My apache server has stopped running after ssl update on a live site
I have a standard amazon ami(The one created by amazon), which has apache installed on it. We needed to update the ssl certificate which i did by going through these steps
I have done this before so i think i didn't do anything wrong. The steps basically included:
1) openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
2) Updating the /etc/httpd/conf.d/ssl.conf file.
3) Restarting the service httpd
But after restarting httpd i.e sudo service httpd restart. The service stopped fine, but did not start again. Here is the error i am recieving.
[ec2-user@******* conf.d]$ service httpd restart
Stopping httpd: [FAILED]
Starting httpd: [Tue Dec 06 20:38:28 2016] [warn] module ssl_module is already loaded, skipping
[Tue Dec 06 20:38:28 2016] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
(13)Permission denied: make_sock: could not bind to address [::]:80
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
This is really important, so will really appreciate if someone could me out here. Thanks
Update: Ok so i managed to remove the mod_ssl already loaded message. can some one figure this one out?
[ec2-user@****** ~]$ sudo service httpd start
Starting httpd: [Tue Dec 06 21:33:52 2016] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
(98)Address already in use: make_sock: could not bind to address [::]:443
[FAILED]
It looks like you are running the restart command as an unprivileged user, as can be seen because the httpd stop fails. You should run the restart command with a suitably privileged account.
Update:
Starting httpd: [Tue Dec 06 21:33:52 2016] [warn] default VirtualHost overlap on port 443, the first has precedence (98)Address already in use: make_sock: could not bind to address [::]:443
Something is still bound to/listening on port 443. It looks like you have failed to stop the previous invocation of httpd.
I figured out the issue. If anybody came across this issue, because of ssl certificate here are the things you need to check.
-
First make sure there are not more than 1 configuration file for httpd. (In my case I made a backup file of
etc/httpd/conf/ssl.confand called it ssl_bkup.conf. I thought this wont be used as a configuration but it did. I should have used ssl.conf_backup). You can check if there are more than 1 configuration files being used by this command.grep -ir 443 /etc/httpd/conf* -
Then check your logs by
sudo nano var/log/httpd/error_logsudo nano var/log/httpd/ssl_logsudo nano var/log/httpd/nss_log (nss is similar to ssl) -
The main issue in my case happened when I was copying the csr files from my computer to the server. The files given by the ssl authority had to be moved to my server, so instead of ftp I was creating new file and copying the content of the csr file into new file created on the server. While doing this I messed up the format in which the files were supposed to be copied.
Because my ftp access was very limited so in order to properly get them on the server I uploaded the files to an online host host and then downloaded to my server via wget.