I think certbot erroendously change apache config to bind 80/443 and that causes apaache unable to start due to port collision
1 Like
Hi Mike
There are multiple servers on the machine and on different ports. When geoserver is called as part of a stack on Apache, it generates CORS errors unless it has certs and SSL.
Hi orangepizza
That is my feeling. Certbot changed apache config to be standalone. Nginx is running so starting Apache fails due to those ports being in use.
Happy to correct the config but need guidance.
When using the --apache plugin Certbot will create a VirtualHost for port 443 if one did not exist. It does not create one for port 80 as it expects it to already be there.
You only had a port 443 conflict so probably because of that. Port 80 had no conflict so must be okay for Apache.
Manually remove that new VirtualHost from Apache first and restart Apache. Run this to ensure it is gone
sudo apache2ctl -t -D DUMP_VHOSTS
Then re-run your cert command like this
sudo certbot certonly --apache -d landandwater.com.au
The certonly option will get a cert but not create a port 443 VHost
2 Likes
Hi Mike
I moved the 000-default-le-ssl.conf to a backup subdir.
Then I ran the command: sudo apache2ctl -t -D DUMP_VHOSTS
The console said:
server_operator@soil-health-server:~$ sudo apache2ctl -t -D DUMP_VHOSTS
*AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.1.105. Set the 'ServerName' directive globally to suppress this message*
*VirtualHost configuration:*
**:4443 192.168.1.105 (/etc/apache2/sites-enabled/default-ssl.conf:2)*
**:8888 is a NameVirtualHost*
** default server soil-health.com.au (/etc/apache2/sites-enabled/000-default.conf:1)*
** port 8888 namevhost soil-health.com.au (/etc/apache2/sites-enabled/000-default.conf:1)*
** alias www.soil-health.com.au*
** port 8888 namevhost www.landandwater.com.au (/etc/apache2/sites-enabled/landandwater.conf:1)*
** alias landandwater.com.au*
**:8004 192.168.1.105 (/etc/apache2/sites-enabled/opencpu.conf:36)*
I have a purchased cert for landandwater.com.au with one more year to run.
My cert for soil-health.com.au expired. I want to set up a cert on soil-health.com.au because it has other servers feeding data (postgres, geoserver) into an application. Without SSL, it throws CORS errors. This is the reason for going to LetsEncrypt, and I will replace the purchased cert for landandwater.com.au with an LE one when the current cert expires about a year from now.
At the right moment (after resolution of the remaining errors, I will run:
sudo certbot certonly --apache -d soil-health.com.au
Checking for certbot revealed a separate problem. I may need to uninstall and reinstall not using an auto option
sudo systemctl status certbot
Unit certbot.service could not be found.
Certbot is not a service so no surprise it isn't found. Looks like you installed via snap which is recommended. See: https://certbot.eff.org/
Be sure to setup a VirtualHost for port 80 for Apache and that domain name first.
Actually, Certbot will make a "temp" VirtualHost when one does not exist but I personally don't like to rely on that. If that Apache can handle port 80 there is no reason you can't have a dedicated VHost for port 80 either.
Is Apache the place that terminates the HTTPS connection? (that is, that is the first one to receive the HTTPS connection in your system)
1 Like
Hi Mike
It is the downstream host of servers. Nginx is the upstream proxy
I was able to get some info though perhaps not a huge help from journalctl -xeu apache2.service
journalctl -xeu apache2.service
░░ Support: Enterprise open source support | Ubuntu
░░
░░ A start job for unit apache2.service has begun execution.
░░
░░ The job identifier is 109519.
May 20 12:28:10 soil-health-server apachectl[201885]: AH00558: apache2: Could not reliably determin>
May 20 12:28:10 soil-health-server apachectl[201885]: (98)Address already in use: AH00072: make_soc>
May 20 12:28:10 soil-health-server apachectl[201885]: (98)Address already in use: AH00072: make_soc>
May 20 12:28:10 soil-health-server apachectl[201885]: no listening sockets available, shutting down
May 20 12:28:10 soil-health-server apachectl[201885]: AH00015: Unable to open logs
May 20 12:28:10 soil-health-server apachectl[201882]: Action 'start' failed.
May 20 12:28:10 soil-health-server apachectl[201882]: The Apache error log may have more informatio>
May 20 12:28:10 soil-health-server systemd[1]: apache2.service: Control process exited, code=exited>
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: Enterprise open source support | Ubuntu
░░
░░ An ExecStart= process belonging to unit apache2.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
May 20 12:28:10 soil-health-server systemd[1]: apache2.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: Enterprise open source support | Ubuntu
░░
░░ The unit apache2.service has entered the 'failed' state with result 'exit-code'.
