per virtual host

2025-02-18 Thread Michael Osipov 
Folks,

I am running Apache/2.4.62 (FreeBSD) and trying to understand how ErrorLog on a 
per virtual host basis works. [1] says:
> When a request is received, the server first maps it to the best matching 
>  based on the local IP address and port combination only. 
> Non-wildcards have a higher precedence. If no match based on IP and port 
> occurs at all, the "main" server configuration is used.

I have two virtual hosts exactly on the same IP and port combination and even 
when a request arrives for vhost B, the error log of vhost A will contain the 
connection information, etc.

My question: There is no way to have that kind of information in the proper 
error log file and that is by design? It just appears that requests arrive in 
the "wrong" vhost although access logs tell otherwise.

Regards,

Michael

[1] https://httpd.apache.org/docs/2.4/en/mod/core.html#virtualhost

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org