SSL password on apache2 restart

I setup wildcard SSL certificate from Godaddy on Apache2. Whenever the server restarts it asks for the passphrase for the SSL certificate's private key.

What's the best way to remove this obstacle to restarts, because when logfile rotation restart occurs in the middle of the night, the server doesn't come back up, and I get an unhappy client call in the morning, as it is a shared server.


Solution 1:

To make apache receive the passphrase everytime it restarts, add this to the httpd.conf:

SSLPassPhraseDialog exec:/path/to/passphrase-file

in your passphrase-file:

#!/bin/sh
echo "passphrase"

and make the passphrase-file executable:

chmod +x passphrase-file

Solution 2:

You need to remove encryption from your private key file like this:

openssl rsa -in server.key -out server.key.new

mv server.key.new server.key

Make sure the new key file is only readable by root - otherwise anyone with shell access to this server will be able to grab the private key and impersonate your server.

To make the key readable only by root, do 'chmod 600 server.key.new' before swapping keys.