LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 05-17-2017, 04:49 AM   #1
penyuan
Member
 
Registered: Oct 2009
Distribution: Scientific Linux 6
Posts: 188

Rep: Reputation: 19
Question Apache web server fails to start after Manjaro update


Hello,
This is a problem I've been having trouble getting help for, and hope someone here can help!

I just rebooted my Manjaro LAMP web server after the most recent round of Manjaro Linux updates. Unfortunately, I noticed that the Apache httpd service fails to start with this output:
Quote:
systemctl status httpd
● httpd.service - Apache Web Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset
Active: failed (Result: exit-code) since Tue 2017-05-16 20:39:06 CST; 1min 37
Process: 554 ExecStop=/usr/bin/httpd -k graceful-stop (code=exited, status=0/S
Process: 492 ExecStart=/usr/bin/httpd -k start -DFOREGROUND (code=exited, stat
Main PID: 492 (code=exited, status=1/FAILURE)
May 16 20:39:04 [hostname] systemd[1]: Started Apache Web Server.
May 16 20:39:05 [hostname] systemd[1]: httpd.service: Main process exited, code=ex
May 16 20:39:06 [hostname] httpd[554]: httpd (no pid file) not running
May 16 20:39:06 [hostname] systemd[1]: httpd.service: Unit entered failed state.
May 16 20:39:06 [hostname] systemd[1]: httpd.service: Failed with result 'exit-cod
I've always used httpd in a "set and forget" kind of way and don't really know its inner workings. And I just looked at /var/log/httpd/error_log and saw this at the end:
Quote:
[Tue May 16 20:39:05.654816 2017] [ssl:emerg] [pid 492] AH01903: Failed to configure CA certificate chain!
[Tue May 16 20:39:05.656540 2017] [ssl:emerg] [pid 492] AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed
So looks like some problem with HTTPS configuration?? I haven't manually changed any settings before the recent update, how do I fix this?? BTW I'm using Let's Encrypt with a CertBot service that runs daily, but it is also failing because it says the httpd service is not running.

Thank you!
 
Old 05-17-2017, 07:54 AM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Code:
sudo a2enmod mod_ssl
and see what's what.
 
1 members found this post helpful.
Old 05-17-2017, 08:18 AM   #3
penyuan
Member
 
Registered: Oct 2009
Distribution: Scientific Linux 6
Posts: 188

Original Poster
Rep: Reputation: 19
Question

Quote:
Originally Posted by Habitual View Post
Code:
sudo a2enmod mod_ssl
and see what's what.
Thank you! I managed to find and install a2enmod from the Arch AUR, and running
Code:
sudo a2enmod mod_ssl
gave me this:
Quote:
ERROR: Module mod_ssl does not exist!
How did this happen??? And how do I make mod_ssl re-exist??

EDIT: I see that the file /usr/lib/httpd/modules/mod_ssl.so *exists*, so what's happening???

EDIT 2: Here is the output from a2enmod, which doesn't include mod_ssl:

Quote:
a2enmod
Your choices are: actions alias asis auth_basic auth_digest authn_alias authn_anon authn_dbd authn_dbm authn_default authn_file authnz_ldap authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta cgi cgid charset_lite dav dav_fs dav_lock dav_svn dbd deflate dir disk_cache dnssd dump_io env expires ext_filter fastcgi fcgid file_cache filter headers ident imagemap include info ldap log_config log_forensic logio mem_cache mime mime_magic mod-security mod_chroot mono negotiation pagespeed perl php5 php5_cgi proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi qos reqtimeout rewrite rpaf setenvif speling ssl status substitute suexec suphp unique_id userdir usertrack version vhost_alias wsgi
Which module(s) do you want to enable (wildcards ok)?
I tried enabling "ssl" but that didn't help...

Last edited by penyuan; 05-17-2017 at 10:02 AM. Reason: Added sentence about a2enmod's output.
 
Old 05-18-2017, 09:33 AM   #4
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
/var/log/httpd/error_log have any clues?
 
1 members found this post helpful.
Old 05-18-2017, 12:27 PM   #5
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 15,305
Blog Entries: 9

Rep: Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391
please rerun "systemctl status apache2" (wait what, why is it httpd on your system?) with full line length, there's a switch for that in systemctl.
also more journalctl output might be available to help with the issue.
 
