I've been googling for the past few hours, but no matter what I cannot seem to get Apache to start.
My server has been running perfectly fine previously, but today I tried to renew my SSL certificate via LetsEncrypt certbot.
Certbot ran into issues and could not issue a new cert, I then ran apt-update and upgrade to make sure all things were updated.
Certbot now throws this message
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Cleaning up challenges
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Encountered exception during recovery
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/certbot/error_handler.py", line 99, in _call_registered
self.funcs[-1]()
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 284, in _cleanup_challenges
self.auth.cleanup(achalls)
File "/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py", line 1908, in cleanup
self.restart()
File "/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py", line 1797, in restart
self._reload()
File "/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py", line 1808, in _reload
raise errors.MisconfigurationError(str(err))
MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Attempting to renew cert from /etc/letsencrypt/renewal/theophilus.info.conf produced an unexpected error: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
. Skipping.
I've tried doing a service apache2 reload but it throws an error too: apache2.service is not active, cannot reload. and I cannot seem to force it to start.
apachectl configtest returns OK.
and the apache error logs show this:
[Sat Jul 15 16:03:36.592975 2017] [ssl:warn] [pid 1725:tid 140604874876800] AH01906: 049c3654bd7b2cb0c25c64edf8684054.6925964ede44d9a18fbfb14b594d7962.acme.invalid:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Jul 15 16:03:36.593452 2017] [ssl:warn] [pid 1725:tid 140604874876800] AH01906: b2b22f2da6be44b9c877de0023471d83.b28583f983e83310d53608e52837a448.acme.invalid:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Jul 15 16:03:36.593710 2017] [ssl:emerg] [pid 1725:tid 140604874876800] AH02572: Failed to configure at least one certificate and key for theophilus.info:443
[Sat Jul 15 16:03:36.593731 2017] [ssl:emerg] [pid 1725:tid 140604874876800] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: DH PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Sat Jul 15 16:03:36.593741 2017] [ssl:emerg] [pid 1725:tid 140604874876800] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: EC PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Sat Jul 15 16:03:36.593769 2017] [ssl:emerg] [pid 1725:tid 140604874876800] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Sat Jul 15 16:03:36.593778 2017] [ssl:emerg] [pid 1725:tid 140604874876800] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Sat Jul 15 16:03:36.723479 2017] [ssl:emerg] [pid 1732:tid 140027013269376] AH02572: Failed to configure at least one certificate and key for theophilus.info:443
[Sat Jul 15 16:03:36.723551 2017] [ssl:emerg] [pid 1732:tid 140027013269376] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Sat Jul 15 16:03:36.723559 2017] [ssl:emerg] [pid 1732:tid 140027013269376] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
running Ubuntu 16.04
I had the same problem. This worked for me:
sudo certbot --authenticator webroot --webroot-path /var/www/sample --installer apache -d domain
Related
I am facing a kinda strange problem in my Apache error log. I know that this message is not critical, but what throws me of is that apache ist looking for the certificate at Port 80
Anybody got an idea?
ports.conf is at default, I tried disabling Port 80 here but it didn't change the problem.
[Thu Jul 11 18:45:20.311500 2019] [ssl:warn] [pid 457] AH01909: mydomain.com:80:0 server certificate does NOT include an ID which matches the server name
I am trying to add SSL certificates from Comodo Security Services on Apache/2.4.10 (Debian) OpenSSL/1.0.1k server.
For configuration:
SSLEngine on
SSLCertificateKeyFile /etc/ssl/24-06-2016/private.key
SSLCertificateFile /etc/ssl/24-06-2016/account_veedo_ru_2017_06_24.crt
SSLCertificateChainFile /etc/ssl/24-06-2016/intermediate.crt
I've got error after Apache2 restart:
[Thu Jun 30 07:39:20.895631 2016] [ssl:emerg] [pid 4614] AH02561: Failed to configure certificate account.veedo.ru:443:0, check /etc/ssl/24-06-2016/account_veedo_ru_2017_06_24.crt
[Thu Jun 30 07:39:20.895688 2016] [ssl:emerg] [pid 4614] SSL Library Error: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
AH00016: Configuration Failed
For configuration:
SSLCertificateKeyFile /etc/ssl/24-06-2016/private.key
SSLCertificateFile /etc/ssl/24-06-2016/account_veedo_ru_2017_06_24.crt
SSLCACertificateFile /etc/ssl/24-06-2016/intermediate.crt
The error is:
[Thu Jul 07 18:22:21.423776 2016] [ssl:emerg] [pid 14180] AH02562: Failed to configure certificate account.veedo.ru:443:0 (with chain), check /etc/ssl/24-06-2016/account_veedo_ru_2017_06_24.crt
[Thu Jul 07 18:22:21.423826 2016] [ssl:emerg] [pid 14180] SSL Library Error: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
AH00016: Configuration Failed
What is wrong? How can I check my certificates? Please help!
