Certificate generation failure because of Job for httpd.service invalid error

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: samt.net.au

I ran this command: certbot

It produced this output:
Error while running apachectl graceful.

Job for httpd.service invalid.

Unable to restart apache using ['apachectl', 'graceful']
Error while running apachectl restart.

Job for httpd.service failed. See "systemctl status httpd.service" and "journalctl -xe" for details.

Error while running apachectl graceful.

Job for httpd.service invalid.

Unable to restart apache using ['apachectl', 'graceful']
Error while running apachectl restart.

Job for httpd.service failed. See "systemctl status httpd.service" and "journalctl -xe" for details.

Encountered exception during recovery: certbot.errors.MisconfigurationError: Error while running apachectl restart.

Job for httpd.service failed. See "systemctl status httpd.service" and "journalctl -xe" for details.
Error while running apachectl restart.

Job for httpd.service failed. See "systemctl status httpd.service" and "journalctl -xe" for details.

My web server is (include version): Apache

The operating system my web server runs on is (include version): Centos 7

My hosting provider, if applicable, is: Vultr

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.5.0

Your Apache configuration is probably invalid, and Certbot needs it to be valid before it can do anything.

You can check the failure with:

httpd -t

httpd -t returns: Syntax OK
There seem to be some other problem

What do these show?:

The followings are the output of the commands you have mentioned. BTW, Apache is up and running and can start and stop with httpd command. You can see that the site is up even though the TLS certificate has expired. https://samt.net.au/

systemctl status httpd.service

● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: protocol) since Mon 2023-04-17 12:49:17 UTC; 9h ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 25794 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=0/SUCCESS)
Main PID: 25794 (code=exited, status=0/SUCCESS)

Apr 17 12:49:17 samantech systemd[1]: Starting The Apache HTTP Server...
Apr 17 12:49:17 samantech httpd[25794]: AH00558: httpd: Could not reliably determine the server's fully qualified domain ...message
Apr 17 12:49:17 samantech httpd[25794]: httpd (pid 26436) already running
Apr 17 12:49:17 samantech systemd[1]: Failed to start The Apache HTTP Server.
Apr 17 12:49:17 samantech systemd[1]: Unit httpd.service entered failed state.
Apr 17 12:49:17 samantech systemd[1]: httpd.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

[root@samantech ~]# journalctl -xe

Apr 17 22:16:02 samantech sshd[7902]: Failed password for root from 61.177.173.36 port 20468 ssh2
Apr 17 22:16:02 samantech unix_chkpwd[7915]: password check failed for user (root)
Apr 17 22:16:02 samantech sshd[7902]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Apr 17 22:16:02 samantech sshd[7906]: Failed password for root from 61.177.173.37 port 21506 ssh2
Apr 17 22:16:03 samantech unix_chkpwd[7917]: password check failed for user (root)
Apr 17 22:16:03 samantech sshd[7906]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Apr 17 22:16:04 samantech sshd[7902]: Failed password for root from 61.177.173.36 port 20468 ssh2
Apr 17 22:16:05 samantech sshd[7906]: Failed password for root from 61.177.173.37 port 21506 ssh2
Apr 17 22:16:05 samantech unix_chkpwd[7922]: password check failed for user (root)
Apr 17 22:16:05 samantech sshd[7902]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Apr 17 22:16:05 samantech unix_chkpwd[7923]: password check failed for user (root)
Apr 17 22:16:05 samantech sshd[7906]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Apr 17 22:16:08 samantech sshd[7902]: Failed password for root from 61.177.173.36 port 20468 ssh2
Apr 17 22:16:08 samantech sshd[7906]: Failed password for root from 61.177.173.37 port 21506 ssh2
Apr 17 22:16:08 samantech sshd[7902]: Received disconnect from 61.177.173.36 port 20468:11: [preauth]
Apr 17 22:16:08 samantech sshd[7902]: Disconnected from 61.177.173.36 port 20468 [preauth]
Apr 17 22:16:08 samantech sshd[7902]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.36
Apr 17 22:16:08 samantech sshd[7906]: Received disconnect from 61.177.173.37 port 21506:11: [preauth]
Apr 17 22:16:08 samantech sshd[7906]: Disconnected from 61.177.173.37 port 21506 [preauth]
Apr 17 22:16:08 samantech sshd[7906]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.173.37
Apr 17 22:16:54 samantech sshd[7883]: Connection reset by 61.177.173.37 port 43144 [preauth]
Apr 17 22:18:18 samantech sshd[7946]: Connection reset by 61.177.173.37 port 46314 [preauth]
Apr 17 22:21:01 samantech unix_chkpwd[8294]: password check failed for user (root)
Apr 17 22:21:01 samantech sshd[8289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.15
Apr 17 22:21:01 samantech sshd[8289]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Apr 17 22:21:02 samantech sshd[8289]: Failed password for root from 43.155.138.210 port 49782 ssh2
Apr 17 22:21:02 samantech sshd[8289]: Received disconnect from 43.155.138.210 port 49782:11: Bye Bye [preauth]
Apr 17 22:21:02 samantech sshd[8289]: Disconnected from 43.155.138.210 port 49782 [preauth]
Apr 17 22:22:24 samantech sshd[8393]: Invalid user changjo from 43.155.138.210 port 58332
Apr 17 22:22:24 samantech sshd[8393]: input_userauth_request: invalid user changjo [preauth]
Apr 17 22:22:24 samantech sshd[8393]: pam_unix(sshd:auth): check pass; user unknown
Apr 17 22:22:24 samantech sshd[8393]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.15
Apr 17 22:22:26 samantech sshd[8393]: Failed password for invalid user changjo from 43.155.138.210 port 58332 ssh2
Apr 17 22:22:27 samantech sshd[8393]: Received disconnect from 43.155.138.210 port 58332:11: Bye Bye [preauth]
Apr 17 22:22:27 samantech sshd[8393]: Disconnected from 43.155.138.210 port 58332 [preauth]

There's the problem. Possibly an orphaned httpd process.

