I've just tried to start working with letsencrypt certificates on my Apache.
- Added to my
/usr/local/directadmin/conf/directadmin.conf
lineletsencrypt=1
- Edited in my
/usr/local/directadmin/conf/directadmin.conf
lineenable_ssl_sni=1
- Then:
cd /usr/local/directadmin/custombuild
./build update
./build letsencrypt
./build rewrite_confs
And I'm getting the result with error:
Checking to ensure /etc/httpd/conf/ssl.crt/server.ca is set.
Using 193.107.90.129 for your server IP
Installation of ModSecurity Rule Set has been finished.
Restarting apache.
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
I have:
CentOS Linux release 7.7.1908 (Core)
Server version: Apache/2.4.25 (Unix)
OpenSSL 1.0.2k-fips
systemctl status httpd.service says
● httpd.service - The Apache HTTP Server
Loaded: loaded (/etc/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2020-04-05 23:23:06 CEST; 2s ago
Process: 24927 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 24926 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 24926 (code=exited, status=1/FAILURE)
Apr 05 23:23:06 vps.kustransport.kylos.net.pl systemd[1]: Starting The Apache HTTP Server...
Apr 05 23:23:06 vps.kustransport.kylos.net.pl httpd[24926]: AH00526: Syntax error on line 243 of /etc/httpd/conf/extra/httpd-ssl.conf:
Apr 05 23:23:06 vps.kustransport.kylos.net.pl httpd[24926]: Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration
Apr 05 23:23:06 vps.kustransport.kylos.net.pl systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Apr 05 23:23:06 vps.kustransport.kylos.net.pl kill[24927]: kill: cannot find process ""
Apr 05 23:23:06 vps.kustransport.kylos.net.pl systemd[1]: httpd.service: control process exited, code=exited status=1
Apr 05 23:23:06 vps.kustransport.kylos.net.pl systemd[1]: Failed to start The Apache HTTP Server.
Apr 05 23:23:06 vps.kustransport.kylos.net.pl systemd[1]: Unit httpd.service entered failed state.
Apr 05 23:23:06 vps.kustransport.kylos.net.pl systemd[1]: httpd.service failed.
And journalctl -xe
is pretty much the same but last two lines:
-- Unit httpd.service has begun starting up.
Apr 05 23:24:06 vps.kustransport.kylos.net.pl httpd[25033]: AH00526: Syntax error on line 243 of /etc/httpd/conf/extra/httpd-ssl.conf:
Apr 05 23:24:06 vps.kustransport.kylos.net.pl httpd[25033]: Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration
Apr 05 23:24:06 vps.kustransport.kylos.net.pl systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Apr 05 23:24:06 vps.kustransport.kylos.net.pl kill[25034]: kill: cannot find process ""
Apr 05 23:24:06 vps.kustransport.kylos.net.pl systemd[1]: httpd.service: control process exited, code=exited status=1
Apr 05 23:24:06 vps.kustransport.kylos.net.pl systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
last 2 lines:
Apr 05 23:24:09 vps.kustransport.kylos.net.pl kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:52:54:00:22:de:69:08:00 SRC=193.107.89.52 DST=255.255.255.255 LEN=68 TOS=0x00 PRE
Apr 05 23:24:13 vps.kustransport.kylos.net.pl kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3c:af:2d:c5:00:d0:04:94:38:00:08:00 SRC=185.175.93.105 DST=193.107.90.129 LEN=40 TOS=0x00 PRE
The "bad" line in /etc/httpd/conf/extra/httpd-ssl.conf
looks fine and is like:
SSLOpenSSLConfCmd DHParameters "/etc/httpd/conf/ssl.crt/dhparams.pem"
I've also found that in /etc/httpd/conf/extra/httpd-ssl.conf
I have:
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/var/www/html"
ServerName www.example.com:443
ServerAdmin you@example.com
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log
And when I'm setting ServerName for my domain it changes to what's above every time I do "./build update". However when I manualy change and restart problem is the same.
Additionaly tail /var/log/httpd/error_log
:
[Mon Apr 06 00:55:02.001888 2020] [ssl:warn] [pid 25965:tid 139892334979200] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 06 00:55:02.002157 2020] [suexec:notice] [pid 25965:tid 139892334979200] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Apr 06 00:55:02.002177 2020] [core:emerg] [pid 25965:tid 139892334979200] (28)No space left on device: AH00023: Couldn't create the rewrite-map mutex
AH00016: Configuration Failed