0

On a fedora 20 I tried to install ssl but something went wrong and now apache gives an error when I try to restart it.

What can I do to get more info about the error and solve it?

[root@localhost certs]# service httpd restart
Redirecting to /bin/systemctl restart  httpd.service
Job for httpd.service failed. See 'systemctl status httpd.service' and 'journalctl -xn' for details.
[root@localhost certs]# journalctl -xn
-- Logs begin at Mon 2014-03-10 18:44:01 CET, end at Fri 2014-07-04 13:39:14 CEST. --
Jul 04 13:39:08 localhost.localdomain dbus-daemon[790]: dbus[790]: avc:  received policyload notice (seqno=2)
Jul 04 13:39:08 localhost.localdomain dbus[1895]: avc:  received policyload notice (seqno=2)
Jul 04 13:39:08 localhost.localdomain dbus[1926]: avc:  received policyload notice (seqno=2)
Jul 04 13:39:08 localhost.localdomain dbus[790]: avc:  received policyload notice (seqno=2)
Jul 04 13:39:08 localhost.localdomain dbus-daemon[790]: dbus[790]: [system] Reloaded configuration
Jul 04 13:39:08 localhost.localdomain dbus[790]: [system] Reloaded configuration
Jul 04 13:39:14 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit httpd.service has begun starting up.
Jul 04 13:39:14 localhost.localdomain systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jul 04 13:39:14 localhost.localdomain systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit httpd.service has failed.
-- 
-- The result is failed.
Jul 04 13:39:14 localhost.localdomain systemd[1]: Unit httpd.service entered failed state.
[root@localhost certs]#

Edit here is apache's error log:

[Fri Jul 04 14:04:06.972601 2014] [core:notice] [pid 10189] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Fri Jul 04 14:04:06.974558 2014] [suexec:notice] [pid 10189] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Jul 04 14:04:06.975276 2014] [ssl:warn] [pid 10189] AH01909: sisley-mage.local.frpreprod:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jul 04 14:04:06.975643 2014] [ssl:emerg] [pid 10189] AH02311: Fatal error initialising mod_ssl, exiting. See /var/www/html/error.log for more information
AH00016: Configuration Failed
OSdave
  • 111
  • 1
  • 5
  • What do your apache error logs say ? – user9517 Jul 04 '14 at 11:59
  • @Iain apache's error log included in question – OSdave Jul 04 '14 at 12:08
  • 1
    Is the excerpt from the log from the same `/var/www/html/error.log` file mentioned there as the place to look for more info recorded in that the last critical error? Because that would be a bit circular... – HBruijn Jul 04 '14 at 12:51

1 Answers1

5

AH01909: sisley-mage.local.frpreprod:443:0 server certificate does NOT include an ID which matches the server name

This is the problem you need to solve, the ServerName directive needs to be the same as that in the certificate

openssl x509 -in server.crt -noout -subject

will if you give it the correct path to your cert tell you what the CN of the certificate is and that's what the ServerName should be set to.

user9517
  • 114,104
  • 20
  • 206
  • 289