OK:
# cat bree
<VirtualHost *:80>
ServerName bree.org.uk
ServerAdmin pocallaghan@gmail.com
DocumentRoot /var/www/bree.org.uk/html
ErrorLog /var/www/bree.org.uk/error.log
CustomLog /var/www/bree.org.uk/log/access.log combined
RewriteEngine on
RewriteRule ^/test.html$ /test2.html [R,L]
</VirtualHost>
This confirms that VirtualHost is not being used by Apache for some reason. I should have received a 302 Redirect from Apache from test.html to test2.html. Instead I got a 404
curl -I http://bree.org.uk/test.html
HTTP/1.1 404 Not Found
Date: Sat, 22 Apr 2023 18:45:49 GMT
Server: Apache/2.4.57 (Fedora Linux) OpenSSL/3.0.8
I see. I have the impression that the config file isn't being read. When I name it bree.conf, I get an error when starting Apache:
Job for httpd.service failed because the control process exited with error code.
See "systemctl status httpd.service" and "journalctl -xeu httpd.service" for details.
When it's just named 'bree', there is no error, which could indicate that it's not reading the file.
As an experiment, I copy-pasted the contents of the file directly into httpd.conf and restarted Apache. I got the exact same error, so it looks like the problem is with the contents of that file.
What do these say after you get the error starting httpd?
sudo systemctl status httpd -l --no-pager
sudo journalctl -xeu httpd.service | tail -30
(omit sudo if you dont need it)
systemctl status httpd -l --no-pager
× httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled)
Drop-In: /usr/lib/systemd/system/service.d
└─10-timeout-abort.conf
/usr/lib/systemd/system/httpd.service.d
└─php-fpm.conf
Active: failed (Result: exit-code) since Sat 2023-04-22 21:01:28 BST; 49min ago
Duration: 2h 20min 20.289s
Docs: man:httpd.service(8)
Process: 10643 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 10643 (code=exited, status=1/FAILURE)
Status: "Reading configuration..."
CPU: 52msApr 22 21:01:28 Bree systemd[1]: Starting httpd.service - The Apache HTTP Server...
Apr 22 21:01:28 Bree systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Apr 22 21:01:28 Bree systemd[1]: httpd.service: Failed with result 'exit-code'.
Apr 22 21:01:28 Bree systemd[1]: Failed to start httpd.service - The Apache HTTP Server.
[root@Bree conf.d]#
[root@Bree conf.d]# journalctl -xeu httpd.service | tail -30
Apr 22 21:01:28 Bree systemd[1]: Starting httpd.service - The Apache HTTP Server...
░░ Subject: A start job for unit httpd.service has begun execution
░░ Defined-By: systemd
░░ Support: systemd-devel Info Page
░░
░░ A start job for unit httpd.service has begun execution.
░░
░░ The job identifier is 6552.
Apr 22 21:01:28 Bree systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: systemd-devel Info Page
░░
░░ An ExecStart= process belonging to unit httpd.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Apr 22 21:01:28 Bree systemd[1]: httpd.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: systemd-devel Info Page
░░
░░ The unit httpd.service has entered the 'failed' state with result 'exit-code'.
Apr 22 21:01:28 Bree systemd[1]: Failed to start httpd.service - The Apache HTTP Server.
░░ Subject: A start job for unit httpd.service has failed
░░ Defined-By: systemd
░░ Support: systemd-devel Info Page
░░
░░ A start job for unit httpd.service has finished with a failure.
░░
░░ The job identifier is 6552 and the job result is failed.
Well, that was not very helpful info. Does httpd -t show anything helpful?
Can you upload the bree conf file for port 80? Copy it to a .txt extension and use the upload button on this post menu.
I am wondering if maybe there is an odd special character in the file which is causing a problem.
I don't have any other ideas. Sorry.
Sometimes we suggest using the --webroot authenticator instead of --apache when there are very strange problems. But, with --webroot you must specify the --webroot-path (or -w) which is the DocumentRoot for the VirtualHost.
