Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
trying to configure ssl on centos 7, i have generated certificate,csr file and a key file for it. also configured their path in httpd.conf while I restart the httpd service it gives me error
Quote:
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
Hi,
trying to configure ssl on centos 7, i have generated certificate,csr file and a key file for it. also configured their path in httpd.conf while I restart the httpd service it gives me error
Code:
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
Ok...so did you DO those things? Look in the logs? Obviously there's a problem in the part of the configuration you changed, but you don't post it, or any parts of the logs, or any diagnostic information. We can't guess.
Run the commands the system gave you, and post the relevant information, and we can try to help.
Jun 29 07:32:35 myserver.com dbus-daemon[698]: dbus[698]: [system] Activated service 'org.fedoraproject.Setroubleshootd' failed: The permission of the setuid help
Jun 29 07:32:35 myserver.com unix_chkpwd[19564]: password check failed for user (root)
Jun 29 07:32:35 myserver.com sshd[19536]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jun 29 07:32:36 myserver.com dbus[698]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Jun 29 07:32:36 myserver.com dbus-daemon[698]: dbus[698]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Jun 29 07:32:36 myserver.com dbus[698]: [system] Activated service 'org.fedoraproject.Setroubleshootd' failed: The permission of the setuid helper is not correct
Jun 29 07:32:36 myserver.com dbus-daemon[698]: dbus[698]: [system] Activated service 'org.fedoraproject.Setroubleshootd' failed: The permission of the setuid help
Jun 29 07:32:36 myserver.com unix_chkpwd[19567]: password check failed for user (root)
Jun 29 07:32:36 myserver.com sshd[19521]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jun 29 07:32:36 myserver.com sshd[19520]: Failed password for root from 116.31.116.36 port 25326 ssh2
Jun 29 07:32:36 myserver.com sshd[19520]: Received disconnect from 116.31.116.36: 11: [preauth]
Jun 29 07:32:36 myserver.com sshd[19520]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.36 user=root
Jun 29 07:32:37 myserver.com sshd[19536]: Failed password for root from 218.65.30.23 port 33650 ssh2
Jun 29 07:32:38 myserver.com sshd[19521]: Failed password for root from 218.65.30.23 port 51711 ssh2
Jun 29 07:32:38 myserver.com sshd[19521]: Disconnecting: Too many authentication failures for root [preauth]
Jun 29 07:32:38 myserver.com sshd[19521]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.23 user=root
Jun 29 07:32:38 myserver.com sshd[19521]: PAM service(sshd) ignoring max retries; 6 > 3
Jun 29 07:32:38 myserver.com dbus[698]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Jun 29 07:32:38 myserver.com dbus-daemon[698]: dbus[698]: [system] Activating service name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Jun 29 07:32:38 myserver.com dbus[698]: [system] Activated service 'org.fedoraproject.Setroubleshootd' failed: The permission of the setuid helper is not correct
Jun 29 07:32:38 myserver.com dbus-daemon[698]: dbus[698]: [system] Activated service 'org.fedoraproject.Setroubleshootd' failed: The permission of the setuid help
Jun 29 07:32:38 myserver.com unix_chkpwd[19572]: password check failed for user (root)
Jun 29 07:32:38 myserver.com sshd[19536]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
And AGAIN...post the RELEVANT parts of the log. That says NOTHING about when you start HTTP, does it???? Try starting the service again, and get the last parts of the file...have you tried reading the man pages on journalctl?
For example, if you try to start http at 9:10 AM, you can see log entries SINCE 9 AM by running:
Code:
journalctl --since 09:00
AGAIN...we only need to see the RELEVANT PARTS that relate to the HTTP service. And again, can you show us what you modified in the config files?? Have you tried undoing those changes, and starting the service then?
I also faced the same issue which was caused by SELinux. I had it set to Permissive to troubleshoot another issue I have here.
Since the log dir was created under /var/www, and no specific context rule exists for /var/www/mydomain.org, it will get the same context as /var/www, which is httpd_sys_content_t:
Code:
SELECT ALL
[root@server2 sites-enabled]# ls -Zd /var/www
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 /var/www
The log file dir should have httpd_log_t context:
Code:
SELECT ALL
[root@server2 sites-enabled]# ls -Zd /var/log/httpd/
drwx------. root root system_u:object_r:httpd_log_t:s0 /var/log/httpd/
And the DocumentRoot /var/www/mydomain.org/htdocs should have httpd_sys_content_t.
So, to fix it:
Code:
SELECT ALL
semanage fcontext -a -t httpd_sys_content_t "/var/www/mydomain.org(/.*)?"
semanage fcontext -a -t httpd_log_t "/var/www/mydomain.org/.*\.log.*"
restorecon -R -v /var/www/mydomain.org
Also, I would create a separate log sub directory, to make the SELinux context less confusing.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.