Seller wrote me that there was an extra line feed symbol in certificate. It is fixed now and works correctly.
there is a line at the end of crt file that should be removed , just before ---- end ...
really annoying
4.7 (Ubuntu) and I tried to setup a proxy with SSL on already existing instance that acts as proxy for other non-ssl apps. I enabled ssl by running a2enmod ssl and restarted. Instantly I received alerts that proxies for other apps stopped working. Immediately I ran a2dismod ssl command and restarted apache which failed. In apache2/error.log i found the following errors:
Mon Aug 17 23:04:31.670430 2015] [ssl:emerg] [pid 16151:tid 140301083379584] AH02241: Init: Unable to read server certificate from file /etc/apache2/ssl/touc.com.pem
[Mon Aug 17 23:04:31.670473 2015] [ssl:emerg] [pid 16151:tid 140301083379584] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Aug 17 23:04:31.670491 2015] [ssl:emerg] [pid 16151:tid 140301083379584] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=X509)
[Mon Aug 17 23:04:31.670501 2015] [ssl:emerg] [pid 16151:tid 140301083379584] AH02312: Fatal error initialising mod_ssl, exiting.
Since then I am not able to make other proxies available, but when I access their URLs directly they are working. Any clues what I am missing?
Found out what exactly went wrong. Apparently enabling ssl_mod disables proxy_http and when you disable ssl_mod you need to re-enable proxy_http. As soon as you restart your apache server everything works.
I have a problem installing the SSL certificates. The problem i think the server name doesn't match the certificate's server name.
Here the exact Apache problem:
[Wed Oct 02 18:33:23 2013] [warn] RSA server certificate CommonName (CN) `name1.name2.fr' does NOT match server name!?
[Wed Oct 02 18:33:23 2013] [error] Unable to configure RSA server private key
[Wed Oct 02 18:33:23 2013] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Wed Oct 02 18:34:00 2013] [warn] RSA server certificate CommonName (CN) `name1.name2.fr' does NOT match server name!?
[Wed Oct 02 18:34:00 2013] [error] Unable to configure RSA server private key
[Wed Oct 02 18:34:00 2013] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
We use RHEL 6. How can i see the server name and how to change it ?
Thanks in advance.
You have to set the Server's DNS name first:
so perform the command
$ sudo gksu gedit /etc/hostname to edit the hostname file
add the line www.example.com
$ sudo /etc/hosts and add the line:
127.0.0.1 www.example.com localhost
After that make sure to use that domain name in creating or signing the certificate
I had this warning in ssl_error_log:
[Wed Dec 11 14:02:41 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Dec 11 14:02:41 2013] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
It is because that mod_ssl in CentOS (5.10) came with a default virtualhost which will use the default cert in /etc/pki/tls/certs/localhost.crt....
I removed the virtualhost section in conf.d/ssl.conf and the warning disappeared after reloading apache.
I have an error after updating my packages. When trying to start my webserver, it throws the following error.
$ sudo service apache2 restart
* Restarting web server apache2 [fail]
* The apache2 configtest failed.
Output of config test was:
AH00526: Syntax error on line 84 of /etc/apache2/apache2.conf:
Invalid command 'LockFile', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
And the Apache error log is (from file /var/log/apache2/error.log):
[Sat Aug 17 01:30:03 2013] [notice] Apache/2.2.22 (Ubuntu) PHP/5.4.17RC1 configured -- resuming normal operations
[Sat Aug 17 01:41:38 2013] [notice] caught SIGTERM, shutting down
[Sat Aug 17 03:10:11.132425 2013] [mpm_prefork:notice] [pid 4182] AH00163: Apache/2.4.6 (Ubuntu) PHP/5.5.1-2+debphp.org~raring+2 configured -- resuming normal operations
[Sat Aug 17 03:10:11.143718 2013] [core:notice] [pid 4182] AH00094: Command line: '/usr/sbin/apache2'
[Sat Aug 17 03:13:56.527245 2013] [mpm_prefork:notice] [pid 4182] AH00169: caught SIGTERM, shutting down
What things do I have to do to recover or fix my server up?
Replace in apache2.conf:
LockFile /var/lock/apache2/accept.lock
with
Mutex file:${APACHE_LOCK_DIR} default
Actually, it is better to use a semaphore. Under Unix systems it is a lot faster and uses fewer resources.
And the option is just this:
Mutex sem