Apache is failing to start after enabling/disabling mod_ssl - ssl

4.7 (Ubuntu) and I tried to setup a proxy with SSL on already existing instance that acts as proxy for other non-ssl apps. I enabled ssl by running a2enmod ssl and restarted. Instantly I received alerts that proxies for other apps stopped working. Immediately I ran a2dismod ssl command and restarted apache which failed. In apache2/error.log i found the following errors:
Mon Aug 17 23:04:31.670430 2015] [ssl:emerg] [pid 16151:tid 140301083379584] AH02241: Init: Unable to read server certificate from file /etc/apache2/ssl/touc.com.pem
[Mon Aug 17 23:04:31.670473 2015] [ssl:emerg] [pid 16151:tid 140301083379584] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Aug 17 23:04:31.670491 2015] [ssl:emerg] [pid 16151:tid 140301083379584] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=X509)
[Mon Aug 17 23:04:31.670501 2015] [ssl:emerg] [pid 16151:tid 140301083379584] AH02312: Fatal error initialising mod_ssl, exiting.
Since then I am not able to make other proxies available, but when I access their URLs directly they are working. Any clues what I am missing?

Found out what exactly went wrong. Apparently enabling ssl_mod disables proxy_http and when you disable ssl_mod you need to re-enable proxy_http. As soon as you restart your apache server everything works.

Related

Getting Error in Apache error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

I have just downloaded SSL certificate from cheapsslsecurity, but apache is giving above errors.
[Sun Jul 17 15:30:01.256726 2022] [ssl:emerg] [pid 3640] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Sun Jul 17 15:30:01.256729 2022] [ssl:emerg] [pid 3640] AH02312: Fatal error initialising mod_ssl, exiting.
[Sun Jul 17 16:00:01.434769 2022] [suexec:notice] [pid 3698] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Jul 17 16:00:01.439767 2022] [ssl:emerg] [pid 3698] AH02238: Unable to configure RSA server private key
[Sun Jul 17 16:00:01.439859 2022] [ssl:emerg] [pid 3698] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Sun Jul 17 16:00:01.439862 2022] [ssl:emerg] [pid 3698] AH02312: Fatal error initialising mod_ssl, exiting.
Things I tried
Checked private key and certificate key and they are matching
In SSL certificate entered the path for crt file. Private key entered the private key file. In SSLCACertificateFile entered the bundle path provided by the site.
Removed spaces from private key
Encoding of private key file is UTF-8 and also tried changing .txt to .key
Checked validity of certificae and it is of next year

Apache2 failure to start

I've been googling for the past few hours, but no matter what I cannot seem to get Apache to start.
My server has been running perfectly fine previously, but today I tried to renew my SSL certificate via LetsEncrypt certbot.
Certbot ran into issues and could not issue a new cert, I then ran apt-update and upgrade to make sure all things were updated.
Certbot now throws this message
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Cleaning up challenges
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Encountered exception during recovery
Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/certbot/error_handler.py", line 99, in _call_registered
self.funcs[-1]()
File "/usr/lib/python2.7/dist-packages/certbot/auth_handler.py", line 284, in _cleanup_challenges
self.auth.cleanup(achalls)
File "/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py", line 1908, in cleanup
self.restart()
File "/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py", line 1797, in restart
self._reload()
File "/usr/lib/python2.7/dist-packages/certbot_apache/configurator.py", line 1808, in _reload
raise errors.MisconfigurationError(str(err))
MisconfigurationError: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Attempting to renew cert from /etc/letsencrypt/renewal/theophilus.info.conf produced an unexpected error: Error while running apache2ctl graceful.
httpd not running, trying to start
Action 'graceful' failed.
The Apache error log may have more information.
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
. Skipping.
I've tried doing a service apache2 reload but it throws an error too: apache2.service is not active, cannot reload. and I cannot seem to force it to start.
apachectl configtest returns OK.
and the apache error logs show this:
[Sat Jul 15 16:03:36.592975 2017] [ssl:warn] [pid 1725:tid 140604874876800] AH01906: 049c3654bd7b2cb0c25c64edf8684054.6925964ede44d9a18fbfb14b594d7962.acme.invalid:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Jul 15 16:03:36.593452 2017] [ssl:warn] [pid 1725:tid 140604874876800] AH01906: b2b22f2da6be44b9c877de0023471d83.b28583f983e83310d53608e52837a448.acme.invalid:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Jul 15 16:03:36.593710 2017] [ssl:emerg] [pid 1725:tid 140604874876800] AH02572: Failed to configure at least one certificate and key for theophilus.info:443
[Sat Jul 15 16:03:36.593731 2017] [ssl:emerg] [pid 1725:tid 140604874876800] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: DH PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Sat Jul 15 16:03:36.593741 2017] [ssl:emerg] [pid 1725:tid 140604874876800] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: EC PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Sat Jul 15 16:03:36.593769 2017] [ssl:emerg] [pid 1725:tid 140604874876800] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Sat Jul 15 16:03:36.593778 2017] [ssl:emerg] [pid 1725:tid 140604874876800] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Sat Jul 15 16:03:36.723479 2017] [ssl:emerg] [pid 1732:tid 140027013269376] AH02572: Failed to configure at least one certificate and key for theophilus.info:443
[Sat Jul 15 16:03:36.723551 2017] [ssl:emerg] [pid 1732:tid 140027013269376] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Sat Jul 15 16:03:36.723559 2017] [ssl:emerg] [pid 1732:tid 140027013269376] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
running Ubuntu 16.04
I had the same problem. This worked for me:
sudo certbot --authenticator webroot --webroot-path /var/www/sample --installer apache -d domain

