Apache2 won’t start when mod_ssl is loaded

Posted on

Apache2 won’t start when mod_ssl is loaded – Problems with loading a website are often blamed on the Internet connection, but even the most perfectly set up network cannot help if there is no service to reply at your destination. One of the most popular HTTP servers used for this task is Apache2. Much of Apache’s popularity can be attributed to its easy installation and use, but never the less it is possible to run into problems with even the easiest of the software. If you’ve encountered an issue loading your web page, follow these simple troubleshooting methods outlined in this guide to attempt to get your web server back up and working again. Below are some tips in manage your apache2 server when you find problem about apache-2.2, , , , .

I reissued the SSL certificates for my website today, but now apache2 will not start up anymore. All I get from service apache2 start is this:

[....] Starting web server: apache2[Sat Apr 12 13:52:51 2014] [warn] NameVirtualHost *:80 has no VirtualHosts
Action 'start' failed.
The Apache error log may have more information.
 failed!

(The warning shouldn’t be there as apache2 is loading VirtualHost *:80 sites?)

There are only normal operations before this log. Line 2 is the original restart, line 3 is starting without loading mod_ssl and line 4 is trying to restart with mod_ssl again.

chmod: changing permissions of `/home/servers/MTA/newserver/mods/deathmatch/resources/[maps]/maps/DM-OS-TheNicO-SML-II/meta.xml': Operation not permitted
[Sat Apr 12 13:31:38 2014] [notice] caught SIGTERM, shutting down
[Sat Apr 12 13:51:08 2014] [notice] Apache/2.2.22 (Debian) PHP/5.5.11-1~dotdeb.1 configured -- resuming normal operations
[Sat Apr 12 13:51:51 2014] [notice] caught SIGTERM, shutting down

With LogLevel debug I get the following lines when trying to start apache:

[Sat Apr 12 14:36:13 2014] [info] Init: Seeding PRNG with 656 bytes of entropy
[Sat Apr 12 14:36:13 2014] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Sat Apr 12 14:36:13 2014] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Sat Apr 12 14:36:13 2014] [info] Init: Initializing (virtual) servers for SSL

I checked that the SSLCertificateKeyFile and SSLCertificateFile match and the key is for the certificate. I’m using Debian Wheezy with OpenSSL.

Site-logs all show this:

[Sat Apr 12 17:04:22 2014] [info] Loading certificate & private key of SSL-aware server
[Sat Apr 12 17:04:22 2014] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required
[Sat Apr 12 17:04:22 2014] [info] Configuring server for SSL protocol
[Sat Apr 12 17:04:22 2014] [debug] ssl_engine_init.c(469): Creating new SSL context (protocols: SSLv3, TLSv1, TLSv1.1, TLSv1.2)
[Sat Apr 12 17:04:22 2014] [debug] ssl_engine_init.c(705): Configuring permitted SSL ciphers [HIGH:MEDIUM:!aNULL:!MD5]
[Sat Apr 12 17:04:22 2014] [debug] ssl_engine_init.c(789): Configuring server certificate chain (4 CA certificates)
[Sat Apr 12 17:04:22 2014] [debug] ssl_engine_init.c(420): Configuring TLS extension handling
[Sat Apr 12 17:04:22 2014] [debug] ssl_engine_init.c(836): Configuring RSA server certificate
[Sat Apr 12 17:04:22 2014] [debug] ssl_engine_init.c(875): Configuring RSA server private key

Apache2 definitely knows about the sites (apache2ctl -t -D DUMP_VHOSTS):

[Sat Apr 12 17:21:02 2014] [warn] NameVirtualHost *:80 has no VirtualHosts
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:80                   is a NameVirtualHost
         default server twisted.twisted-gamers.net (/etc/apache2/sites-enabled/000-default:1)
         port 80 namevhost twisted.twisted-gamers.net (/etc/apache2/sites-enabled/000-default:1)
         port 80 namevhost dev.twisted-gamers.net (/etc/apache2/sites-enabled/dev.twisted-gamers.net:1)
         port 80 namevhost editor.twisted-gamers.net (/etc/apache2/sites-enabled/editor.twisted-gamers.net:1)
         port 80 namevhost forum.twisted-gamers.net (/etc/apache2/sites-enabled/forum.twisted-gamers.net:1)
         port 80 namevhost i.3ventic.eu (/etc/apache2/sites-enabled/i.3ventic.eu:1)
         port 80 namevhost minecraft.twisted-gamers.net (/etc/apache2/sites-enabled/minecraft.twisted-gamers.net:1)
         port 80 namevhost nyans.twisted-gamers.net (/etc/apache2/sites-enabled/nyans.twisted-gamers.net:1)
         port 80 namevhost www.twisted-gamers.net (/etc/apache2/sites-enabled/twisted-gamers.net:1)
         port 80 namevhost www.wiki.twisted-gamers.net (/etc/apache2/sites-enabled/wiki.twisted-gamers.net:1)
*:443                  is a NameVirtualHost
         default server dev.twisted-gamers.net (/etc/apache2/sites-enabled/dev.twisted-gamers.net:22)
         port 443 namevhost dev.twisted-gamers.net (/etc/apache2/sites-enabled/dev.twisted-gamers.net:22)
         port 443 namevhost editor.twisted-gamers.net (/etc/apache2/sites-enabled/editor.twisted-gamers.net:21)
         port 443 namevhost forum.twisted-gamers.net (/etc/apache2/sites-enabled/forum.twisted-gamers.net:21)
         port 443 namevhost i.3ventic.eu (/etc/apache2/sites-enabled/i.3ventic.eu:16)
         port 443 namevhost www.twisted-gamers.net (/etc/apache2/sites-enabled/twisted-gamers.net:21)
Syntax OK

How can I get apache2 running with SSL again?

If you have configured a VirtualHost, and Apache is giving you a warning that there are no VirtualHosts configured, the problem is with your VirtualHosts config, not your SSL certs.

I’d check you VirtualHosts config for syntax errors that may have occurred while you were updating it to take account of your new certificate.

Apache2 was silently crashing because I had missed one of the virtualhosts when updating the paths to the new private keys. This caused a mismatch error that apparently silently crashed apache.

Did you upgrade your Apache at the same time? For recent versions of Apache HTTPD, your site config files must end in .conf (ie /etc/apache2/sites-available/my-site.conf) or they will be ignored by HTTPD as it’s starting up.

Otherwise try apache2ctl -t -D DUMP_VHOSTS which should tell you what virtual hosts your Apache knows about.

Leave a Reply

Your email address will not be published. Required fields are marked *