Switching from DNS to Webroot results in Apache unable to start

66tree · December 29, 2021, 12:01am

after sudo mkdir -p /var/www/letsencrypt/.well-known/acme-challenge/ and ls -l /var/www/letsencrypt/.well-known/acme-challenge/ it returns total 0

66tree · December 29, 2021, 12:12am

sudo apachectl -t -D DUMP_VHOSTS

VirtualHost configuration:
*:80                   66tr.ee (/etc/apache2/sites-enabled/66tr.ee.conf:1)
*:443                  is a NameVirtualHost
         default server 66tr.ee (/etc/apache2/sites-enabled/66tr.ee.conf:58)
         port 443 namevhost 66tr.ee (/etc/apache2/sites-enabled/66tr.ee.conf:58)
                 alias www.66tr.ee
         port 443 namevhost fungi.66tr.ee (/etc/apache2/sites-enabled/default-ssl.conf:2)

rg305 · December 29, 2021, 12:13am

OK what says?:
sudo systemctl start apache2

66tree · December 29, 2021, 12:14am

sudo systemctl start apache2 outputs:

Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.

rg305 · December 29, 2021, 12:16am

Please show:
sudo journalctl -xe
[press "q" to exit (if needed)]

66tree · December 29, 2021, 12:18am

sudo journalctl -xe outputs:

Dec 28 16:08:00 fungi sshd[668224]: Disconnected from invalid user admin 92.255.85.37 port 40514 [preauth]
Dec 28 16:08:16 fungi sudo[668226]:   victor : TTY=pts/0 ; PWD=/home/victor ; USER=root ; COMMAND=/bin/nano /etc/apache2/sites-available/localhost.conf
Dec 28 16:08:16 fungi sudo[668226]: pam_unix(sudo:session): session opened for user root by victor(uid=0)
Dec 28 16:10:03 fungi sudo[668226]: pam_unix(sudo:session): session closed for user root
Dec 28 16:10:07 fungi sudo[668232]:   victor : TTY=pts/0 ; PWD=/home/victor ; USER=root ; COMMAND=/usr/sbin/apachectl -t -D DUMP_VHOSTS
Dec 28 16:10:07 fungi sudo[668232]: pam_unix(sudo:session): session opened for user root by victor(uid=0)
Dec 28 16:10:08 fungi sudo[668232]: pam_unix(sudo:session): session closed for user root
Dec 28 16:13:33 fungi sudo[668243]:   victor : TTY=pts/0 ; PWD=/home/victor ; USER=root ; COMMAND=/bin/systemctl start apache2
Dec 28 16:13:33 fungi sudo[668243]: pam_unix(sudo:session): session opened for user root by victor(uid=0)
Dec 28 16:13:33 fungi systemd[1]: Starting The Apache HTTP Server...
-- Subject: A start job for unit apache2.service has begun execution
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- A start job for unit apache2.service has begun execution.
-- 
-- The job identifier is 116767.
Dec 28 16:13:33 fungi apachectl[668246]: Action 'start' failed.
Dec 28 16:13:33 fungi apachectl[668246]: The Apache error log may have more information.
Dec 28 16:13:33 fungi systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- An ExecStart= process belonging to unit apache2.service has exited.
-- 
-- The process' exit code is 'exited' and its exit status is 1.
Dec 28 16:13:33 fungi systemd[1]: apache2.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- The unit apache2.service has entered the 'failed' state with result 'exit-code'.
Dec 28 16:13:33 fungi systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: A start job for unit apache2.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- A start job for unit apache2.service has finished with a failure.
-- 
-- The job identifier is 116767 and the job result is failed.
Dec 28 16:13:33 fungi sudo[668243]: pam_unix(sudo:session): session closed for user root
Dec 28 16:13:45 fungi sshd[668268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.213.129.46  user=root
Dec 28 16:13:46 fungi sshd[668268]: Failed password for root from 221.213.129.46 port 37436 ssh2
Dec 28 16:13:47 fungi sshd[668268]: Received disconnect from 221.213.129.46 port 37436:11: Bye Bye [preauth]
Dec 28 16:13:47 fungi sshd[668268]: Disconnected from authenticating user root 221.213.129.46 port 37436 [preauth]
Dec 28 16:15:01 fungi sshd[668272]: Invalid user hadoop from 221.213.129.46 port 53388
Dec 28 16:15:02 fungi sshd[668272]: pam_unix(sshd:auth): check pass; user unknown
Dec 28 16:15:02 fungi sshd[668272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.213.129.46
Dec 28 16:15:03 fungi sshd[668272]: Failed password for invalid user hadoop from 221.213.129.46 port 53388 ssh2
Dec 28 16:15:06 fungi sshd[668272]: Received disconnect from 221.213.129.46 port 53388:11: Bye Bye [preauth]
Dec 28 16:15:06 fungi sshd[668272]: Disconnected from invalid user hadoop 221.213.129.46 port 53388 [preauth]
Dec 28 16:16:19 fungi sshd[668275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.213.129.46  user=root
Dec 28 16:16:20 fungi sshd[668275]: Failed password for root from 221.213.129.46 port 41104 ssh2
Dec 28 16:16:21 fungi sshd[668275]: Received disconnect from 221.213.129.46 port 41104:11: Bye Bye [preauth]
Dec 28 16:16:21 fungi sshd[668275]: Disconnected from authenticating user root 221.213.129.46 port 41104 [preauth]
Dec 28 16:16:51 fungi sudo[668277]:   victor : TTY=pts/0 ; PWD=/home/victor ; USER=root ; COMMAND=/bin/journalctl -xe
Dec 28 16:16:51 fungi sudo[668277]: pam_unix(sudo:session): session opened for user root by victor(uid=0)