Why is Apache2 failing?

I have issues with the server constantly. It seems to fail every few hours and I cannot tell why.
This morning I had 503 on all of my websites, I tried to restart Apache but
# service apache2 restart
[....] Restarting web server: apache2(98)Address already in use: make_sock: could not bind to address 127.0.0.1:8080
no listening sockets available, shutting down
Unable to open logs
Action 'start' failed.
The Apache error log may have more information.
failed!
I found out some of processes were still running. Killing them helped to restart Apache.
# grep -ri listen /etc/apache2
/etc/apache2/apache2.conf:# supposed to determine listening ports for incoming connections, and which
/etc/apache2/apache2.conf:# Include list of ports to listen on and which to use for name based vhosts
/etc/apache2/ports.conf:Listen 127.0.0.1:8080
/etc/apache2/ports.conf:#Listen 127.0.0.1:443
/etc/apache2/ports.conf:# Listen 443
/etc/apache2/ports.conf:# Listen 443
# killall -9 apache2
# service apache2 restart
[ ok ] Restarting web server: apache2.
I still have no idea how to prevent it from failing, here are some logs that I totally don't understand. Please help :)
From the time when it failed:
[Sun May 31 06:26:00 2015] [notice] FastCGI: process manager initialized (pid 9466)
[Sun May 31 06:26:00 2015] [error] python_init: Python version mismatch, expected '2.7.2+', found '2.7.3'.
[Sun May 31 06:26:00 2015] [error] python_init: Python executable found '/usr/bin/python'.
[Sun May 31 06:26:00 2015] [error] python_init: Python path being used '/usr/lib/python2.7/:/usr/lib/python2.7/plat-linux2:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'.
[Sun May 31 06:26:00 2015] [notice] mod_python: Creating 8 session mutexes based on 1000 max processes and 0 max threads.
[Sun May 31 06:26:00 2015] [notice] mod_python: using mutex_directory /tmp
[Sun May 31 06:26:01 2015] [notice] Apache/2.2.22 (Debian) mod_fastcgi/mod_fastcgi-SNAP-0910052141 Phusion_Passenger/5.0.8 PHP/5.5.25-1~dotdeb+7.1 mod_python/3.3.1 Python/2.7.3 mod_ssl/2.2.22 OpenSSL/1.0.1e mod_wsgi/3.3 configured -- resuming normal operations
[Sun May 31 06:26:01 2015] [warn] long lost child came home! (pid 17083)
[Sun May 31 06:26:01 2015] [warn] long lost child came home! (pid 17328)
[Sun May 31 06:26:01 2015] [warn] long lost child came home! (pid 17329)
[Sun May 31 06:26:01 2015] [warn] long lost child came home! (pid 17330)
And this is logged basically constantly:
[Sun May 31 13:36:03 2015] [warn] Couldn't set uid/gid/priority, closing connection.
[Sun May 31 13:36:03 2015] [warn] (itkmpm: pid=30911 uid=1001, gid=1001) itk_post_perdir_config(): setgid(1005): Operation not permitted
[Sun May 31 13:36:03 2015] [warn] Couldn't set uid/gid/priority, closing connection.
[Sun May 31 13:36:03 2015] [warn] (itkmpm: pid=30897 uid=1001, gid=1001) itk_post_perdir_config(): setgid(1005): Operation not permitted
[Sun May 31 13:36:03 2015] [warn] Couldn't set uid/gid/priority, closing connection.
[Sun May 31 13:36:04 2015] [warn] (itkmpm: pid=30930 uid=1001, gid=1001) itk_post_perdir_config(): setgid(33): Operation not permitted
[Sun May 31 13:36:04 2015] [warn] Couldn't set uid/gid/priority, closing connection.
[Sun May 31 13:36:06 2015] [warn] (itkmpm: pid=30938 uid=1001, gid=1001) itk_post_perdir_config(): setgid(33): Operation not permitted