What you can try is to stop the service, kill off all the remaining processes, and start it again.

systemctl stop httpd
killall -9 httpd
systemctl restart httpd

Or even reboot the server.

After running all these commands and rebooting the server, still getting the same errors as before.

systemctl stop httpd
killall -9 httpd
systemctl restart httpd

[root@samantech ~]# systemctl restart httpd
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.

I have to use httpd -k start to start Apache

Please show:
find / -name httpd
find / -name apache2

Please see below.

[root@samantech ~]# find / -name httpd

/etc/httpd
/etc/logrotate.d/httpd
/etc/sysconfig/httpd
/run/httpd
/var/log/httpd
/var/lib/snapd/snap/certbot/2913/lib/python3.8/site-packages/certbot_apache/_internal/tests/testdata/centos7_apache/apache/httpd
/var/lib/snapd/snap/certbot/2913/lib/python3.8/site-packages/certbot_apache/_internal/tests/testdata/centos7_apache/apache/sysconfig/httpd
/var/cache/httpd
/usr/include/httpd
/usr/sbin/httpd
/usr/lib64/httpd
/usr/share/httpd
/usr/libexec/initscripts/legacy-actions/httpd

[root@samantech ~]# find / -name apache2

/var/lib/snapd/snap/certbot/2913/lib/python3.8/site-packages/certbot_apache/_internal/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2
/var/lib/snapd/snap/certbot/2913/lib/python3.8/site-packages/certbot_apache/_internal/tests/testdata/debian_apache_2_4/default_vhost/apache2
/var/lib/snapd/snap/certbot/2913/lib/python3.8/site-packages/certbot_apache/_internal/tests/testdata/debian_apache_2_4/multi_vhosts/apache2
/var/lib/snapd/snap/certbot/2913/lib/python3.8/site-packages/certbot_apache/_internal/tests/testdata/debian_apache_2_4/multiple_vhosts/apache2
/var/lib/snapd/snap/certbot/2913/lib/python3.8/site-packages/certbot_apache/_internal/tests/testdata/gentoo_apache/apache/apache2
/var/lib/snapd/snap/certbot/2913/lib/python3.8/site-packages/certbot_apache/_internal/tests/testdata/gentoo_apache/apache/conf.d/apache2
/usr/local/rvm/gems/ruby-2.4.2/gems/passenger-5.1.12/resources/templates/apache2
/usr/local/rvm/gems/ruby-2.4.2/gems/passenger-5.1.12/dev/ci/tests/apache2
/usr/local/rvm/gems/ruby-2.4.2/gems/passenger-5.1.12/buildout/apache2
/usr/local/rvm/gems/ruby-2.4.2/gems/passenger-5.1.12/src/ruby_supportlib/phusion_passenger/apache2
/usr/local/rvm/gems/ruby-2.6.6/gems/passenger-6.0.5/resources/templates/apache2
/usr/local/rvm/gems/ruby-2.6.6/gems/passenger-6.0.5/buildout/apache2
/usr/local/rvm/gems/ruby-2.6.6/gems/passenger-6.0.5/src/ruby_supportlib/phusion_passenger/apache2

hmm...
I only see httpd - no Apache2.

[root@samantech ~]# find / -name apache2

/var/lib/snapd/snap/certbot/2913/lib/python3.8/site-packages/certbot_apache/_internal/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2
/var/lib/snapd/snap/certbot/2913/lib/python3.8/site-packages/certbot_apache/_internal/tests/testdata/debian_apache_2_4/default_vhost/apache2
/var/lib/snapd/snap/certbot/2913/lib/python3.8/site-packages/certbot_apache/_internal/tests/testdata/debian_apache_2_4/multi_vhosts/apache2
/var/lib/snapd/snap/certbot/2913/lib/python3.8/site-packages/certbot_apache/_internal/tests/testdata/debian_apache_2_4/multiple_vhosts/apache2
/var/lib/snapd/snap/certbot/2913/lib/python3.8/site-packages/certbot_apache/_internal/tests/testdata/gentoo_apache/apache/apache2
/var/lib/snapd/snap/certbot/2913/lib/python3.8/site-packages/certbot_apache/_internal/tests/testdata/gentoo_apache/apache/conf.d/apache2
/usr/local/rvm/gems/ruby-2.4.2/gems/passenger-5.1.12/resources/templates/apache2
/usr/local/rvm/gems/ruby-2.4.2/gems/passenger-5.1.12/dev/ci/tests/apache2
/usr/local/rvm/gems/ruby-2.4.2/gems/passenger-5.1.12/buildout/apache2
/usr/local/rvm/gems/ruby-2.4.2/gems/passenger-5.1.12/src/ruby_supportlib/phusion_passenger/apache2
/usr/local/rvm/gems/ruby-2.6.6/gems/passenger-6.0.5/resources/templates/apache2
/usr/local/rvm/gems/ruby-2.6.6/gems/passenger-6.0.5/buildout/apache2
/usr/local/rvm/gems/ruby-2.6.6/gems/passenger-6.0.5/src/ruby_supportlib/phusion_passenger/apache2

I meant I don't see the executable file for Apache2.

Which means my theory about multiple versions of httpd and apache goes out the window...

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.