After upgrading my sites to SSL/TLS I had an annoying issue where after a reboot, I would have to kill the Apache process and start it again manually because it would fail first time because it did not have the passphrase for the .key file for the site. Turns out not to be so hard to sort out.


The fix involves creating a file and some modification to the Apache configuration as follows:

Firstly you’ll need a file with the correct permissions as bear in mind it will have your passphrase in plain text:

sudo vim /usr/share/apache2/pass-passphrase
echo "Passphrase"

Now you’ll want to make it executable and assign the correct permissions:

sudo chmod +x /usr/share/apache2/pass-phrase
sudo chown www-data:root /usr/share/apache2/pass-phrase
sudo chmod 700 /usr/share/apache2/pass-phrase

You should see it like so:

-rwx—— 1 www-data root 33 Feb 22 12:13 pass-passphrase

Next you need to modify the /etc/apache2/sites-available/ssl.conf file:

sudo vim /etc/apache2/sites-available/ssl.conf

What you need to change is the SSLPassPhraseDialog to the file you have just made so the configuration reads:

# Pass Phrase Dialog:
 # Configure the pass phrase gathering process.
 # The filtering dialog program (`builtin' is a internal
 # terminal dialog) has to provide the pass phrase on stdout.
 SSLPassPhraseDialog exec:/usr/share/apache2/pass-passphrase

That’s all you need to ensure the Apache server can start just fine on its own. There is another method to remove the passphrase using openssl but I think this is a better method.

Stop Apache Asking for SSL Passphrase after Restart
Tagged on:             

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.