Apache can not start after cert


#1

I ran the certbot --apache successfully but when i attempt to restart my apache i get this error. If it is important the apache server has userdirs enabled

sudo service apache2 start
* Starting web server apache2                                                                                                                                                                                    
Action 'start' failed.
The Apache error log may have more information.

The error log for more details says

[Mon Feb 26 19:51:21.757917 2018] [ssl:emerg] [pid 44267] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
[Mon Feb 26 19:51:21.757971 2018] [ssl:emerg] [pid 44267] AH02312: Fatal error initialising mod_ssl, exiting.

The le-ssl.conf in sites available that cert bot made shows this

<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /home/michael_risher/public_html/pathways
ServerName michael-tech.tk
ServerAlias www.michael-tech.tk
<Directory "/home/michael_risher/public_html/pathways">
        Options Indexes FollowSymLinks
        AllowOverride FileInfo Options
        allow from all
#               Require all granted
</Directory>
SSLCertificateFile /etc/letsencrypt/live/michael-tech.tk/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/michael-tech.tk/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/michael-tech.tk/chain.pem
</VirtualHost>
</IfModule>

even after disabling both the ssl and nonssl conf apache is unable to start and i have no idea why. Only disabling the entire ssl mod will allow apache to start back up again.


#2

Please show the output of the command:

httpd -t -D DUMP_VHOSTS


#3
AH00526: Syntax error on line 12 of /etc/apache2/sites-enabled/michael-tech.tk-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/michael-tech.tk/cert.pem' does not exist or is empty
Action '-t -D DUMP_VHOSTS' failed.
The Apache error log may have more information.

It seems that the cert.pem is marked as empty. Looking further into this i can see the ls of the letsencrypt directory which looks like

total 48
drwxr-xr-x   9 root root 4096 Feb 27 12:22 ./
drwxr-xr-x 105 root root 4096 Feb 27 06:50 ../
drwx------   4 root root 4096 Feb 26 19:39 accounts/
drwx------   3 root root 4096 Feb 26 19:24 archive/
-rw-r--r--   1 root root  121 Jan 30 18:02 cli.ini
drwxr-xr-x   2 root root 4096 Feb 26 19:24 csr/
drwx------   2 root root 4096 Feb 26 19:24 keys/
drwx------   3 root root 4096 Feb 26 19:24 live/
-rw-r--r--   1 root root 1619 Feb 26 19:24 options-ssl-apache.conf
drwxr-xr-x   2 root root 4096 Feb 26 19:24 renewal/
drwxr-xr-x   5 root root 4096 Feb  8 12:55 renewal-hooks/
-rw-r--r--   1 root root   64 Feb 26 19:24 .updated-options-ssl-apache-conf-digest.txt

I guessing it is because the live directory is has a chmod of 700 since when i am root i can read the cert.
should i chmod all the directories that are 700 to 755 or 744.


#4

Try to look into that file first:

cat /etc/letsencrypt/live/michael-tech.tk/cert.pem

If there would be a permission problem, the error message would be another, I think.


#5

I can’t cat that unless i’m in sudo su, but when I am in root i can cat it and i see the beginning of the cert all the way to the end of the cert. (Sorry for the slowness I am dealing with family issues)


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.