After upgrading my sites to SSL/TLS I had an annoying issue where after a reboot, I would have to kill the Apache process and start it again manually because it would fail first time because it did not have the passphrase for the .key file for the site. Turns out not to be so hard to sort out.
The fix involves creating a file and some modification to the Apache configuration as follows:
Firstly you’ll need a file with the correct permissions as bear in mind it will have your passphrase in plain text:
sudo vim /usr/share/apache2/pass-passphrase
#!/bin/bash echo "Passphrase"
Now you’ll want to make it executable and assign the correct permissions:
sudo chmod +x /usr/share/apache2/pass-phrase
sudo chown www-data:root /usr/share/apache2/pass-phrase
sudo chmod 700 /usr/share/apache2/pass-phrase
You should see it like so:
-rwx—— 1 www-data root 33 Feb 22 12:13 pass-passphrase
Next you need to modify the /etc/apache2/sites-available/ssl.conf file:
sudo vim /etc/apache2/sites-available/ssl.conf
What you need to change is the SSLPassPhraseDialog to the file you have just made so the configuration reads:
# Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog exec:/usr/share/apache2/pass-passphrase
That’s all you need to ensure the Apache server can start just fine on its own. There is another method to remove the passphrase using openssl but I think this is a better method.