Site can't be reached aftrer some time


#1

My domain is: qpsy.de

The operating system my web server runs on is (include version): Ubuntu 18-04

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I installed certbot yesterday and everything worked fine at first. A few hours later when I checked I noticed I couldn’t reach my site anymore. I logged onto the server and restarted apache - everything seemed to work again but again, after some time, the site can’t be reached.

What could be the problem?


#2

Hi @mopodendo

did you restart Apache or start?

Certbot creates a job which is executed two times per day. Perhaps you used standalone and Certbot stops your webserver.

There should be a configuration file

/etc/letsencrypt/renewal

with additional informations. And check your logs.


#3

I used
sudo systemctl restart apache2 to restart apache.

How can I check if certbot stops the webserver?

the configuration file in /etc/letsencrypt/renewal/qpsy.de.conf reads:

renew_before_expiry = 30 days

version = 0.26.1
archive_dir = /etc/letsencrypt/archive/qpsy.de
cert = /etc/letsencrypt/live/qpsy.de/cert.pem
privkey = /etc/letsencrypt/live/qpsy.de/privkey.pem
chain = /etc/letsencrypt/live/qpsy.de/chain.pem
fullchain = /etc/letsencrypt/live/qpsy.de/fullchain.pem

Options used in the renewal process

[renewalparams]
account = 608f36147964375d3549e5d64de2be79
authenticator = apache
installer = apache
server = https://acme-v02.api.letsencrypt.org/directory


#4

There should be a log under

/var/log/letsencrypt/letsencrypt.log

with details.


#5

What do Apache’s logs say?

What error message do you get?


#6

Here is my letsencrypt.log: https://pastebin.com/dL8eh3nq

Apaches error log:

[Thu Oct 25 12:10:14.814281 2018] [core:warn] [pid 20771] AH00098: pid file /var/run/apache2/apache2.pid overwritten -- Unclean shutdown of previous Apache run?
[Thu Oct 25 12:10:14.815555 2018] [mpm_prefork:notice] [pid 20771] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g configured -- resuming normal operations
[Thu Oct 25 12:10:14.815573 2018] [core:notice] [pid 20771] AH00094: Command line: '/usr/sbin/apache2'
[Thu Oct 25 12:11:08.963233 2018] [mpm_prefork:notice] [pid 20771] AH00171: Graceful restart requested, doing restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 129.187.238.41. Set the 'ServerName' directive globally to suppress this message
[Thu Oct 25 12:11:08.975321 2018] [mpm_prefork:notice] [pid 20771] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g configured -- resuming normal operations
[Thu Oct 25 12:11:08.975331 2018] [core:notice] [pid 20771] AH00094: Command line: '/usr/sbin/apache2'
[Thu Oct 25 12:11:15.921450 2018] [mpm_prefork:notice] [pid 20771] AH00171: Graceful restart requested, doing restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 129.187.238.41. Set the 'ServerName' directive globally to suppress this message
[Thu Oct 25 12:11:15.933577 2018] [mpm_prefork:notice] [pid 20771] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g configured -- resuming normal operations
[Thu Oct 25 12:11:15.933587 2018] [core:notice] [pid 20771] AH00094: Command line: '/usr/sbin/apache2'
[Thu Oct 25 12:11:19.107763 2018] [mpm_prefork:notice] [pid 20771] AH00171: Graceful restart requested, doing restart
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 129.187.238.41. Set the 'ServerName' directive globally to suppress this message
[Thu Oct 25 12:11:19.120300 2018] [mpm_prefork:notice] [pid 20771] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g configured -- resuming normal operations
[Thu Oct 25 12:11:19.120309 2018] [core:notice] [pid 20771] AH00094: Command line: '/usr/sbin/apache2'
[Thu Oct 25 12:48:22.611979 2018] [php7:error] [pid 20871] [client 140.143.161.57:35160] script '/var/www/qpsy.de/html/index.php' not found or unable to stat
[Thu Oct 25 13:41:14.098546 2018] [mpm_prefork:emerg] [pid 20873] (43)Identifier removed: AH00144: couldn't grab the accept mutex
[Thu Oct 25 13:41:14.098555 2018] [mpm_prefork:emerg] [pid 20874] (43)Identifier removed: AH00144: couldn't grab the accept mutex
[Thu Oct 25 13:41:14.099219 2018] [mpm_prefork:emerg] [pid 20875] (43)Identifier removed: AH00144: couldn't grab the accept mutex
[Thu Oct 25 13:41:14.100736 2018] [mpm_prefork:emerg] [pid 20884] (43)Identifier removed: AH00144: couldn't grab the accept mutex
[Thu Oct 25 13:41:14.103274 2018] [mpm_prefork:emerg] [pid 20987] (43)Identifier removed: AH00144: couldn't grab the accept mutex
[Thu Oct 25 13:41:14.105122 2018] [mpm_prefork:emerg] [pid 20871] (43)Identifier removed: AH00144: couldn't grab the accept mutex
[Thu Oct 25 13:41:14.656411 2018] [core:alert] [pid 20771] AH00050: Child 20871 returned a Fatal error... Apache is exiting!
[Thu Oct 25 13:41:14.656438 2018] [:emerg] [pid 20771] AH02818: MPM run failed, exiting

#7

Do you run any cron job that starts/stops Apache?
Please show:
crontab -l

You may have imported an apache config from a much older version and need to update it.


#8

That sounds like an Apache configuration issue or bug that probably has nothing to do with Certbot, Let’s Encrypt or HTTPS at all.

If no one here knows the answer, you may have better luck asking in an Apache support place.


#9

I added “Muttex sem” so my apache2.conf (as described here). So far the server hasn’t shut down.
Sorry, might not be a specific letsencrypt problem; although when I searched for a solution lots of people with that issue installed certbot before.


#10

Do you use any other mutex [elsewhere]?
grep -Eri 'mutex' /etc/apache2/


#11
/etc/apache2/mods-available/ssl.conf:   #   (Disabled by default, the global Mutex directive consolidates by default
/etc/apache2/mods-available/ssl.conf:   #Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
/etc/apache2/apache2.conf:# mounted filesystem then please read the Mutex documentation (available
/etc/apache2/apache2.conf:# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
/etc/apache2/apache2.conf:Mutex sem
/etc/apache2/apache2.conf:#Mutex file:${APACHE_LOCK_DIR} default

Still works by the way so I guess the Mutex sem fixed it. Thanks for your help!