I recently did security updates and I can’t seem to launch HTTPD services after these updates were completed:
I get this error in the log:
[Sat May 19 01:16:24.719582 2018] [ssl:emerg] [pid 3262] AH02572: Failed to configure at least one certificate a$
[Sat May 19 01:16:24.719635 2018] [ssl:emerg] [pid 3262] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_$
[Sat May 19 01:16:24.719640 2018] [ssl:emerg] [pid 3262] AH02311: Fatal error initialising mod_ssl, exiting. See$
AH00016: Configuration Failed
Everything worked fine included auto renews prior to updating. I am just not sure where to start to fix the issue. For the time being I have rolled by the server to a state before the updates. I am testing on another server.
These are the updates that ran:
Installing:
httpd24 x86_64 2.4.33-2.78.amzn1 amzn-updates 1.5 M
httpd24-tools x86_64 2.4.33-2.78.amzn1 amzn-updates 96 k
mod24_ssl x86_64 1:2.4.33-2.78.amzn1 amzn-updates 124 k
openssl x86_64 1:1.0.2k-12.109.amzn1 amzn-updates 1.8 M
openssl-devel x86_64 1:1.0.2k-12.109.amzn1 amzn-updates 1.6 M
It looks like these errors are truncated. Can you post the full lines?
From previous experience working with EL distros, it is possible that the package upgrades may have overwritten your conf files back to the package defaults. I don't really remember what the exact behavior is but it's bitten me before.
Binary file /etc/httpd/modules/mod_ssl.so matches
/etc/httpd/conf.d/ssl.conf:# Point SSLCertificateFile at a PEM encoded certificate. If
/etc/httpd/conf.d/ssl.conf:SSLCertificateFile /etc/letsencrypt/live/blog.ohanacruises.com/fullchain.pem
/etc/httpd/conf.d/ssl.conf:SSLCertificateKeyFile /etc/letsencrypt/live/blog.ohanacruises.com/privkey.pem
/etc/httpd/conf.d/ssl.conf:# the referenced file can be the same as SSLCertificateFile
[root@ip-172-31-34-93 ec2-user]# grep -REi "(sslcertificatefile|sslcertificatekeyfile)" /etc/httpd
Binary file /etc/httpd/modules/mod_ssl.so matches
/etc/httpd/conf.d/ssl.conf.rpmnew:# Point SSLCertificateFile at a PEM encoded certificate. If
/etc/httpd/conf.d/ssl.conf.rpmnew:SSLCertificateFile /etc/pki/tls/certs/localhost.crt
/etc/httpd/conf.d/ssl.conf.rpmnew:SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
/etc/httpd/conf.d/ssl.conf.rpmnew:# the referenced file can be the same as SSLCertificateFile
/etc/httpd/conf.d/ssl.conf:# Point SSLCertificateFile at a PEM encoded certificate. If
/etc/httpd/conf.d/ssl.conf:SSLCertificateFile /etc/letsencrypt/live/blog.ohanacruises.com/fullchain.pem
/etc/httpd/conf.d/ssl.conf:SSLCertificateKeyFile /etc/letsencrypt/live/blog.ohanacruises.com/privkey.pem
/etc/httpd/conf.d/ssl.conf:# the referenced file can be the same as SSLCertificateFile
Binary file /etc/httpd/modules/mod_ssl.so matches
/etc/httpd/conf.d/ssl.conf:# Point SSLCertificateFile at a PEM encoded certificate. If
/etc/httpd/conf.d/ssl.conf:SSLCertificateFile /etc/letsencrypt/live/blog.ohanacruises.com/fullchain.pem
/etc/httpd/conf.d/ssl.conf:SSLCertificateKeyFile /etc/letsencrypt/live/blog.ohanacruises.com/privkey.pem
/etc/httpd/conf.d/ssl.conf:# the referenced file can be the same as SSLCertificateFile
Error from log:
[Sat May 19 02:42:53.482749 2018] [ssl:emerg] [pid 8508] AH02572: Failed to configure at least one certificate and key for blog.ohanacruises.com:80
[Sat May 19 02:42:53.482804 2018] [ssl:emerg] [pid 8508] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Sat May 19 02:42:53.482809 2018] [ssl:emerg] [pid 8508] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/httpd/error_log for more information
AH00016: Configuration Failed