Apache won't start, says it can not bind to address

thllgo · 01-25-2012, 04:16 PM

When I try to start apache I get the error:

Quote:

(98)Address already in use: make_sock: could not bind to address [::]:443

This error seems to be somehow related to my server certs. Go figure???

"netstat -nlp |grep 443" or "...|grep https" I don't see anything.

"lsof -i | grep http" or "... |grep 443" shows nothing.

"ps -elf |grep http" shows nothing running.

I downloaded apache 2.2.21 untar'd and did the following

Quote:

./configure \
--enable-so \
--enable-rewrite=shared \
--enable-headers \
--enable-proxy \
--enable-proxy-balancer \
--enable-proxy-connect \
--enable-proxy-http \
--enable-rewrite \
--enable-ssl

make
make install

I edited /usr/local/apache2/conf/httpd.conf and changed the line "Listen 80" to "Listen 443".

I un-commented the line "Include conf/extra/httpd-ssl.conf" and created the server certs.

When I try to start apache it complains about not being able to bind to the address. If I comment the Include line for httpd-ssl.conf it starts. I'm guessing it does not like my certs but I don't know what could be wrong with them. They were created by the following:

Quote:

openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

No -des3 on the first line because if you do that it asks for a password.

Am I missing something?

Any insight will be greatly appreciated.

Thank you

eeekster · 01-25-2012, 04:30 PM

The [::]:443 looks like an IPv6 address. Check your config files.

thllgo · 01-25-2012, 04:30 PM

BTW if I do include the -des3 in the certificate, when I start apache, it asks for the passphrase and dies.

thllgo · 01-25-2012, 04:42 PM

Quote:

The [::]:443 looks like an IPv6 address. Check your config files.

Are you talking about apache config files? What in the apache config files makes reference to IPv4 or IPv6? I did change the Listen line to "Listen w.x.y.z:443" so now the error shows up

Quote:

(98)Address already in use: make_sock: could not bind to address [::]:443
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
Unable to open logs

In the access_log file there is the following

Quote:

x.y.z.72 - - [23/Jan/2012:21:41:09 +0000] "GET / HTTP/1.1" 200 44
x.y.z.72 - - [23/Jan/2012:21:41:09 +0000] "GET /favicon.ico HTTP/1.1" 404 209
x.y.z.72 - - [23/Jan/2012:21:41:12 +0000] "GET /favicon.ico HTTP/1.1" 404 209
x.y.z.72 - - [23/Jan/2012:21:46:15 +0000] "\x16\x03\x01" 501 215
x.y.z.72 - - [23/Jan/2012:21:46:15 +0000] "\x16\x03\x01" 501 215
x.y.z.72 - - [23/Jan/2012:21:46:25 +0000] "\x16\x03\x01" 501 215
x.y.z.72 - - [23/Jan/2012:21:46:29 +0000] "\x16\x03\x01" 501 215
x.y.z.72 - - [23/Jan/2012:22:10:21 +0000] "GET / HTTP/1.1" 200 56
x.y.z.72 - - [23/Jan/2012:22:57:35 +0000] "GET / HTTP/1.1" 304 -

Where its getting the .72 address from I don't know, the systems address is .64

eeekster · 01-25-2012, 04:54 PM

Quote:

Are you talking about apache config files? What in the apache config files makes reference to IPv4 or IPv6? I did change the Listen line to "Listen w.x.y.z:443" so now the error shows up

It's the Listen lines in the config files. Note that I said files not file. Be sure to look at the files in /etc/httpd/conf.d/ since they are also loaded.

Quote:

Where its getting the .72 address from I don't know, the systems address is .64

That's the address of an incoming request.

thllgo · 01-25-2012, 05:15 PM

I found another line in conf/extra/httpd-ssl.conf and changed it to match the one in conf/httpd.conf both now read:

Quote:

Listen w.x.y.z:443

and now I get the error

Quote:

(98)Address already in use: make_sock: could not bind to address w.x.y.z:443

Redoing the lsof, netstat, and ps commands still tells me nothing is running on port 443. If I comment out the line in httpd.conf that includes the httpd-ssl.conf file it runs quite happily. If I try to browse the page I get the error

Quote:

SSL received a record that exceeded the maxium permissible length

I'm fairly sure to run on port 443 I'm going to need to include the httpd-ssl.conf file, yes?

eeekster · 01-25-2012, 05:35 PM

Are you saying you have more than one Listen line for port 443? If so, that's why you are getting the error.

thllgo · 01-30-2012, 03:36 PM

I have a "Listen 10.10.10.64:443" line in /usr/local/apache/conf/httpd.conf and /usr/local/apache/conf/extra/httpd-ssl.conf. Are you saying that I need to remove one of them. If so does it matter which one?

eeekster · 01-30-2012, 03:42 PM

Yes, you need to remove one of them.

thllgo · 01-30-2012, 03:53 PM

That appears to have gotten rid of the port problem. I kept the Listen line in httpd-ssl.conf to port 443 and set the one in httpd.conf to 80. Now I have a new problem. Now it doesn't like my certs. I'll try to build new ones.

Thank you

Skaperen · 01-30-2012, 04:20 PM

Quote:

Originally Posted by thllgo

That appears to have gotten rid of the port problem. I kept the Listen line in httpd-ssl.conf to port 443 and set the one in httpd.conf to 80. Now I have a new problem. Now it doesn't like my certs. I'll try to build new ones.

Thank you

Well, at least it's getting further. The certs issue is something entirely different. If rebuilding them does not work (be sure you give Apache UNencrypted copies only Apache or root can read), start a new thread with an appropriate subject.

thllgo · 01-30-2012, 04:40 PM

OMG it finally works. Thanks for all your help eeekster.