Ubuntu
ssl-cert package

Bug #6772
Comment #2

Comment 2 for bug 6772

Revision history for this message

In Debian Bug tracker #229505, Michael Kebe (michael-kebe-uni-duisburg) wrote on 2004-01-25: Re: Bug#229505: apache-ssl: post-installation script fails

Fabio Massimo Di Nitto wrote:
> Hi,
> are you running testing? is this a fresh installation or an
> upgrade?

Yes, I am running testing. I think it was a fresh install, because I
purge the previous installation...

> Please provide me more information asap.

I found the problem by myself:

If you left one field in the dialog for the certificate empty you will get:

> Setting up apache-ssl (1.3.29.0.1-3) ...
> Generating a 1024 bit RSA private key
> ...................++++++
> .......++++++
> writing new private key to '/etc/apache-ssl/apache.pem'
> -----
> problems making Certificate Request
> 32587:error:0D07A098:asn1 encoding routines:ASN1_mbstring_copy:string too short:a_mbstr.c:147:minsize=1
> dpkg: error processing apache-ssl (--configure):
> subprocess post-installation script returned error exit status 1
> Errors were encountered while processing:
> apache-ssl
> E: Sub-process /usr/bin/dpkg returned an error code (1)

And if you then try again "apt-get install apache-ssl" you will get (the
message of my first report):

> Setting up apache-ssl (1.3.29.0.1-3) ...
> Starting web server: apache-sslProcessing config directory: /etc/apache-ssl/conf.d
> failed
> invoke-rc.d: initscript apache-ssl, action "start" failed.
> dpkg: error processing apache-ssl (--configure):
> subprocess post-installation script returned error exit status 1
> Errors were encountered while processing:
> apache-ssl
> E: Sub-process /usr/bin/dpkg returned an error code (1)

So if left a field empty in the dialog for the creation of a certificate
a corrupted "apache.pem" will be created:

> ---- /var/log/apache-ssl/error.log ----
> [Sun Jan 25 14:16:40 2004] [crit] Error reading server certificate file /etc/apache-ssl/apache.pem
> [Sun Jan 25 14:16:40 2004] [crit] error:0906D06C:PEM routines:PEM_read_bio:no start line
> -------------- 8< ---------------------

and then on the second "apt-get install apache-ssl" the postinstall
script just checks if there is a /etc/apache-ssl/apache.pem, and yes
there is one, but one that is *corrupted*. So it will try to start
apache-ssl, but it won't (see error.log)

So maybe its a good thing to say in the dialog to fill out *every* field
or to check if the apache.pem is correct and working.

Greetings
Michael

Fabio Massimo Di Nitto wrote:
> Hi,
> 	are you running testing? is this a fresh installation or an
> upgrade?

Yes, I am running testing. I think it was a fresh install, because I 
purge the previous installation...

> Please provide me more information asap.

I found the problem by myself:

If you left one field in the dialog for the certificate empty you will get:

> Setting up apache-ssl (1.3.29.0.1-3) ...
> Generating a 1024 bit RSA private key
> ...................++++++
> .......++++++
> writing new private key to '/etc/apache-ssl/apache.pem'
> -----
> problems making Certificate Request
> 32587:error:0D07A098:asn1 encoding routines:ASN1_mbstring_copy:string too short:a_mbstr.c:147:minsize=1
> dpkg: error processing apache-ssl (--configure):
>  subprocess post-installation script returned error exit status 1
> Errors were encountered while processing:
>  apache-ssl
> E: Sub-process /usr/bin/dpkg returned an error code (1)

And if you then try again "apt-get install apache-ssl" you will get (the 
message of my first report):

> Setting up apache-ssl (1.3.29.0.1-3) ...
> Starting web server: apache-sslProcessing config directory: /etc/apache-ssl/conf.d
>  failed
> invoke-rc.d: initscript apache-ssl, action "start" failed.
> dpkg: error processing apache-ssl (--configure):
>  subprocess post-installation script returned error exit status 1
> Errors were encountered while processing:
>  apache-ssl
> E: Sub-process /usr/bin/dpkg returned an error code (1)

So if left a field empty in the dialog for the creation of a certificate 
a corrupted "apache.pem" will be created:

and then on the second "apt-get install apache-ssl" the postinstall 
script just checks if there is a /etc/apache-ssl/apache.pem, and yes 
there is one, but one that is *corrupted*. So it will try to start 
apache-ssl, but it won't (see error.log)

So maybe its a good thing to say in the dialog to fill out *every* field 
or to check if the apache.pem is correct and working.

Greetings
Michael

Ubuntussl-cert package

Comment 2 for bug 6772

Ubuntu
ssl-cert package