SSL certificate – Apache2 does not start: (98) Address already in use: AH00072: make_sock: could not link to address 0.0.0.0:80

I've been trying to use Apache2 to put an SSL certificate on my Ubuntu Server 18.04.4 LTS for Nextcloud, and I can't even get to start Apache. I keep getting this error:

Error image

I looked for solutions for this and found around a hundred of them, each of them does not work, or I just don't know how to solve it properly.

Help would be greatly appreciated, I have been stinking this for a few days. 🙁

Any source of SSL certificate?

Does anyone know of any company that sells SSL certificates at good prices?

Maybe it's good even without a bulk order, but also the possibility of bulk discounts?

Thank you!

ssl certificate: redirects SLD to the subdomain in the registrar using SSL and dynamic dns

I want to redirect / forward https://example.com second level domain for https://www.example.com subdomain without having an SSL certificate on the registrar itself (but on the server itself).

My problem is that I don't have a static IP address, so I can't use an A / AAAA record, just a DynDNS address. I also tried Alias ​​/ A-Name, but they only redirect SLD to SLD.
Simple forwarding does not consider SSL, just simple http.
I would also be satisfied, to redirect it through my own server, but SLD cannot be forwarded to my server anyway, since it has to connect through the dynamic dns service (which only has a subdomain).

(Have namecheap as registrar and DynDns)

How can we verify the CA certificate enabled for MySQL version 5.6?

We used –ssl-cert = path –ssl-mode = VERIFY_CA during the login but we could not log in as it throws an ssl error

"ERROR 2026 (HY000): SSL connection error: CA certificate is required if ssl-mode is VERIFY_CA or VERIFY_IDENTITY"

Looking for a Chrome web extension to alert when a TLS certificate expires soon

It would be great to have a Chrome extension (or firefox, or Edgium, or safari) that throws some kind of error that begins a couple of weeks before the expiration of the TLS Certificate of a site.

Is there such a beast?

Is there another good and reasonable way to do this?

Increased risk of not setting the certificate in mobile applications compared to web applications?

TL, DR: The protection of the certification certificate is the same: almost none.

The risk is essentially the same, and Certificate Pining is not something that dissuades any particular attacker. As soon as part of the code does not run within its own environment, it has no control. Just look at all the highly successful games and their protections, and the large number of cheat tools that circumvent all protections: anti-debugging, certificate certification, checksum and everything else.

In the case of web applications, the pining makes no sense because the attacker will have all the source code available all the time, and each browser is delivered with a complete debugging environment. In this scenario, the certificate pining will be defeated with a well located breakpoint and a variable change.

In a mobile application, the road is a bit longer. The attacker will usually need a rooted or jailbroken phone, and will change the application to use another certificate or to skip the check. Either way, it's nothing that a dedicated attacker has a hard time doing.

AutoSSL Certificate

I receive an email stating that your AutoSSL certificate will expire. What will be the effects on my websites if I do not take any action in this email? Please recommend.

tls – Do CAs issue an intermediate Certificate for each new certificate request?

The certificate that the CA problem is simply a confirmation that the public key that you sent to CA in the Cerfiticate Request really belongs to you (otherwise, everyone could claim to be the owner of the google.com or amazon domain .com). Since the certificate contains your public key, cannot be prepared in advance. In addition, the response time depends on the type of certificate you requested. Simple certificates that confirm that the applicant (you) really owns the domain takes little time to generate. Usually, CA sends you a link to some email in your domain, such as admin@yourdomain.org. Click on the link and confirm that you are the owner. Then, CA generates a certificate and sends it to you.

But other types of certificates include much more verification, e.g. CA needs to verify that your company really exists and that it is properly registered, that your company resides at the home address, etc. Such verification can take much longer, days or weeks. It requires a lot of effort, so the price is correspondingly higher. But also the certificate confirms much more than other certificates.

In addition to domain certificates, there are other types of certificates, such as S / MIME: to sign your emails, so that the recipient can trust that the email is really theirs; You can also be a user for email encryption. Verification and generation of such certificates takes even less time than for domain certificates. There are certificates for code signing, etc.

You can find more details on the AC websites (I prefer not to promote any of them here).

Synergy: does the SSL certificate not exist?

I have installed Synergy v1.8.8 on my Ubuntu. It works well as a server until the next reboot. Once I restart the machine, it shows the following errors:

(2020-02-14T11:58:08) ERROR: ssl certificate doesn't exist: /.synergy/SSL/Synergy.pem
    /build/synergy-iliE6X/synergy-1.8.8-stable+dfsg.1/src/lib/net/SecureSocket.cpp,617

The only solution I found so far is to reinstall Synergy. Then it works fine (until the next reboot).

How can I fix it perfectly?

https – Apache Server – Incorrect X.509 certificate only on some virtual hosts

I have two virtual hosts that use the same certificate … but apache returns the local host certificate for only one of them.

openssl s_client -connect 127.0.0.1:443 -servername domainA.com -tls1_1 shows that Apache httpd is returning the localhost.crt X.509 certificate. Nevertheless, openssl s_client -connect 127.0.0.1:443 -servername fake.com -tls1_1 show the correct domainA.crt X.509 certificate.

As far as I can tell, the configuration settings should be effectively the same for each domain.

Listen 443 https
(... other preincluded defaults (probably) ...)

(...)
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
(... other preincluded defaults (probably) ...)

(...)
ServerRoot "/etc/httpd"
Listen 80
ServerName domainA.com:80
DocumentRoot "/var/www/html"
(... other preincluded defaults (probably) ...)

  VirtualDocumentRoot /var/www/html
  ServerName domainA.com:443
  ServerAlias domainA.com

  SSLEngine on
  SSLCertificateFile /etc/httpd/conf/domainA.crt
  SSLCertificateKeyFile /etc/httpd/conf/domainA.key
  SSLCACertificateFile /etc/httpd/conf/domainA.crt



  VirtualDocumentRoot /var/www/html
  ServerName fake.com:443
  ServerAlias fake.com

  SSLEngine on
  SSLCertificateFile /etc/httpd/conf/domainA.crt
  SSLCertificateKeyFile /etc/httpd/conf/domainA.key
  SSLCACertificateFile /etc/httpd/conf/domainA.crt

127.0.0.1 domainA.com fake.com localhost
(...)

the order does not matter in /etc/hosts.

How do I get Apache to use it? domainA.{crt,key} for domainA.com?

$ httpd -version
Server version: Apache/2.4.6 (CentOS)
Server built:   Aug  8 2019 11:41:18