Apache cannot restart after enabling Lets encrypt SSL

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: samraksha.ceikerala.gov.in
I ran this command:
After enabling SSL and added "SSLEngine on" in the configuration file, apache won't start

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version): Ubuntu 20.04Lts

My hosting provider, if applicable, is: SDC

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 0.40.0

Please tell us more about this part. How did you enable SSL?

4 Likes

The output from apache2ctl -t would also be useful.

2 Likes

Syntax OK

Side note: that is an old version of Certbot, please see Certbot 2.2.0 Release

1 Like

What does this show?

sudo systemctl status apache2 --no-pager --full
4 Likes

apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2023-01-24 18:40:32 IST; 2h 32min ago
Docs: Apache HTTP Server Version 2.4 Documentation - Apache HTTP Server Version 2.4
Process: 2710817 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)

Jan 24 18:40:32 SAMRAKSHA systemd[1]: Starting The Apache HTTP Server...
Jan 24 18:40:32 SAMRAKSHA apachectl[2710817]: Action 'start' failed.
Jan 24 18:40:32 SAMRAKSHA apachectl[2710817]: The Apache error log may have more information.
Jan 24 18:40:32 SAMRAKSHA systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Jan 24 18:40:32 SAMRAKSHA systemd[1]: apache2.service: Failed with result 'exit-code'.
Jan 24 18:40:32 SAMRAKSHA systemd[1]: Failed to start The Apache HTTP Server.

And what does the Apache error log show?

4 Likes

Failed to configure CA certificate chain!
AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed

Looks like you might have corrupted the certificate files.

Please show the VirtualHost definition for HTTPS (port 443). Put 3 backticks before and after the output like this

```
Virtual Host definition
```

4 Likes

<VirtualHost _default_:443>
        ServerName samraksha.ceikerala.gov.in
        ServerAlias www.samraksha.ceikerala.gov.in
        DocumentRoot /var/www/html/samraksha/public
        SSLEngine on
        SSLCertificateFile    /etc/ssl/certs/domain.crt
        SSLCertificateKeyFile /etc/ssl/private/domain.key
        SSLCertificateChainFile /etc/ssl/certs/intermediate.pem
        SSLProtocol TLSv1.2
        SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        SSLHonorCipherOrder on
        <Directory /var/www/html/samraksha/public>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>

1 Like

Those are not the normal file names from Certbot. How did you create those files?

And, what does this show?

sudo certbot certificates

And, what version of Apache are you using?

3 Likes

Try apache2ctl -M and tell us if mod_ssl is enabled.

If it isn't, run a2enmod ssl

And, if it is enabled, edit your Apache config to serve your website on http, port 80, unencrypted, and then run certbot with no options.

3 Likes

Thanku for your response.
Actually I removed all the current certificates and installed it from scratch and it worked!!!!.
Thankyou

3 Likes