1 members found this post helpful.
Old 05-18-2017, 02:09 PM   #6
penyuan
Member
 
Registered: Oct 2009
Distribution: Scientific Linux 6
Posts: 188

Original Poster
Rep: Reputation: 19
Question

Quote:
Originally Posted by ondoho View Post
please rerun "systemctl status apache2" (wait what, why is it httpd on your system?) with full line length, there's a switch for that in systemctl.
also more journalctl output might be available to help with the issue.
OK, I managed to get full line length output for systemctl here:
Quote:
● httpd.service - Apache Web Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2017-05-19 02:39:30 CST; 20min ago
Process: 8731 ExecStop=/usr/bin/httpd -k graceful-stop (code=exited, status=0/SUCCESS)
Process: 8726 ExecStart=/usr/bin/httpd -k start -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 8726 (code=exited, status=1/FAILURE)

May 19 02:39:29 [my hostname] systemd[1]: Started Apache Web Server.
May 19 02:39:30 [my hostname] systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
May 19 02:39:30 [my hostname] httpd[8731]: httpd (no pid file) not running
May 19 02:39:30 [my hostname] systemd[1]: httpd.service: Unit entered failed state.
May 19 02:39:30 [my hostname] systemd[1]: httpd.service: Failed with result 'exit-code'.
Here is the full line length output from journalctl:
Quote:
May 19 02:39:25 [my hostname] polkitd[378]: Registered Authentication Agent for unix-process:8717:19443680 (system bus name : 1.56 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
May 19 02:39:29 [my hostname] polkitd[378]: Operator of unix-process:8717:19443680 successfully authenticated as unix-user:[my username] to gain ONE-SHOT authorization for action org.freedesktop.systemd1.manage-units for system-bus-name::1.57 [systemctl restart httpd] (owned by unix-user:[my username])
May 19 02:39:29 [my hostname] systemd[1]: Started Apache Web Server.
May 19 02:39:29 [my hostname] polkitd[378]: Unregistered Authentication Agent for unix-process:8717:19443680 (system bus name :1.56, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
May 19 02:39:30 [my hostname] systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
May 19 02:39:30 [my hostname] httpd[8731]: httpd (no pid file) not running
May 19 02:39:30 [my hostname] systemd[1]: httpd.service: Unit entered failed state.
May 19 02:39:30 [my hostname] systemd[1]: httpd.service: Failed with result 'exit-code'.
And once again, here is the relevant output from /var/log/httpd/error_log:
Quote:
[Fri May 19 02:39:30.036834 2017] [ssl:emerg] [pid 8726] AH01903: Failed to configure CA certificate chain!
[Fri May 19 02:39:30.037539 2017] [ssl:emerg] [pid 8726] AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed
I don't know why the service is called "httpd" instead of something else...

Does this provide any clues??? Thanks for your help!!

EDIT: Oh, and here's the "sudo a2enmod mod_ssl" output again:
Quote:
ERROR: Module mod_ssl does not exist!
But the file mod_ssl.so does exist.

Last edited by penyuan; 05-18-2017 at 02:48 PM. Reason: Added a2enmod output.
 
Old 05-18-2017, 03:05 PM   #7
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Is mod_ssl the only error you see?
Because I seen 2 distinct errors that may have a common denominator
...ca-certificates...
Code:
Description: Common CA certificates
 This package includes PEM files of CA certificates to allow SSL-based
 applications to check for the authenticity of SSL connections.
Hopefully, that helps.
 
1 members found this post helpful.
Old 05-18-2017, 03:10 PM   #8
penyuan
Member
 
Registered: Oct 2009
Distribution: Scientific Linux 6
Posts: 188

Original Poster
Rep: Reputation: 19
Question

Quote:
Originally Posted by Habitual View Post
Is mod_ssl the only error you see?
Because I seen 2 distinct errors that may have a common denominator
...ca-certificates...
Code:
Description: Common CA certificates
 This package includes PEM files of CA certificates to allow SSL-based
 applications to check for the authenticity of SSL connections.
Hopefully, that helps.
Thanks for your quick response!!

I just ran "sudo pacman -S ca-certificates" to re-install the ca-certificates package (it was already installed). Unfortunately running "systemctl restart httpd" still didn't work...

And yes, mod_ssl missing is the only error when I run "sudo a2enmod mod_ssl"...
 
Old 05-19-2017, 10:26 AM   #9
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 15,305
Blog Entries: 9

Rep: Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391
please run this:
Code:
/usr/bin/httpd -k start -DFOREGROUND
in a terminal, as root, and post what output you get.
actually sorry, no, you have to add more verbosity.
please read
Code:
man httpd
then add more verbosity to the above command.
post the output here.
 
1 members found this post helpful.
Old 05-19-2017, 09:05 PM   #10
penyuan
Member
 
Registered: Oct 2009
Distribution: Scientific Linux 6
Posts: 188

Original Poster
Rep: Reputation: 19
Question

Quote:
Originally Posted by ondoho View Post
please run this:
Code:
/usr/bin/httpd -k start -DFOREGROUND
in a terminal, as root, and post what output you get.
actually sorry, no, you have to add more verbosity.
please read
Code:
man httpd
then add more verbosity to the above command.
post the output here.
OK. With it I got a new clue, here is the output of the command:
Quote:
AH00526: Syntax error on line 535 of /etc/httpd/conf/httpd.conf:
SSLCertificateKeyFile: file '/etc/letsencrypt/live/[my domain]/privkey.pem' does not exist or is empty
I checked '/etc/letsencrypt/live/[my domain]/privkey.pem', and it definitely exists, is not empty, and I definitely did not change it before or after the problems started.
What can I do?? Thanks!
 
