Hey guys, this is my first post here, so don't push to hard on me, ok I've been looking around for some time to find any helpful topics on the web but wasn't lucky so far. Let's try it this way. My system is a Debian 3.1 version (Postfix, Apache2 (Apache/2.0.54 mod_ssl/2.0.54), MySql and Proftp, also). And here's my problem (and I think it's not related to system only): Every Sunday my Apache goes down so I sat down and checked the logs. The only thing I found, is an entry in /var/log/apache2/error.log which says: Code: [Sun Aug 06 06:25:02 2006] [notice] caught SIGTERM, shutting down Well, every Sunday means that it has something to do with the crons running on my system. So I checked the weekly cron in /etc/cron.weekly and found the standard files which are: But wasn't lucky here, too. After checking the /etc/logrotate.d/apache2 I found this: Code: /var/log/apache2/*.log { weekly missingok rotate 52 compress delaycompress notifempty create 640 root adm sharedscripts postrotate if [ -f /var/run/apache2.pid ]; then /etc/init.d/apache2 restart > /dev/null fi endscript } Here you can see that the Apache is restarted but for some reason it fails. OK, more digging and after one week I found this in the apache error log: Code: [Sun Aug 13 06:25:01 2006] [error] Init: Unable to read pass phrase [Hint: key introduced or changed before restart?] [Sun Aug 13 06:25:01 2006] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag [Sun Aug 13 06:25:01 2006] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Sun Aug 13 06:25:01 2006] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [Sun Aug 13 06:25:01 2006] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib As far as I understand the cron is restarting the apache but apache waits for the SSL private key password but there's no one who types it in - right? So it sends the SIGTERM signal and that's it: no Website online Now my question: am I right? Is this the problem and if so how do I make sure that when apache is restarting, the password is submitted automatically? Any hints are greatly appreciated. Thanks, Mik
OK, I found one solution but I'm not very happy with it because it reduces the cert security level. To get rid of the pass phrase request, simply create a new key without the -des3 (or what ever you've chosen) option. Here's a very short (I'm sure you'll find these information 1 billion times on the net much better described than here) how to Apache-SSL / Apache ModSSL key and CSR Generation without pass phrase instructions: 1. Generate the private key Code: openssl genrsa –out yourdomain.com.key 1024 2. Generate the CSR Code: openssl req –new –key yourdomain.com.key –out yourdomain.com.csr 3. Request the CRT from a CA Unit or create your own one. 4. Edit Apache's conf and restart. Apache will never again ask you to enter the pass for your privat key and you don't have to worry about cron jobs that require to restart Apache. Ohh, btw, any commends STILL appreciated... Mik
I guess when you created the certificates for Apache, you chose to encrypt the private key with a pass phrase (as shown here for ISPConfig's Apache: http://www.ispconfig.org/manual_installation.htm ). If you do this, then Apache always needs human intervention (someone who types in the pass phrase) to start/restart. Therefore you should choose not to encrypt the private key.
There is no need to regenerate a key/csr/certificate. If you know the SSL Passphrase, you can simply remove it: http://www.5dollarwhitebox.org/wiki..._Certificates#Remove_Passphrase_From_Key_File Code: # cp www.domain.com.key www.domain.com.key.passphrase # openssl rsa -in www.domain.com.key.passphrase -out www.domain.com.key read RSA key Enter PEM pass phrase: <need to know passphrase to remove it> writing RSA key
Same problem, different cause I have same problem with Ubuntu Server 8.04. every package is in its default version. The fact is that I haven't enabled SSL at all. so the problem can't be caused by SSL or something. I checked configuration and found out that logrotate is killing my apache. but there are no error messages in the log only one line: caught SIGTERM, shutting down. I tried "apache2ctl configtest" and it says I have no problem with my config file. PS: I tried once to install cpanel but I didn't complete the installation procedure, cpanel is not working now, but its files are in my /usr/local/cpanel.
Mayb monit is a solution for you - it starts Apache automatically if it is not running: http://www.howtoforge.com/server_monitoring_with_munin_monit_debian_etch
Similar problem Apache dies I have a similar problem. It appears that my apache instance dies. Most often on sundays. Not every sunday but at least every second or third. I'm running isp config on Ubuntu 6.06. It might have somthing to do with this bug https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/174805 However, I haven't managed to fund out if it's also present in Dapper. But it seems that Apache does not restart properly after log rotation. The beginning of my error.log after rotation Code: [Sun Jul 06 06:25:41 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec2) [Sun Jul 06 06:25:41 2008] [warn] module proxy_http_module is already loaded, skipping [Sun Jul 06 06:25:41 2008] [notice] Apache/2.0.55 (Ubuntu) PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a configured -- resuming normal operations [Sun Jul 06 11:48:21 2008] [notice] caught SIGTERM, shutting down [Sun Jul 06 11:48:23 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec2) [Sun Jul 06 11:48:23 2008] [warn] module proxy_http_module is already loaded, skipping [Sun Jul 06 11:48:23 2008] [notice] Apache/2.0.55 (Ubuntu) PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a configured -- resuming normal operations [Sun Jul 06 12:16:22 2008] [notice] caught SIGTERM, shutting down [Sun Jul 06 12:16:23 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec2) [Sun Jul 06 12:16:23 2008] [warn] module proxy_http_module is already loaded, skipping [Sun Jul 06 12:16:24 2008] [notice] Apache/2.0.55 (Ubuntu) PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a configured -- resuming normal operations [Sun Jul 06 12:39:21 2008] [notice] Graceful restart requested, doing restart [Sun Jul 06 12:39:21 2008] [warn] module proxy_http_module is already loaded, skipping [Sun Jul 06 12:39:22 2008] [notice] Apache/2.0.55 (Ubuntu) PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a configured -- resuming normal operations [Sun Jul 06 12:39:22 2008] [warn] long lost child came home! (pid 21639) [Sun Jul 06 12:42:17 2008] [notice] caught SIGTERM, shutting down Can someone explain what the 4 first lines mean? I'm also concerned about Code: [warn] module proxy_http_module is already loaded, skipping because I can't figure out why proxy_http_module seems to be loaded twice. /Johan
