Apache wont start after playing around

Discussion in 'Installation/Configuration' started by neumann, Oct 6, 2024.

Page 1 of 2
  1. neumann

    neumann Member

    I was trying to renew my certificate for my mail server and tried to setup according to this recipe: https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/

    And now my apache server is not restarting, both my pages and the panel are down (ispc3.2.12p1).
    Here is my output in htf_report:
    Code:
    
##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is Ubuntu 22.04.5 LTS

[INFO] uptime:  17:40:32 up 1 day, 11:47,  2 users,  load average: 0.00, 0.00, 0.00

[INFO] memory:
               total        used        free      shared  buff/cache   available
Mem:           7.6Gi       2.1Gi       1.2Gi        51Mi       4.3Gi       5.2Gi
Swap:          4.0Gi       1.0Mi       4.0Gi

[INFO] systemd failed services status:
  UNIT            LOAD   ACTIVE SUB    DESCRIPTION
● apache2.service loaded failed failed The Apache HTTP Server

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.
1 loaded units listed.

[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.2.12p1


##### VERSION CHECK #####

[INFO] php (cli) version is 8.1.30
[INFO] php-cgi (used for cgi php in default vhost!) is version 8.1.30

##### PORT CHECK #####

[WARN] Port 8080 (ISPConfig) seems NOT to be listening
[WARN] Port 8081 (ISPConfig Apps) seems NOT to be listening
[WARN] Port 80 (Webserver) seems NOT to be listening
[WARN] Port 443 (Webserver SSL) seems NOT to be listening

##### MAIL SERVER CHECK #####


##### RUNNING SERVER PROCESSES #####

[WARN] I could not determine which web server is running.
[INFO] I found the following mail server(s):
    Postfix (PID 346803)
[INFO] I found the following pop3 server(s):
    Dovecot (PID 12495)
[INFO] I found the following imap server(s):
    Dovecot (PID 12495)
[INFO] I found the following ftp server(s):
    PureFTP (PID 1360)

##### LISTENING PORTS #####
(only        ()
Local        (Address)
[localhost]:11333        (1142/rspamd:)
[localhost]:11332        (1142/rspamd:)
[localhost]:11334        (1142/rspamd:)
[anywhere]:4190        (12495/dovecot)
[anywhere]:110        (12495/dovecot)
[anywhere]:25        (346803/master)
[anywhere]:22        (1026/sshd:)
[anywhere]:21        (1360/pure-ftpd)
[anywhere]:143        (12495/dovecot)
[anywhere]:465        (346803/master)
[localhost]:11211        (941/memcached)
[anywhere]:587        (346803/master)
[anywhere]:631        (102740/cupsd)
[localhost]:6379        (960/redis-server)
[anywhere]:995        (12495/dovecot)
[anywhere]:993        (12495/dovecot)
[anywhere]:3306        (1104/mariadbd)
[localhost]:10023        (1349/postgrey)
***.***.***.***:53        (846/systemd-resolve)
***.***.***.***:53        (1002/named)
***.***.***.***:53        (1002/named)
***.***.***.***:53        (1002/named)
***.***.***.***:53        (1002/named)
[localhost]:953        (1002/named)
[localhost]:953        (1002/named)
[localhost]:953        (1002/named)
[localhost]:953        (1002/named)
[localhost]:53        (1002/named)
[localhost]:53        (1002/named)
[localhost]:53        (1002/named)
[localhost]:53        (1002/named)
*:*:*:*::*:53        (1002/named)
*:*:*:*::*:53        (1002/named)
*:*:*:*::*:53        (1002/named)
*:*:*:*::*:53        (1002/named)
*:*:*:*::*:953        (1002/named)
*:*:*:*::*:953        (1002/named)
*:*:*:*::*:953        (1002/named)
*:*:*:*::*:953        (1002/named)
*:*:*:*::*449:53        (1002/named)
*:*:*:*::*449:53        (1002/named)
*:*:*:*::*449:53        (1002/named)
*:*:*:*::*449:53        (1002/named)
*:*:*:*::*:4190        (12495/dovecot)
[localhost]10        (12495/dovecot)
*:*:*:*::*:25        (346803/master)
*:*:*:*::*:22        (1026/sshd:)
*:*:*:*::*:21        (1360/pure-ftpd)
[localhost]43        (12495/dovecot)
*:*:*:*::*:465        (346803/master)
*:*:*:*::*:587        (346803/master)
*:*:*:*::*:631        (102740/cupsd)
*:*:*:*::*f64d:30ff:fe6b:53        (1002/named)
*:*:*:*::*f64d:30ff:fe6b:53        (1002/named)
*:*:*:*::*f64d:30ff:fe6b:53        (1002/named)
*:*:*:*::*f64d:30ff:fe6b:53        (1002/named)
*:*:*:*::*:995        (12495/dovecot)
*:*:*:*::*:993        (12495/dovecot)
*:*:*:*::*:3306        (1104/mariadbd)
*:*:*:*::*:6379        (960/redis-server)
fd5f:8b19:6c8f:0:f64:53        (1002/named)
fd5f:8b19:6c8f:0:f64:53        (1002/named)
fd5f:8b19:6c8f:0:f64:53        (1002/named)
fd5f:8b19:6c8f:0:f64:53        (1002/named)




##### IPTABLES #####
Chain INPUT (policy DROP)
target     prot opt source               destination     
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:1194
ufw-before-logging-input  all  --  [anywhere]/0            [anywhere]/0       
ufw-before-input  all  --  [anywhere]/0            [anywhere]/0       
ufw-after-input  all  --  [anywhere]/0            [anywhere]/0       
ufw-after-logging-input  all  --  [anywhere]/0            [anywhere]/0       
ufw-reject-input  all  --  [anywhere]/0            [anywhere]/0       
ufw-track-input  all  --  [anywhere]/0            [anywhere]/0       

Chain FORWARD (policy DROP)
target     prot opt source               destination     
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            state RELATED,ESTABLISHED
ACCEPT     all  --  ***.***.***.***/24          [anywhere]/0       
ufw-before-logging-forward  all  --  [anywhere]/0            [anywhere]/0       
ufw-before-forward  all  --  [anywhere]/0            [anywhere]/0       
ufw-after-forward  all  --  [anywhere]/0            [anywhere]/0       
ufw-after-logging-forward  all  --  [anywhere]/0            [anywhere]/0       
ufw-reject-forward  all  --  [anywhere]/0            [anywhere]/0       
ufw-track-forward  all  --  [anywhere]/0            [anywhere]/0       

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination     
ufw-before-logging-output  all  --  [anywhere]/0            [anywhere]/0       
ufw-before-output  all  --  [anywhere]/0            [anywhere]/0       
ufw-after-output  all  --  [anywhere]/0            [anywhere]/0       
ufw-after-logging-output  all  --  [anywhere]/0            [anywhere]/0       
ufw-reject-output  all  --  [anywhere]/0            [anywhere]/0       
ufw-track-output  all  --  [anywhere]/0            [anywhere]/0       

Chain ufw-after-forward (1 references)
target     prot opt source               destination     

Chain ufw-after-input (1 references)
target     prot opt source               destination     
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:137
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:138
ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:139
ufw-skip-to-policy-input  tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:445
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:67
ufw-skip-to-policy-input  udp  --  [anywhere]/0            [anywhere]/0            udp dpt:68
ufw-skip-to-policy-input  all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination     
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination     
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination     

Chain ufw-after-output (1 references)
target     prot opt source               destination     

Chain ufw-before-forward (1 references)
target     prot opt source               destination     
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
ufw-user-forward  all  --  [anywhere]/0            [anywhere]/0       