Old 05-20-2017, 02:03 AM   #11
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 15,305
Blog Entries: 9

Rep: Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391Reputation: 4391
Quote:
Originally Posted by penyuan View Post
Code:
AH00526: Syntax error on line 535 of /etc/httpd/conf/httpd.conf:
SSLCertificateKeyFile: file '/etc/letsencrypt/live/[my domain]/privkey.pem' does not exist or is empty
What can I do??
so this is now a letsencrypt issue.
no help from me there, sorry.
 
1 members found this post helpful.
Old 05-20-2017, 03:27 AM   #12
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,739

Rep: Reputation: 1837Reputation: 1837Reputation: 1837Reputation: 1837Reputation: 1837Reputation: 1837Reputation: 1837Reputation: 1837Reputation: 1837Reputation: 1837Reputation: 1837
Hi
Quote:
AH00526: Syntax error on line 535 of /etc/httpd/conf/httpd.conf:
SSLCertificateKeyFile: file '/etc/letsencrypt/live/[my domain]/privkey.pem' does not exist or is empty
I checked '/etc/letsencrypt/live/[my domain]/privkey.pem', and it definitely exists, is not empty, and I definitely did not change it before or after the problems started.
What can I do?? Thanks!
Take a look a this post at letsencrypt forum

Regards
 
1 members found this post helpful.
Old 05-20-2017, 04:42 AM   #13
penyuan
Member
 
Registered: Oct 2009
Distribution: Scientific Linux 6
Posts: 188

Original Poster
Rep: Reputation: 19
Question

Quote:
Originally Posted by ondoho View Post
so this is now a letsencrypt issue.
no help from me there, sorry.
I followed the link by @bathory and was able to resolve this issue, but it led to another. Please see below.

Quote:
Originally Posted by bathory View Post
Hi

Take a look a this post at letsencrypt forum

Regards
Thank you for this. Following the suggestion at the link solved that particular error message but now there is a new one:
Quote:
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
I have no idea what this means... Can you still help??
 
Old 05-20-2017, 08:01 AM   #14
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,739

Rep: Reputation: 1837Reputation: 1837Reputation: 1837Reputation: 1837Reputation: 1837Reputation: 1837Reputation: 1837Reputation: 1837Reputation: 1837Reputation: 1837Reputation: 1837
Quote:
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Most likely apache is still running when you try to start it again. Stop it and use the following command to see if that's the case:
Code:
netstat -tanpl|grep 80
You can also use "kill" to kill the running httpd process(es).
Then try to start it again.

Could be that you define 2 times "port 80" in the configuration files. Check the occurrences of
Code:
Listen 80
and make sure there is only one.
 
1 members found this post helpful.
Old 05-20-2017, 12:55 PM   #15
penyuan
Member
 
Registered: Oct 2009
Distribution: Scientific Linux 6
Posts: 188

Original Poster
Rep: Reputation: 19
Question

Quote:
Originally Posted by bathory View Post
Most likely apache is still running when you try to start it again. Stop it and use the following command to see if that's the case:
Code:
netstat -tanpl|grep 80
You can also use "kill" to kill the running httpd process(es).
Then try to start it again.

Could be that you define 2 times "port 80" in the configuration files. Check the occurrences of
Code:
Listen 80
and make sure there is only one.
OK, I did:
  1. ran "systemctl stop httpd"
  2. "sudo netstat -tanpl|grep 80" showed nothing (so I guessed httpd was really stopped)
  3. checked "htop" and "sudo htop" for httpd or apache and nothing was listed
  4. checked my httpd.conf configuration file to make sure there's only one "Listen 80"
  5. did "systemctl start httpd"
  6. It fails with the same errors as before...
  7. Tried to reboot server with same result...

Anything else I can try??? Sorry about being difficult but I appreciate your help!

Last edited by penyuan; 05-20-2017 at 12:56 PM. Reason: Added sentence about rebooting server.
 
  


Reply

Tags
apache, certificates, manjaro, server, ssl


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] XAMPP fails to start. Another web server with SSL already running, can't stop it Draper Linux - Server 5 08-01-2013 12:09 PM
Apache Server fails to start sniper8752 Linux - Server 21 05-14-2013 01:16 AM
how to start apache web server anindyanuri Debian 3 06-19-2006 02:12 AM
How do I start apache web server? JockVSJock Slackware 25 05-15-2005 12:22 PM
Apache web server install fails westone Linux - Networking 1 07-05-2004 04:37 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration