# cat /var/log/apache2/error.log [Tue Jan 08 09:10:19.337478 2019] [ssl:emerg] [pid 17268:tid 140175730857856] AH01903: Failed to configure CA certificate chain! [Tue Jan 08 09:10:19.337549 2019] [ssl:emerg] [pid 17268:tid 140175730857856] AH02312: Fatal error initialising mod_ssl, exiting. AH00016: Configuration Failed
# cat /etc/apache2/ssl/keystone/cert_10.219.3.172 [ snip ] w5m5YwDz0BoWXHt3saHMllfd1rDNpu+UvZVrqAEKBVXha+iV4XBZP+1GxjitpclG ny7J+kEk -----END CERTIFICATE----------BEGIN CERTIFICATE----- MIIDADCCAeigAwIBAgIUL1jUPL/4OJ9hGr/9KfSvCXErLncwDQYJKoZIhvcNAQEL [ snip ]
Looking at the above it appears a separator between the host certificate and the chain certificate is missing.
I confirmed this to be the case by manually editing the file and adding a newline between the end/begin certificate markers.
This occurs with Keystone charm from latest stable and latest master.
# cat /var/log/ apache2/ error.log
[Tue Jan 08 09:10:19.337478 2019] [ssl:emerg] [pid 17268:tid 140175730857856] AH01903: Failed to configure CA certificate chain!
[Tue Jan 08 09:10:19.337549 2019] [ssl:emerg] [pid 17268:tid 140175730857856] AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed
# cat /etc/apache2/ ssl/keystone/ cert_10. 219.3.172 3saHMllfd1rDNpu +UvZVrqAEKBVXha +iV4XBZP+ 1GxjitpclG ------- --BEGIN CERTIFICATE----- BAgIUL1jUPL/ 4OJ9hGr/ 9KfSvCXErLncwDQ YJKoZIhvcNAQEL
[ snip ]
w5m5YwDz0BoWXHt
ny7J+kEk
-----END CERTIFICATE-
MIIDADCCAeigAwI
[ snip ]
Looking at the above it appears a separator between the host certificate and the chain certificate is missing.
I confirmed this to be the case by manually editing the file and adding a newline between the end/begin certificate markers.
This occurs with Keystone charm from latest stable and latest master.