Chain ufw-before-input (1 references)
target     prot opt source               destination     
ACCEPT     all  --  [anywhere]/0            [anywhere]/0       
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
DROP       all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 3
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 11
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 12
ACCEPT     icmp --  [anywhere]/0            [anywhere]/0            icmptype 8
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp spt:67 dpt:68
ufw-not-local  all  --  [anywhere]/0            [anywhere]/0       
ACCEPT     udp  --  [anywhere]/0            ***.***.***.***          udp dpt:5353
ACCEPT     udp  --  [anywhere]/0            ***.***.***.***      udp dpt:1900
ufw-user-input  all  --  [anywhere]/0            [anywhere]/0       

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination     

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination     

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination     

Chain ufw-before-output (1 references)
target     prot opt source               destination     
ACCEPT     all  --  [anywhere]/0            [anywhere]/0       
ACCEPT     all  --  [anywhere]/0            [anywhere]/0            ctstate RELATED,ESTABLISHED
ufw-user-output  all  --  [anywhere]/0            [anywhere]/0       

Chain ufw-logging-allow (0 references)
target     prot opt source               destination     
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target     prot opt source               destination     
RETURN     all  --  [anywhere]/0            [anywhere]/0            ctstate INVALID limit: avg 3/min burst 10
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target     prot opt source               destination     
RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type LOCAL
RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type MULTICAST
RETURN     all  --  [anywhere]/0            [anywhere]/0            ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 10
DROP       all  --  [anywhere]/0            [anywhere]/0       

Chain ufw-reject-forward (1 references)
target     prot opt source               destination     

Chain ufw-reject-input (1 references)
target     prot opt source               destination     

Chain ufw-reject-output (1 references)
target     prot opt source               destination     

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination     
DROP       all  --  [anywhere]/0            [anywhere]/0       

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination     
DROP       all  --  [anywhere]/0            [anywhere]/0       

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination     
ACCEPT     all  --  [anywhere]/0            [anywhere]/0       

Chain ufw-track-forward (1 references)
target     prot opt source               destination     

Chain ufw-track-input (1 references)
target     prot opt source               destination     

Chain ufw-track-output (1 references)
target     prot opt source               destination     
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            ctstate NEW
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            ctstate NEW

Chain ufw-user-forward (1 references)
target     prot opt source               destination     

Chain ufw-user-input (1 references)
target     prot opt source               destination     
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:20
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:21
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:22
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:25
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:53
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:80
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:110
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:143
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:443
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:465
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:587
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:993
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:995
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:3306
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:4190
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 40110:40210
ACCEPT     udp  --  [anywhere]/0            [anywhere]/0            udp dpt:53
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:631
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8000
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8080
ACCEPT     tcp  --  [anywhere]/0            [anywhere]/0            tcp dpt:8081

Chain ufw-user-limit (0 references)
target     prot opt source               destination     
LOG        all  --  [anywhere]/0            [anywhere]/0            limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
REJECT     all  --  [anywhere]/0            [anywhere]/0            reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination     
ACCEPT     all  --  [anywhere]/0            [anywhere]/0       

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination     

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination     

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination     

Chain ufw-user-output (1 references)
target     prot opt source               destination     




##### LET'S ENCRYPT #####
acme.sh is installed in /root/.acme.sh/acme.sh
    Since I have no ispconfig panel I am not able to restore my previous setting. But I am sure it is possible to do it from commandline.
    When it happened I had just made an aliaswebsite.

    What is my next move?
     
    Last edited: Oct 7, 2024
    neumann, Oct 6, 2024
    #1
  2. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    edit the vhost file for the site you were trying to add the alias to.
    remove the server alias you were trying to add from that file and then try to restart apache (systemctl restart apache2)
     
    nhybgtvfr, Oct 7, 2024
    #2
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    You most likely removed one of the SSL certificates or replaced it with the wrong symlink, now causing Apache to fail. You must try to undo the steps that you made with replacing the SSL cert. You can also try to run a ISPConfig update and let the updater create a new SSL cert.
     
    till, Oct 7, 2024
    #3
  4. neumann

    neumann Member

    @till
    I had made alias website smtp.bnjpro.dk, and mail.bnjpro.dk for freja.bnjpro.dk, which seemed to work. Well at least I still had access to the ispc control panel. Then I tried to make an imap.bnjpro.dk alias, where I must have made a mistake somehow to cause apache2 to fail in restarting.
    All I did was from within ispc.
    Since I did it from within ispc, I don't know how to step back and replace any certs.
    I did a ispconfig_update.sh --force, which didn't bring me any further.