rg305 · December 29, 2021, 12:21am

If you don't recognize this IP "221.213.129.46", you should probably block it.

Please show:
sudo systemctl status apache2.service

66tree · December 29, 2021, 12:25am

Last night when I first started looking at my logs I saw some unknown IPs. So I setup fail2ban. Still learning about it.

sudo systemctl status apache2.service outputs:

* apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Tue 2021-12-28 16:13:33 PST; 8min ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 668246 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)

Dec 28 16:13:33 fungi systemd[1]: Starting The Apache HTTP Server...
Dec 28 16:13:33 fungi apachectl[668246]: Action 'start' failed.
Dec 28 16:13:33 fungi apachectl[668246]: The Apache error log may have more information.
Dec 28 16:13:33 fungi systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Dec 28 16:13:33 fungi systemd[1]: apache2.service: Failed with result 'exit-code'.
Dec 28 16:13:33 fungi systemd[1]: Failed to start The Apache HTTP Server.

rg305 · December 29, 2021, 12:30am

Let's have a look at the file found with:
find /etc/apache2 -name error.log
[if it is very long, just include the last hour (at bottom)]

66tree · December 29, 2021, 12:33am

This returns nothing for me.

rg305 · December 29, 2021, 12:34am

We need to see this file:

rg305 · December 29, 2021, 12:35am

Try:
cat /var/log/apache2/error.log

66tree · December 29, 2021, 12:36am

sudo cat /var/log/apache2/error.log:

[Tue Dec 28 12:22:29.728713 2021] [ssl:emerg] [pid 666742:tid 140581958831168] AH02572: Failed to configure at least one certificate and key for fungi.66tr.ee:443
[Tue Dec 28 12:22:29.728744 2021] [ssl:emerg] [pid 666742:tid 140581958831168] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Dec 28 12:22:29.728749 2021] [ssl:emerg] [pid 666742:tid 140581958831168] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Tue Dec 28 12:25:27.230991 2021] [ssl:emerg] [pid 666781:tid 139958532451392] AH02572: Failed to configure at least one certificate and key for fungi.66tr.ee:443
[Tue Dec 28 12:25:27.231014 2021] [ssl:emerg] [pid 666781:tid 139958532451392] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Dec 28 12:25:27.231019 2021] [ssl:emerg] [pid 666781:tid 139958532451392] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Tue Dec 28 13:14:28.570299 2021] [ssl:emerg] [pid 667063:tid 139962450717760] AH02572: Failed to configure at least one certificate and key for fungi.66tr.ee:443
[Tue Dec 28 13:14:28.570323 2021] [ssl:emerg] [pid 667063:tid 139962450717760] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Dec 28 13:14:28.570328 2021] [ssl:emerg] [pid 667063:tid 139962450717760] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Tue Dec 28 13:17:54.201764 2021] [ssl:emerg] [pid 667107:tid 140195318447168] AH02572: Failed to configure at least one certificate and key for fungi.66tr.ee:443
[Tue Dec 28 13:17:54.201796 2021] [ssl:emerg] [pid 667107:tid 140195318447168] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Dec 28 13:17:54.201801 2021] [ssl:emerg] [pid 667107:tid 140195318447168] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Tue Dec 28 13:23:30.189219 2021] [ssl:emerg] [pid 667138:tid 139800484547648] AH02572: Failed to configure at least one certificate and key for fungi.66tr.ee:443
[Tue Dec 28 13:23:30.189249 2021] [ssl:emerg] [pid 667138:tid 139800484547648] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Dec 28 13:23:30.189255 2021] [ssl:emerg] [pid 667138:tid 139800484547648] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Tue Dec 28 13:55:08.961603 2021] [ssl:emerg] [pid 667321:tid 140264640625728] AH02572: Failed to configure at least one certificate and key for fungi.66tr.ee:443
[Tue Dec 28 13:55:08.961625 2021] [ssl:emerg] [pid 667321:tid 140264640625728] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Dec 28 13:55:08.961631 2021] [ssl:emerg] [pid 667321:tid 140264640625728] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Tue Dec 28 13:55:27.515541 2021] [ssl:emerg] [pid 667357:tid 140430729342016] AH02572: Failed to configure at least one certificate and key for fungi.66tr.ee:443
[Tue Dec 28 13:55:27.515562 2021] [ssl:emerg] [pid 667357:tid 140430729342016] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Dec 28 13:55:27.515568 2021] [ssl:emerg] [pid 667357:tid 140430729342016] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Tue Dec 28 13:56:32.466254 2021] [ssl:emerg] [pid 667397:tid 139830030081088] AH02572: Failed to configure at least one certificate and key for fungi.66tr.ee:443
[Tue Dec 28 13:56:32.466279 2021] [ssl:emerg] [pid 667397:tid 139830030081088] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Dec 28 13:56:32.466356 2021] [ssl:emerg] [pid 667397:tid 139830030081088] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Tue Dec 28 13:56:47.954475 2021] [ssl:emerg] [pid 667425:tid 140169668074560] AH02572: Failed to configure at least one certificate and key for fungi.66tr.ee:443
[Tue Dec 28 13:56:47.954497 2021] [ssl:emerg] [pid 667425:tid 140169668074560] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Dec 28 13:56:47.954502 2021] [ssl:emerg] [pid 667425:tid 140169668074560] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Tue Dec 28 14:04:23.045777 2021] [ssl:emerg] [pid 667498:tid 140070578412608] AH02572: Failed to configure at least one certificate and key for fungi.66tr.ee:443
[Tue Dec 28 14:04:23.045801 2021] [ssl:emerg] [pid 667498:tid 140070578412608] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Dec 28 14:04:23.045807 2021] [ssl:emerg] [pid 667498:tid 140070578412608] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Tue Dec 28 14:29:39.195752 2021] [ssl:emerg] [pid 667641:tid 139823151545408] AH02572: Failed to configure at least one certificate and key for fungi.66tr.ee:443
[Tue Dec 28 14:29:39.195775 2021] [ssl:emerg] [pid 667641:tid 139823151545408] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Dec 28 14:29:39.195781 2021] [ssl:emerg] [pid 667641:tid 139823151545408] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Tue Dec 28 14:32:42.366919 2021] [ssl:emerg] [pid 667722:tid 139650896051264] AH02572: Failed to configure at least one certificate and key for fungi.66tr.ee:443
[Tue Dec 28 14:32:42.371568 2021] [ssl:emerg] [pid 667722:tid 139650896051264] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Dec 28 14:32:42.371608 2021] [ssl:emerg] [pid 667722:tid 139650896051264] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Tue Dec 28 15:10:01.444607 2021] [ssl:emerg] [pid 667895:tid 140038322519104] AH02572: Failed to configure at least one certificate and key for fungi.66tr.ee:443
[Tue Dec 28 15:10:01.444635 2021] [ssl:emerg] [pid 667895:tid 140038322519104] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Dec 28 15:10:01.444641 2021] [ssl:emerg] [pid 667895:tid 140038322519104] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Tue Dec 28 15:12:55.098309 2021] [ssl:emerg] [pid 667943:tid 140529194245184] AH02572: Failed to configure at least one certificate and key for fungi.66tr.ee:443
[Tue Dec 28 15:12:55.098333 2021] [ssl:emerg] [pid 667943:tid 140529194245184] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Dec 28 15:12:55.098339 2021] [ssl:emerg] [pid 667943:tid 140529194245184] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Tue Dec 28 16:07:03.875458 2021] [ssl:emerg] [pid 668199:tid 140368960465984] AH02572: Failed to configure at least one certificate and key for fungi.66tr.ee:443
[Tue Dec 28 16:07:03.875505 2021] [ssl:emerg] [pid 668199:tid 140368960465984] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Dec 28 16:07:03.875511 2021] [ssl:emerg] [pid 668199:tid 140368960465984] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
[Tue Dec 28 16:13:33.577966 2021] [ssl:emerg] [pid 668254:tid 139906703100992] AH02572: Failed to configure at least one certificate and key for fungi.66tr.ee:443
[Tue Dec 28 16:13:33.578018 2021] [ssl:emerg] [pid 668254:tid 139906703100992] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Tue Dec 28 16:13:33.578024 2021] [ssl:emerg] [pid 668254:tid 139906703100992] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed

rg305 · December 29, 2021, 12:39am

That contains:
Failed to configure at least one certificate and key for fungi.66tr.ee:443
SSL_CTX_check_private_key:no certificate assigned

And this gem:
See /var/log/apache2/error.log for more information
[one more reason to luv Apache]

rg305 · December 29, 2021, 12:41am

Let's have a look at this file:

66tree · December 29, 2021, 12:41am

So should I remove that reference to fungi.66tr.ee?

rg305 · December 29, 2021, 12:42am

It might be this:

Let's first have a look at the offending file:

66tree · December 29, 2021, 12:43am

sudo cat /etc/apache2/sites-enabled/default-ssl.conf contains:

<IfModule mod_ssl.c>
	<VirtualHost _default_:443>
		ServerAdmin webmaster@localhost

		DocumentRoot /var/www

		# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
		# error, crit, alert, emerg.
		# It is also possible to configure the loglevel for particular
		# modules, e.g.
		#LogLevel info ssl:warn

		ErrorLog ${APACHE_LOG_DIR}/error.log
		CustomLog ${APACHE_LOG_DIR}/access.log combined

		# For most configuration files from conf-available/, which are
		# enabled or disabled at a global level, it is possible to
		# include a line for only one particular virtual host. For example the
		# following line enables the CGI configuration for this host only
		# after it has been globally disabled with "a2disconf".
		#Include conf-available/serve-cgi-bin.conf

		#   SSL Engine Switch:
		#   Enable/Disable SSL for this virtual host.
		SSLEngine on

		#   A self-signed (snakeoil) certificate can be created by installing
		#   the ssl-cert package. See
		#   /usr/share/doc/apache2/README.Debian.gz for more info.
		#   If both key and certificate are stored in the same file, only the
		#   SSLCertificateFile directive is needed.
		#SSLCertificateFile	/etc/ssl/certs/ssl-cert-snakeoil.pem
		#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

		#   Server Certificate Chain:
		#   Point SSLCertificateChainFile at a file containing the
		#   concatenation of PEM encoded CA certificates which form the
		#   certificate chain for the server certificate. Alternatively
		#   the referenced file can be the same as SSLCertificateFile
		#   when the CA certificates are directly appended to the server
		#   certificate for convinience.
		#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

		#   Certificate Authority (CA):
		#   Set the CA certificate verification path where to find CA
		#   certificates for client authentication or alternatively one
		#   huge file containing all of them (file must be PEM encoded)
		#   Note: Inside SSLCACertificatePath you need hash symlinks
		#		 to point to the certificate files. Use the provided
		#		 Makefile to update the hash symlinks after changes.
		#SSLCACertificatePath /etc/ssl/certs/
		#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

		#   Certificate Revocation Lists (CRL):
		#   Set the CA revocation path where to find CA CRLs for client
		#   authentication or alternatively one huge file containing all
		#   of them (file must be PEM encoded)
		#   Note: Inside SSLCARevocationPath you need hash symlinks
		#		 to point to the certificate files. Use the provided
		#		 Makefile to update the hash symlinks after changes.
		#SSLCARevocationPath /etc/apache2/ssl.crl/
		#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

