Apache won't start (CentOS 6)


#1

I folowed this guide to install Let’s Encrypt on a CentOS 6 VPS: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7
(I could’t find one for CentOS 6) and now apache won’t start:

service httpd start
Starting httpd: [Thu Sep 15 20:47:23 2016] [warn] NameVirtualHost *:443 has no VirtualHosts
[Thu Sep 15 20:47:23 2016] [warn] NameVirtualHost *:80 has no VirtualHosts
(98)Address already in use: make_sock: could not bind to address [::]:443
[ OK ]

> httpd -S
> [Thu Sep 15 20:48:48 2016] [warn] NameVirtualHost *:443 has no VirtualHosts
> [Thu Sep 15 20:48:48 2016] [warn] NameVirtualHost *:80 has no VirtualHosts
> VirtualHost configuration:
> wildcard NameVirtualHosts and _default_ servers:
> *:443                  is a NameVirtualHost
>          default server vpsxxx.ovh.net (/etc/httpd/vhosts/00defaultSSL.conf:2)
>          port 443 namevhost vpsxxx.ovh.net (/etc/httpd/vhosts/00defaultSSL.conf:2)
>                  alias example.com
>                  alias www.example.com
>          port 443 namevhost vpsxxx.ovh.net (/etc/httpd/vhosts/defaultSSL.conf:2)
>                  alias example.com
>                  alias www.example.com
> *:80                   is a NameVirtualHost
>          default server vpsxxx.ovh.net (/etc/httpd/vhosts/00default.conf:2)
>          port 80 namevhost vpsxxx.ovh.net (/etc/httpd/vhosts/00default.conf:2)
>          port 80 namevhost vpsxxx.ovh.net (/etc/httpd/vhosts/default.conf:2)
>          port 80 namevhost www.example.com (/etc/httpd/vhosts/example.com.conf:1)
>                  alias example.com
>          port 80 namevhost mail.example.com (/etc/httpd/vhosts/example.com.conf:29)
>          port 80 namevhost sql.example.com (/etc/httpd/vhosts/example.com.conf:48)
> Syntax OK


> grep -r "SSLCertificateFile" /etc/httpd/
> /etc/httpd/vhosts/defaultSSL.conf:      SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
> /etc/httpd/conf.d/ssl.conf.dist:# Point SSLCertificateFile at a PEM encoded certificate.  If
> /etc/httpd/conf.d/ssl.conf.dist:SSLCertificateFile /etc/pki/tls/certs/localhost.crt
> /etc/httpd/conf.d/ssl.conf.dist:#   the referenced file can be the same as SSLCertificateFile

Any ideas?


#2

Looks like there’s another process that’s currently occupying port 443. You can use netstat -tulpn | grep :443 to check which process is currently listening on that port. Further steps depend on the result - if it’s apache, I’d probably try killing the process and then trying service httpd start again.


#3

Hi,

Thanks for your reply.
I’ve reinstalled my vps and started over, but now when I run > ./letsencrypt-auto --apache -d your_domain.tld it gives me this error: “We were unable to find a vhost with a ServerName or Address of domain.com”. It only lists default.conf and defaultSSL.conf.


#4

Would you mind sharing your apache config? Specifically the file that includes ServerName domain.com (I assume your configuration has that line - otherwise, that’s what the client is complaining about :wink:).


#5

I would probably place domain.com as default server, not the vpsxxx.ovh.net

Can you test that, then issue
apachectl -t
to test your config, and if its ok,
service apache2 restart
Which version of Apache2 is it?


#7

apachectl -t

[Fri Sep 16 20:16:29 2016] [warn] NameVirtualHost *:443 has no VirtualHosts
[Fri Sep 16 20:16:29 2016] [warn] NameVirtualHost *:80 has no VirtualHosts
Syntax OK


#8

Thanks. Do you have a file where you set ServerName domain.com? Otherwise, that’s what’s missing.

If you go back to the guide you linked, this is in the section with /etc/httpd/sites-available/example.com.conf.