    @nhybgtvfr
    Where should I edit them. In /etc/apache2/sites-enabled ?
     
    neumann, Oct 7, 2024
    #4
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, so you were not at the steps to reconfigure the SSL certs yet. In this case, gp to the folder /etc/apache2/sites-enabled/ and remove the smlink (file) for the website you added the aliases to and then restart apache.
     
    till, Oct 7, 2024
    #5
  6. remkoh

    remkoh Active Member HowtoForge Supporter

    Run
    Code:
    apachectl configtest
    from the command line to see where Apache is failing and fix the the returned errors.
    Warnings can be ignored.

    Output should contain
    Code:
    Syntax OK
    and Apache will be able to start again then.
     
    remkoh, Oct 7, 2024
    #6
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    While the config test is generaly a good choice to test the config, it can't detect issues with SSL certificates, as it does not test for the existence of the SSL certs nor if their key is correct. So in some cases, you will get a syntax ok while Apache will not start. The bad thing about Apache and SSL certs is that Apache will not start without showing any error message or logging any issue, so detecting the source of such issues is not easy. On the other hand, if Apache does not start without an error, then you can be sure it is SSL certificate-related.
     
    till, Oct 7, 2024
    #7
  8. neumann

    neumann Member

    I moved the file to my home folder, but it did not help. Apache2 still don't start.

    apachectl configtest reply syntax ok.

    So somehow I think Till is right, it is probably certificate related.
     
    Last edited: Oct 7, 2024
    neumann, Oct 7, 2024
    #8
  9. remkoh

    remkoh Active Member HowtoForge Supporter

    As the problem started when trying to renew the certificate and Apache isn't running anymore I would
    - disable SSL and LetsEncrypt for that website in ISPC
    - delete the certificate folder in /root/.acme.sh
    - re-activate LetsEncrypt (and SSL) for that website in ISPC
     
    remkoh, Oct 7, 2024
    #9
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Until which step of that guide have you come? did you already ran any of these command?

    Code:
    cd /etc/postfix/
mv smtpd.cert smtpd.cert-$(date +"%y%m%d%H%M%S").bak
mv smtpd.key smtpd.key-$(date +"%y%m%d%H%M%S").bak
ln -s /root/.acme.sh/mail.example.com/fullchain.cer smtpd.cert
ln -s /root/.acme.sh/mail.example.com/mail.example.com.key smtpd.key
systemctl restart postfix
systemctl restart dovecot
    If yes, then the main system cert is likely gone or points to a wrong file, so we have to undo that.
     
    till, Oct 7, 2024
    #10
  11. neumann

    neumann Member


    Yes I did do that.

    So now I have reestablished the old crt and key files (the ones I renamed with a date and time .bak) and my pages are back up and running - except for my panel (ISPC).
     
    Last edited: Oct 7, 2024
    neumann, Oct 7, 2024
    #11
  12. remkoh

    remkoh Active Member HowtoForge Supporter

    ISPC panel should be using the same server certificate and key (/usr/local/ispconfig/interface/ssl/ispserver.key/crt).
    Or did you create a vhost on port 80/443 with the same domainname as servername in ISPC and proxy that to localhost port 8080 (or whatever port panel is running on)?
    That would break ispserver files auto renewal.

