bashapacheubuntusslpassphrase

Add Pass phrase to environment variables (bashrc) in order to be used when restarting Apache server

Currently I'm using "SSLPassPhraseDialog exec:/path/to/pass-phrase.sh" on the /etc/apache2/mods-enabled/ssl.conf file

#!/bin/bash
echo "mypassphrase"

Everything works fine when I restart or start my apache server.

I tried to add my passphrase to my .bashrc like so export SSL_PASSPHRASE=mypassphrase

and sourced the .bashrc file source ~/.bashrc

After that I changed the pass-phrase.sh to

#!/bin/bash
echo $SSL_PASSPHRASE

executing ./path/to/pass-phrase.sh result to mypassphrase

but when I try to restart my Apache server, an error occur related to the passphrase

> [Mon Dec 16 22:56:59.611824 2019] [ssl:emerg] [pid 19314] AH02580:
> Init: Pass phrase incorrect for key mysub.myinstance.com:443:0 [Mon Dec
> 16 22:56:59.611883 2019] [ssl:emerg] [pid 19314] SSL Library Error:
> error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag [Mon
> Dec 16 22:56:59.611892 2019] [ssl:emerg] [pid 19314] SSL Library
> Error: error:0D08303A:asn1 encoding
> routines:asn1_template_noexp_d2i:nested asn1 error [Mon Dec 16
> 22:56:59.611898 2019] [ssl:emerg] [pid 19314] SSL Library Error:
> error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag [Mon
> Dec 16 22:56:59.611905 2019] [ssl:emerg] [pid 19314] SSL Library
> Error: error:0D07803A:asn1 encoding
> routines:asn1_item_embed_d2i:nested asn1 error (Type=RSAPrivateKey)
> [Mon Dec 16 22:56:59.611912 2019] [ssl:emerg] [pid 19314] SSL Library
> Error: error:04093004:rsa routines:old_rsa_priv_decode:RSA lib [Mon
> Dec 16 22:56:59.611937 2019] [ssl:emerg] [pid 19314] SSL Library
> Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
> [Mon Dec 16 22:56:59.611947 2019] [ssl:emerg] [pid 19314] SSL Library
> Error: error:0D07803A:asn1 encoding
> routines:asn1_item_embed_d2i:nested asn1 error
> (Type=PKCS8_PRIV_KEY_INFO) [Mon Dec 16 22:56:59.613065 2019]
> [ssl:emerg] [pid 19314] AH02564: Failed to configure encrypted (?)
> private key mysub.myinstance.com:443:0, check
> /etc/apache2/ssl/mykey.key
Solution

  • .bashrc configures your environment.

    Apache is sometimes configured with a sudo to bind ports lower than 1024. And you probably have User and Group directives that define which user Apache will switch to once started.

    All this to say that your Apache runs in a different environment than your user. It does not have access to the variables.

    The "right" place to put such variables is in $APACHE_ROOT/bin/envvars.