May 20 12:28:10 soil-health-server systemd[1]: Failed to start The Apache HTTP Server.
░░ Subject: A start job for unit apache2.service has failed
░░ Defined-By: systemd
░░ Support: Enterprise open source support | Ubuntu
░░
░░ A start job for unit apache2.service has finished with a failure.
░░
░░ The job identifier is 109519 and the job result is failed.
lines 5314-5347/5347 (END)
that log is side-truncated, remove x from journalctl option
1 Like
will do
Here is the result after removing the x in the options
journalctl -eu apache2.service
May 19 16:31:15 soil-health-server systemd[1]: Failed to start The Apache HTTP Server.
May 19 20:13:36 soil-health-server systemd[1]: Starting The Apache HTTP Server...
May 19 20:13:36 soil-health-server apachectl[175408]: AH00558: apache2: Could not reliably determin>
May 19 20:13:36 soil-health-server apachectl[175408]: (98)Address already in use: AH00072: make_soc>
May 19 20:13:36 soil-health-server apachectl[175408]: (98)Address already in use: AH00072: make_soc>
May 19 20:13:36 soil-health-server apachectl[175408]: no listening sockets available, shutting down
May 19 20:13:36 soil-health-server apachectl[175408]: AH00015: Unable to open logs
May 19 20:13:36 soil-health-server apachectl[175405]: Action 'start' failed.
May 19 20:13:36 soil-health-server apachectl[175405]: The Apache error log may have more informatio>
May 19 20:13:36 soil-health-server systemd[1]: apache2.service: Control process exited, code=exited>
May 19 20:13:36 soil-health-server systemd[1]: apache2.service: Failed with result 'exit-code'.
May 19 20:13:36 soil-health-server systemd[1]: Failed to start The Apache HTTP Server.
May 20 10:09:44 soil-health-server systemd[1]: Starting The Apache HTTP Server...
May 20 10:09:44 soil-health-server apachectl[198245]: AH00558: apache2: Could not reliably determin>
May 20 10:09:44 soil-health-server apachectl[198245]: (98)Address already in use: AH00072: make_soc>
May 20 10:09:44 soil-health-server apachectl[198245]: (98)Address already in use: AH00072: make_soc>
May 20 10:09:44 soil-health-server apachectl[198245]: no listening sockets available, shutting down
May 20 10:09:44 soil-health-server apachectl[198245]: AH00015: Unable to open logs
May 20 10:09:44 soil-health-server apachectl[198242]: Action 'start' failed.
May 20 10:09:44 soil-health-server apachectl[198242]: The Apache error log may have more informatio>
May 20 10:09:44 soil-health-server systemd[1]: apache2.service: Control process exited, code=exited>
May 20 10:09:44 soil-health-server systemd[1]: apache2.service: Failed with result 'exit-code'.
May 20 10:09:44 soil-health-server systemd[1]: Failed to start The Apache HTTP Server.
May 20 12:28:10 soil-health-server systemd[1]: Starting The Apache HTTP Server...
May 20 12:28:10 soil-health-server apachectl[201885]: AH00558: apache2: Could not reliably determin>
May 20 12:28:10 soil-health-server apachectl[201885]: (98)Address already in use: AH00072: make_soc>
May 20 12:28:10 soil-health-server apachectl[201885]: (98)Address already in use: AH00072: make_soc>
May 20 12:28:10 soil-health-server apachectl[201885]: no listening sockets available, shutting down
May 20 12:28:10 soil-health-server apachectl[201885]: AH00015: Unable to open logs
May 20 12:28:10 soil-health-server apachectl[201882]: Action 'start' failed.
May 20 12:28:10 soil-health-server apachectl[201882]: The Apache error log may have more informatio>
May 20 12:28:10 soil-health-server systemd[1]: apache2.service: Control process exited, code=exited>
May 20 12:28:10 soil-health-server systemd[1]: apache2.service: Failed with result 'exit-code'.
May 20 12:28:10 soil-health-server systemd[1]: Failed to start The Apache HTTP Server.
lines 991-1024/1024 (END)
hmm stil truncated: (> at end of line) can you increase window side of log output? and prob you still have some port colid with nginx so try search for 80 or 443 in apache config file (vhost or not)
1 Like
Did you get this error after adding a VirtualHost for port 80?
