httpd not starting in centos webserver

SarahGurung · 05-20-2012, 10:39 PM

well we have webserver runnung on centos 5.8 and today the httpd has stopped and i'm not able to start it..the error logs shows the following:

Code:

[Sun May 20 04:02:05 2012] [error] Unable to verify certificate 'Server-Cert'. A
dd "NSSEnforceValidCerts off" to nss.conf so the server can start until the prob
lem can be resolved.
[Sun May 20 04:02:05 2012] [error] SSL Library Error: -8181 Certificate has expi
red

Can anyone tell me what has happened and what should i be doing?it's really urgent..

es0teric · 05-20-2012, 11:55 PM

It sounds like the SSL certificate you're using to secure your website has expired. You may need to purchase another one, have it issued, and install it before you'll be able to have verified SSL again.

Since that will take a while, you can add the line it suggests to the httpd config file. That will tell httpd to ignore the error and start anyway (but the cert will still be expired).

lonelyman · 05-20-2012, 11:56 PM

it says cleayly that your server's cert has been expired,maybe you should creat a new cert for your server,or you could try to update the cert.

SarahGurung · 05-20-2012, 11:56 PM

so what should be done then?

lonelyman · 05-21-2012, 12:23 AM

if you are not sure you can first add "NSSEnforceValidCerts off" to nss.conf forcely start the httpd,if you have are sure having your problems done,you can comment the "NSSEnforceValidCerts off" in the nss.conf and try to start the http server.

bathory · 05-21-2012, 12:40 AM

Or, if you don't need mod_nss, you can rename /etc/httpd/conf.d/nss.conf to /etc/httpd/conf.d/nss.conf.bak, so apache does snot try to load it at startup.

Regards

SarahGurung · 05-21-2012, 01:08 AM

yes Mr.Bathory,i did that n it worked..

But just wondering what has nss.conf got to do with it?

lonelyman · 05-21-2012, 01:49 AM

it's for nss certification for your server,my suggestion is if you surely don't need it,you can do the mv,if not,better to fix it.

SarahGurung · 05-21-2012, 01:57 AM

ya i have moved it that's y it's working...

but i don't know how should i fix it..

bathory · 05-21-2012, 02:30 AM

Quote:

Originally Posted by SarahGurung

ya i have moved it that's y it's working...

but i don't know how should i fix it..

If you don't use https, or if you have https working through mod_ssl, don't bother.
Otherwise, you might try the solution proposed here (remove and reinstall mod_nss)

Regards