chris85

Asked: 2017-04-21 11:28:12 +0800 CST2017-04-21 11:28:12 +0800 CST 2017-04-21 11:28:12 +0800 CST

Apache Wont Start with SSL (Mis?)Configured

I'm trying to get PHP and Apache running with SSL on a RedHat server, AWS. After setting up the deployment restarting apache fails.

Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.

systemctl status httpd.service gives:

● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2017-04-20 15:21:17 EDT; 3min 25s ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 11017 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
  Process: 11015 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 11015 (code=exited, status=1/FAILURE)

Apr 20 15:21:17 ip-172-16-255-255.internal systemd[1]: Starting The Apache HTTP Server...
Apr 20 15:21:17 ip-172-16-255-255.internal systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Apr 20 15:21:17 ip-172-16-255-255.internal kill[11017]: kill: cannot find process ""
Apr 20 15:21:17 ip-172-16-255-255.internal systemd[1]: httpd.service: control process exited, code=exited status=1
Apr 20 15:21:17 ip-172-16-255-255.internal systemd[1]: Failed to start The Apache HTTP Server.
Apr 20 15:21:17 ip-172-16-255-255.internal systemd[1]: Unit httpd.service entered failed state.
Apr 20 15:21:17 ip-172-16-255-255.internal systemd[1]: httpd.service failed.

My log has:

var/log/httpd/error.log:

[Thu Apr 20 14:25:07.649234 2017] [suexec:notice] [pid 10823] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Apr 20 14:25:07.665400 2017] [ssl:emerg] [pid 10823] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/httpd/dev.example.com/error2.log for more information

In the error log for the specific deployment I get:

[Thu Apr 20 14:24:30.258985 2017] [ssl:emerg] [pid 10795] AH01895: Unable to configure verify locations for client authentication
[Thu Apr 20 14:25:07.665388 2017] [ssl:emerg] [pid 10823] AH01895: Unable to configure verify locations for client authentication

The configuration I'm trying is:

#NameVirtualHost new.example.com:80
<VirtualHost new.example.com:80>
    ServerAdmin [email protected]
    DocumentRoot /var/www/html/dev.example.com
    ServerName new.example.com
    DirectoryIndex index.html
    DirectoryIndex index.php
    LogLevel notice
    ErrorLog /var/log/httpd/dev.example.com/error2.log
    LogFormat "%{%Y-%m-%d %H:%M:%S}t %a %u %A %p %m %U %q %>s \"%{User-agent}i\"" w3c_extended
    CustomLog /var/log/httpd/dev.example.com/access.log w3c_extended
</VirtualHost>

#NameVirtualHost new.example.com:443
<VirtualHost new.example.com:443>
    ServerAdmin [email protected]
    DocumentRoot /var/www/html/dev.example.com
    ServerName new.example.com
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
    SSLProtocol all
    SSLCertificateFile /usr/local/ssl/crt/example_2015.cert
    SSLCertificateKeyFile /usr/local/ssl/private/ssl_2015.key
    SSLCACertificateFile /usr/local/ssl/crt/example_2015_intermediate.pem
    DirectoryIndex index.html
    DirectoryIndex index.php
    LogLevel notice
    ErrorLog /var/log/httpd/dev.example.com/error2.log
    LogFormat "%{%Y-%m-%d %H:%M:%S}t %a %u %A %p %m %U %q %>s \"%{User-agent}i\"" w3c_extended
    CustomLog /var/log/httpd/dev.example.com/access.log w3c_extended
</VirtualHost>

I followed this link:

https://forums.cpanel.net/threads/httpd-fails-to-restart-after-install-ssl-certificate.55823/

which allowed me to have Apache and PHP running but this didn't allow the SSL to function, so I think it is something with the certificates.

I lost track of a thread I was on but I also compared the md5 of the key with the cert and those both matched up.

openssl x509 -noout -modulus -in ../crt/example_2015.cert | openssl md5
openssl rsa -noout -modulus -in ssl_2015.key | openssl md5

I'm not sure what else to include here so let me know if I missed something.

Apache2ctl -S gives:

VirtualHost configuration:
255.255.255.255:80       new.example.com (/etc/httpd/conf.d/new.example.conf:2)
255.255.255.255:443      new.example.com (/etc/httpd/conf.d/new.example.conf:15)
*:443                  ip-172-16-255-255.internal (/etc/httpd/conf.d/ssl.conf:56)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default 
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

Apache Wont Start with SSL (Mis?)Configured

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Apache Wont Start with SSL (Mis?)Configured

0 Answers