apache starts but stops right away

For a while now I can't start apache.
(I don't have skype running)
I have tried googling it but no help.
I tried reinstaling, same thing. Tried easyphp, same thing happens to it too.
When I start it it says it started, but few seconds later it says it has stoped, and shows an error
20:39:59 [Apache] Attempting to start Apache service...
20:40:01 [Apache] Status change detected: running
20:40:06 [Apache] Status change detected: stopped
20:40:06 [Apache] Error: Apache shutdown unexpectedly.
20:40:06 [Apache] This may be due to a blocked port, missing dependencies,
20:40:06 [Apache] improper privileges, a crash, or a shutdown by another method.
20:40:06 [Apache] Press the Logs button to view error logs and check
20:40:06 [Apache] the Windows Event Viewer for more clues
20:40:06 [Apache] If you need more help, copy and post this
20:40:06 [Apache] entire log window on the forums
Error log file:
[Mon Nov 11 20:40:01.984375 2013] [ssl:warn] [pid 3940:tid 248] AH01909: RSA certificate configured for www.example.com:443 does NOT include an ID which matches the server name
[Mon Nov 11 20:40:02.703125 2013] [ssl:warn] [pid 3940:tid 248] AH01909: RSA certificate configured for www.example.com:443 does NOT include an ID which matches the server name
[Mon Nov 11 20:40:02.921875 2013] [mpm_winnt:notice] [pid 3940:tid 248] AH00455: Apache/2.4.4 (Win32) OpenSSL/0.9.8y PHP/5.4.19 configured -- resuming normal operations
[Mon Nov 11 20:40:02.921875 2013] [mpm_winnt:notice] [pid 3940:tid 248] AH00456: Server built: Feb 23 2013 13:07:34
[Mon Nov 11 20:40:02.921875 2013] [core:notice] [pid 3940:tid 248] AH00094: Command line: 'c:\\program files\\xampp\\apache\\bin\\httpd.exe -d C:/Program Files/xampp/apache'
[Mon Nov 11 20:40:02.921875 2013] [mpm_winnt:notice] [pid 3940:tid 248] AH00418: Parent: Created child process 2176
[Mon Nov 11 20:40:04.875000 2013] [ssl:warn] [pid 2176:tid 1876] AH01909: RSA certificate configured for www.example.com:443 does NOT include an ID which matches the server name
[Mon Nov 11 20:40:05.734375 2013] [ssl:warn] [pid 2176:tid 1876] AH01909: RSA certificate configured for www.example.com:443 does NOT include an ID which matches the server name
[Mon Nov 11 20:40:05.984375 2013] [mpm_winnt:crit] [pid 2176:tid 1876] (OS 10022)An invalid argument was supplied. : AH00405: Child: WSASocket failed to open the inherited socket
[Mon Nov 11 20:40:05.984375 2013] [mpm_winnt:crit] [pid 3940:tid 248] AH00427: Parent: child process 2176 exited with status 3 -- Aborting.
Hope someone knows what the problem is
It looks like you have ssl improperly configured for one of your domains (www.example.com). Try commenting out Include (path)/(to)/httpd-ssl.conf include line and LoadModule ssl_module modules/mod_ssl.so in your httpd.conf file.
If the commenting out of the ssl config works, it may be that the SSL port (443) is in use on your machine. Uncomment the above, then in httpd-ssl.conf, try changing line(s) Listen 443 to an alternative (not-in-use) port number, i.e. Listen 49199.
At the command line, you can use netstat -aon to see what ports are currently in use on your machine.

Error after updating Apache on Ubuntu 13.04 (Raring Ringtail)

I have an error after updating my packages. When trying to start my webserver, it throws the following error.
$ sudo service apache2 restart
* Restarting web server apache2 [fail]
* The apache2 configtest failed.
Output of config test was:
AH00526: Syntax error on line 84 of /etc/apache2/apache2.conf:
Invalid command 'LockFile', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
And the Apache error log is (from file /var/log/apache2/error.log):
[Sat Aug 17 01:30:03 2013] [notice] Apache/2.2.22 (Ubuntu) PHP/5.4.17RC1 configured -- resuming normal operations
[Sat Aug 17 01:41:38 2013] [notice] caught SIGTERM, shutting down
[Sat Aug 17 03:10:11.132425 2013] [mpm_prefork:notice] [pid 4182] AH00163: Apache/2.4.6 (Ubuntu) PHP/5.5.1-2+debphp.org~raring+2 configured -- resuming normal operations
[Sat Aug 17 03:10:11.143718 2013] [core:notice] [pid 4182] AH00094: Command line: '/usr/sbin/apache2'
[Sat Aug 17 03:13:56.527245 2013] [mpm_prefork:notice] [pid 4182] AH00169: caught SIGTERM, shutting down
What things do I have to do to recover or fix my server up?
Replace in apache2.conf:
LockFile /var/lock/apache2/accept.lock
with
Mutex file:${APACHE_LOCK_DIR} default
Actually, it is better to use a semaphore. Under Unix systems it is a lot faster and uses fewer resources.
And the option is just this:
Mutex sem