		#   Client Authentication (Type):
		#   Client certificate verification type and depth.  Types are
		#   none, optional, require and optional_no_ca.  Depth is a
		#   number which specifies how deeply to verify the certificate
		#   issuer chain before deciding the certificate is not valid.
		#SSLVerifyClient require
		#SSLVerifyDepth  10

		#   SSL Engine Options:
		#   Set various options for the SSL engine.
		#   o FakeBasicAuth:
		#	 Translate the client X.509 into a Basic Authorisation.  This means that
		#	 the standard Auth/DBMAuth methods can be used for access control.  The
		#	 user name is the `one line' version of the client's X.509 certificate.
		#	 Note that no password is obtained from the user. Every entry in the user
		#	 file needs this password: `xxj31ZMTZzkVA'.
		#   o ExportCertData:
		#	 This exports two additional environment variables: SSL_CLIENT_CERT and
		#	 SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
		#	 server (always existing) and the client (only existing when client
		#	 authentication is used). This can be used to import the certificates
		#	 into CGI scripts.
		#   o StdEnvVars:
		#	 This exports the standard SSL/TLS related `SSL_*' environment variables.
		#	 Per default this exportation is switched off for performance reasons,
		#	 because the extraction step is an expensive operation and is usually
		#	 useless for serving static content. So one usually enables the
		#	 exportation for CGI and SSI requests only.
		#   o OptRenegotiate:
		#	 This enables optimized SSL connection renegotiation handling when SSL
		#	 directives are used in per-directory context.
		#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
		<FilesMatch "\.(cgi|shtml|phtml|php)$">
				SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
				SSLOptions +StdEnvVars
		</Directory>

		#   SSL Protocol Adjustments:
		#   The safe and default but still SSL/TLS standard compliant shutdown
		#   approach is that mod_ssl sends the close notify alert but doesn't wait for
		#   the close notify alert from client. When you need a different shutdown
		#   approach you can use one of the following variables:
		#   o ssl-unclean-shutdown:
		#	 This forces an unclean shutdown when the connection is closed, i.e. no
		#	 SSL close notify alert is send or allowed to received.  This violates
		#	 the SSL/TLS standard but is needed for some brain-dead browsers. Use
		#	 this when you receive I/O errors because of the standard approach where
		#	 mod_ssl sends the close notify alert.
		#   o ssl-accurate-shutdown:
		#	 This forces an accurate shutdown when the connection is closed, i.e. a
		#	 SSL close notify alert is send and mod_ssl waits for the close notify
		#	 alert of the client. This is 100% SSL/TLS standard compliant, but in
		#	 practice often causes hanging connections with brain-dead browsers. Use
		#	 this only for browsers where you know that their SSL implementation
		#	 works correctly.
		#   Notice: Most problems of broken clients are also related to the HTTP
		#   keep-alive facility, so you usually additionally want to disable
		#   keep-alive for those clients, too. Use variable "nokeepalive" for this.
		#   Similarly, one has to force some clients to use HTTP/1.0 to workaround
		#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
		#   "force-response-1.0" for this.
		# BrowserMatch "MSIE [2-6]" \
		#		nokeepalive ssl-unclean-shutdown \
		#		downgrade-1.0 force-response-1.0

	</VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

rg305 · December 29, 2021, 12:45am

This file is useless and should be disabled:

<IfModule mod_ssl.c>
	<VirtualHost _default_:443>
		ServerAdmin webmaster@localhost
		DocumentRoot /var/www
		ErrorLog ${APACHE_LOG_DIR}/error.log
		CustomLog ${APACHE_LOG_DIR}/access.log combined
		SSLEngine on
		<FilesMatch "\.(cgi|shtml|phtml|php)$">
				SSLOptions +StdEnvVars
		</FilesMatch>
		<Directory /usr/lib/cgi-bin>
				SSLOptions +StdEnvVars
		</Directory>
	</VirtualHost>
</IfModule>

and because it had no ServerName, the one given in the apache2.conf file was used.

Try:
a2dissite default-ssl.conf

66tree · December 29, 2021, 12:49am

Hey! You fixed my Apache server @rg305!!! Thank you so very much.