You shouldn't even be using Apache for an HTTP Challenge (w/--apache option) if it is not the system that processes HTTP requests incoming on port 80.
Is Apache even the server that handles port 80 (HTTP) and 443 (HTTPS) ?
1 Like
Hi Mike and Orangepizza
No Apache does not handle the first call to https on the system. Nginx does.
My naivete led me to believe I should configure things in Apache
server_operator@soil-health-server:~$ journalctl -eu apache2.service
May 19 16:31:15 soil-health-server systemd[1]: Failed to start The Apache HTTP Server.
May 19 20:13:36 soil-health-server systemd[1]: Starting The Apache HTTP Server...
May 19 20:13:36 soil-health-server apachectl[175408]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.1.105. Set the 'ServerName' directive globally to suppress this message
May 19 20:13:36 soil-health-server apachectl[175408]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
May 19 20:13:36 soil-health-server apachectl[175408]: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
May 19 20:13:36 soil-health-server apachectl[175408]: no listening sockets available, shutting down
May 19 20:13:36 soil-health-server apachectl[175408]: AH00015: Unable to open logs
May 19 20:13:36 soil-health-server apachectl[175405]: Action 'start' failed.
May 19 20:13:36 soil-health-server apachectl[175405]: The Apache error log may have more information.
May 19 20:13:36 soil-health-server systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
May 19 20:13:36 soil-health-server systemd[1]: apache2.service: Failed with result 'exit-code'.
May 19 20:13:36 soil-health-server systemd[1]: Failed to start The Apache HTTP Server.
May 20 10:09:44 soil-health-server systemd[1]: Starting The Apache HTTP Server...
May 20 10:09:44 soil-health-server apachectl[198245]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.1.105. Set the 'ServerName' directive globally to suppress this message
May 20 10:09:44 soil-health-server apachectl[198245]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
May 20 10:09:44 soil-health-server apachectl[198245]: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
May 20 10:09:44 soil-health-server apachectl[198245]: no listening sockets available, shutting down
May 20 10:09:44 soil-health-server apachectl[198245]: AH00015: Unable to open logs
May 20 10:09:44 soil-health-server apachectl[198242]: Action 'start' failed.
May 20 10:09:44 soil-health-server apachectl[198242]: The Apache error log may have more information.
May 20 10:09:44 soil-health-server systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
May 20 10:09:44 soil-health-server systemd[1]: apache2.service: Failed with result 'exit-code'.
May 20 10:09:44 soil-health-server systemd[1]: Failed to start The Apache HTTP Server.
May 20 12:28:10 soil-health-server systemd[1]: Starting The Apache HTTP Server...
May 20 12:28:10 soil-health-server apachectl[201885]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.1.105. Set the 'ServerName' directive globally to suppress this message
May 20 12:28:10 soil-health-server apachectl[201885]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
May 20 12:28:10 soil-health-server apachectl[201885]: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
May 20 12:28:10 soil-health-server apachectl[201885]: no listening sockets available, shutting down
May 20 12:28:10 soil-health-server apachectl[201885]: AH00015: Unable to open logs
May 20 12:28:10 soil-health-server apachectl[201882]: Action 'start' failed.
May 20 12:28:10 soil-health-server apachectl[201882]: The Apache error log may have more information.
May 20 12:28:10 soil-health-server systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
May 20 12:28:10 soil-health-server systemd[1]: apache2.service: Failed with result 'exit-code'.
May 20 12:28:10 soil-health-server systemd[1]: Failed to start The Apache HTTP Server.
lines 991-1024/1024 (END)
apachectl[198245]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
I guess you'd understand this
Hi Orangepizza
What I believe is what you earlier said about nginx claiming that port first.
What I am not clear on is how to restore the config in Apache so that it aligns to nginx. Wisdom comes from learning from mistakes. I should have taken a copy of the Apache conf files and stored it in my home dir.
I could paste in parts of the nginx conf files if that helps.
Where that apache config is? Think some subdir of /etc/apache, start looking it from there
I just read apache.conf
Most of it, indeed all of it seems to be original and no customisation. I will look in sites-available and get back to you.
the 000-default.conf reads in part:
<VirtualHost *:8888>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerName soil-health.com.au
ServerAlias www.soil-health.com.au
ServerAdmin David.Hine@soil-health.com.au
(snip......)
Is part of the problem located in that first line?