    I don't quite understand why one would create smtpd.key/cert when it holds the same domainname as the servername, so essentially is the same certificate as the server certificate.
    And how this would break Apache.
    Just point Postfix's main.cf entries to the ispserver files and you're done (after reloading Postfix).
     
    remkoh, Oct 7, 2024
    #12
  13. neumann

    neumann Member

    How exactly do we do that?
     
    neumann, Oct 7, 2024
    #13
  14. neumann

    neumann Member

    Ok. Did some trying around restoring some vhosts I had backed up, and now I also have the panel back.
     
    neumann, Oct 7, 2024
    #14
    ahrasis likes this.
  15. neumann

    neumann Member

    So now I'm back at where it all began.
    I have some other issues, but I will bring them up in other threads. Because I still want my server to be able to use DANE, which it has been able to. Right now it seems like I can't make the server use starttls. But I'll start another thread.

    Thank you guys for helping me out on this one.
     
    neumann, Oct 8, 2024
    #15
    ahrasis likes this.
  16. abintipl

    abintipl Member HowtoForge Supporter

    Hi,
    This morning, one of my site Lets Encrypt was shwoing an error, so I updated ISpconfig using command "ispconfig_update.sh --force" but the issue presisted then couple of times I updated ispconfig_update.sh --force
    After that, all my sites working even :8080 port not accessible
    Then, I installed apache2 again but nothing works.
    After reading this post
    apachectl configtest
    The output is
    root@host:~# apachectl configtest
    AH00526: Syntax error on line 20 of /etc/apache2/sites-enabled/000-apps.vhost:
    Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration
    Action 'configtest' failed.
    The Apache error log may have more information.
    Can someone please help me to restore it
    please help with clear insturctions to follow!
    thanks & regards
     
    abintipl, Oct 11, 2024
    #16
  17. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    you have anything else on that line in the file?
    by default it should be:
    Code:
      # SSL Configuration
  SSLEngine On
    SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
    SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
    SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
     
    nhybgtvfr, Oct 11, 2024
    #17
  18. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    or maybe the ssl module has been disabled..

    can be enabled with:

    Code:
    a2enmod ssl
     
    nhybgtvfr, Oct 11, 2024
    #18
  19. abintipl

    abintipl Member HowtoForge Supporter

    Thank you for the help,
    To your firsr reply, yes, it is very much there
    # SSL Configuration
    SSLEngine On
    SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
    SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
    SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
    To your second reply
    Output

    root@host:/etc/apache2/sites-enabled# a2enmod ssl
    Considering dependency setenvif for ssl:
    Module setenvif already enabled
    Considering dependency mime for ssl:
    Module mime already enabled
    Considering dependency socache_shmcb for ssl:
    Module socache_shmcb already enabled
    Module ssl already enabled

    root@host:/etc/apache2/sites-enabled# systemctl restart apache2
    Job for apache2.service failed because the control process exited with error code.
    See "systemctl status apache2.service" and "journalctl -xe" for details.
    It did not work.
    Only following files are root@host:/etc/apache2/sites-enabled#
    000-default.conf
    acme.conf
    apps.vhost
    default-ssl.conf
    ispconfig.conf
    ispconfig.vhost
    site.mydomain.com.vhost
    mydomain.com.vhost
    site1.mydomain.com.vhost
    Please advice
    Thanks
     
    abintipl, Oct 11, 2024
    #19
  20. remkoh

    remkoh Active Member HowtoForge Supporter

    If SSL is enabled but Apache says the command 'SSLEngine' is invalid I would think your file /etc/apache2/sites-available/apps.vhost is messed up.
    The only way the command can be invalid is when it's called from the wrong place, outside the <VirtualHost> tags.
    Or inside tags it can't be called in.
    Line 20 is correct for 'SSLEngine On' and line 9 should be the <VirtualHost> opening tag (and closed at line 92).
    Just above 'SSLEngine On' is are <Directory> and <FileMatch> tags. Are they still closed properly?
     
    Last edited: Oct 11, 2024
    remkoh, Oct 11, 2024
    #20
Page 1 of 2

Share This Page