In this case it's hard to know what that should be since the VirtualHost isn't working right. But, if it's using the default maybe that could be made to work.
I'll do that (see below). However prompted by a discussion on the Fedora Users list I've had a look at the Apache docs for mod_md which seem to say that Apache can handle all the certificate stuff itself, so why do I need Certbot?
Anyway, here's the file:
bree.txt (306 Bytes)
mod_md is a terrific alternative.
Give me a bit to review your config file. I'll even try it in my own Apache test system.
OK. I've installed mod_md and will play with it a bit, probably tomorrow (it's 11pm here)
I wonder if that would prevent certbot from accessing the html folder.
Don't think so. The --apache plug-in sets up a separate folder for the challenges. (pretty sure anyway)
Partial temp change by --apache:
<Directory /var/lib/letsencrypt/http_challenges>
@pjoc I viewed a hexdump of your bree.conf file and didn't see anything odd.
I transferred it byte-for-byte to my own Apache test server and the syntax and dump_vhosts was fine (below). I used an Ubuntu and Apache 2.4.52 but that shouldn't matter. There is definitely something odd about your Apache setup.
One possibility is that you have two Apache. We could check the running pid numbers versus what is seen by systemctl status httpd to see they are the same.
This is what your conf looks like on my system. Starting Apache was successful both with bree.conf by itself and mixed with other VirtualHost configs on my test system.
sudo apache2ctl -t -D DUMP_VHOSTS
VirtualHost configuration:
*:80 bree.org.uk (/etc/apache2/sites-enabled/bree.conf:1)
I had to make the folders for the DocumentRoot, error and access logs to allow Apache to run but I did not change your original conf file.
I hope your mod_md works out but it looks like Apache has some fundamental problem
I checked the PIDs and they definitely match, so only one Apache is running. It remains the case that when I name the config file as 'bree.conf' I get an error when trying to start Apache and it doesn't start. When I name it as 'bree', this doesn't happen, presumably because it simply isn't seeing the file.
That implies that the problem is with the file itself, and I don't think using mod_md is going to help. As you say, this looks like a more fundamental problem. I installed Apache specifically for this use case, directly from the Fedora repos, but I may have inadvertently changed something. Last resort is to completely wipe the installation and start again.
Thanks for all your help. If I find out what the problem is I'll post it here.
Plaese show:
[or wherever the modules are being loaded from]
ls -l /etc/apache2/mods-enabled/*.load
Problem solved.
It all turned out to be the fault of SElinux. Some of my files, despite having proper Linux permissions, weren't accessible in the right security context. When I turned SElinux off (setenforce 0) I was able to reload Apache with the bree.conf file and Certbot just worked:
httpd -t -D DUMP_VHOSTS
VirtualHost configuration:
*:80 bree.org.uk (/etc/httpd/conf.d/bree.conf:1)
*:443 is a NameVirtualHost
default server bree.org.uk (/etc/httpd/conf.d/bree-le-ssl.conf:2)
port 443 namevhost bree.org.uk (/etc/httpd/conf.d/bree-le-ssl.conf:2)
port 443 namevhost bree.org.uk (/etc/httpd/conf.d/ssl.conf:56)
Thanks to everyone who contributed ideas. Fingers crossed it'll be plain sailing from now on ...
This needs fixing:
That's a name:port overlap.
I'm not sure what you mean by 'name:port' overlap. The /etc/httpd/conf.d/bree-le-ssl.conf file was created by Certbot. Should I remove /etc/httpd/conf.d/ssl.conf?
There are two VirtualHosts with the same domain name and port. That can appear to work but can lead to odd results later (or even now).
You should review the ssl.conf file before deleting it. It may have other SSL related settings which need to be moved to the general apache config or maybe the other ssl conf file.
Can you show us that? We can help. Please use the 3 backticks like you have been.
OK
[ssl.conf.txt|attachment](upload://7gjyQLI3XdhsIFdka9pDbHpEgim.txt) (9.3 KB)
I don't think I'll delete it. This is file that came with Apache, with no modifications.