#9

I haven’t followed the same guide since it didn’t work. I went with this one: http://www.tecmint.com/install-lets-encrypt-ssl-certificate-to-secure-apache-on-rhel-centos/
There’s no sites-available/ in /etc/httpd/


#10

You’ll probably need to modify the mentioned ssl.conf (or defaultSSL.conf? not sure where that’s coming from) to include ServerName domain.com in the <VirtualHost> in that file.


#11

I’ve added ServerName mysite.com to defaultSSL.conf then ran ./letsencrypt-auto --apache -d mysite.com and this time it worked : Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/…
But the the site is not reachable now.


#12

Mind sharing your defaultSSL.conf?

How exactly is your site failing right now? Can you connect via HTTP? Does the HTTPS connection not work in general, or do you get some specific error message? Could a firewall be interfering?


#13

defaultSSL.conf:

<VirtualHost *:80>
ServerAdmin postmaster@vpsxxx.ovh.net
#SuexecUserGroup ovh users
DocumentRoot /home/ovh/www
<Directory “/home/ovh/www”>
Order allow,deny
Allow from all

ServerName vpsxxx.ovh.net
CustomLog logs/ovh-access_log combined
ScriptAlias /cgi-bin/ /home/ovh/cgi-bin/
<Directory “/home/ovh/cgi-bin”>
Order allow,deny
Allow from all

    suPHP_Engine On
    suPHP_AddHandler x-httpd-php
    suPHP_UserGroup ovh users
    AddHandler x-httpd-php .php

ERR_CONNECTION_REFUSED on http and https


#14

What’s the output of netstat -tulpn | grep :80? Anything in your apache error log? Are you certain this is not firewall-related? (did HTTP work prior to this?)


#15

It worked before adding ServerName mysite.com to defaultSSL.conf
netstat -tulpn | grep :80 has no output.


#16

That implies apache is not running at all. Did you see any error output when you ran letsencrypt-auto? The client would’ve restarted apache while configuring SSL, and if apache failed to start, there should be some kind of output.

What happens when you try to run service httpd start?


#17

service httpd start
Starting httpd: [Fri Sep 16 21:11:37 2016] [warn] NameVirtualHost *:443 has no VirtualHosts
[Fri Sep 16 21:11:37 2016] [warn] NameVirtualHost *:80 has no VirtualHosts
(98)Address already in use: make_sock: could not bind to address [::]:443
[ OK ]


#18

What’s the output of netstat -tulpn | grep :443? This is the error you had initially with the previous guide, so I suspect you’re accidentally running some other service on port 443.


#19

netstat -tulpn | grep :443 has no output.


#20

Hmm, I wonder if this could be caused by multiple Listen directives with the same port. Can you run grep -ri listen /etc/httpd? If this shows more than one result with “Listen 443”, remove all but one.


#21

grep -ri listen /etc/httpd
/etc/httpd/conf/httpd.conf.dist:# Listen: Allows you to bind Apache to specific IP addresses and/or
/etc/httpd/conf/httpd.conf.dist:# Change this to Listen on specific IP addresses as shown below to
/etc/httpd/conf/httpd.conf.dist:#Listen 12.34.56.78:80
/etc/httpd/conf/httpd.conf.dist:Listen 80
/etc/httpd/conf/httpd.conf:# Listen: Allows you to bind Apache to specific IP addresses and/or
/etc/httpd/conf/httpd.conf:# Change this to Listen on specific IP addresses as shown below to
/etc/httpd/conf/httpd.conf:#Listen 12.34.56.78:80
/etc/httpd/conf/httpd.conf:Listen 80
/etc/httpd/conf/httpd.conf:Listen 443
/etc/httpd/conf.d/ssl.conf:# When we also provide SSL we have to listen to the
/etc/httpd/conf.d/ssl.conf:Listen 443
/etc/httpd/conf.d/ssl.conf.dist:# When we also provide SSL we have to listen to the
/etc/httpd/conf.d/ssl.conf.dist:Listen 443