• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1615
  • Last Modified:

Unable to enable https

Hi Experts,

I have been spending a lot of time for the past cpl of days figuring out what's wrong with my apache. Our website is up and running fine with http. Now, we want to enable https (using self signed certs) for some internal testing. However, when try to enable https, http fails to start with the following message(s):

[Thu Mar 12 00:57:06.392414 2015] [core:crit] [pid 35735] (22)Invalid argument: AH00069: make_sock: for address [::]:443, apr_socket_opt_set: (IPV6_V6ONLY)
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
[Thu Mar 12 00:57:06.392522 2015] [mpm_prefork:alert] [pid 35735] no listening sockets available, shutting down

I checked that there is no other process is using 443 before starting apache. I also checked that there are no multiple config files using 443. Infact I did try to change the ssl port to something else and start apache, but apache doesn't start.

Need your help identifying the issue.


Thanks,
Sri
0
Starquest321
Asked:
Starquest321
  • 10
  • 9
1 Solution
 
Jan SpringerCommented:
netstat -an | grep 443

what do you see?
0
 
Starquest321Author Commented:
Well.. I checked all the basic stuff already.. nothing is running on port 443.

[root@ahoi httpd]# netstat -anlp|grep 443
[root@ahoi httpd]#

[root@ahoi ~]# grep 443 ssl.conf
Listen 443 https
<VirtualHost _default_:443>
ServerName 192.168.1.103:443

There is no other config file using a listen directive on port 443.

Thanks,
Sri
0
 
Jan SpringerCommented:
Are you using name based or IP based virtual hosts?

Do you have any ssl configuration in any other conf file in /etc/httpd/conf.d or /etc/httpd/conf?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Starquest321Author Commented:
Yes.. we are using name based virtual hosts to host multiple vhosts, but they are all http. (no https).

We don't have any other ssl config file anywhere else..

[root@ahoi httpd]# pwd
/etc/httpd
[root@ahoi httpd]# grep -r 443 .
./conf.d/ssl.conf:Listen 443 https
./conf.d/ssl.conf:<VirtualHost _default_:443>
./conf.d/ssl.conf:ServerName 192.168.1.103:443

[root@ahoi httpd]# grep -ri listen .
./conf/httpd.conf:# Listen: Allows you to bind Apache to specific IP addresses and/or
./conf/httpd.conf:# Change this to Listen on specific IP addresses as shown below to
./conf/httpd.conf:#Listen 12.34.56.78:80
./conf/httpd.conf:Listen 80
./conf.d/ssl.conf:# When we also provide SSL we have to listen to the
./conf.d/ssl.conf:Listen 443 https


Thanks,
Sri
0
 
Jan SpringerCommented:
You should be using a fully qualified domain name instead of an IP address.  Past that, I'd need to see the ssl.conf file.
0
 
Jan SpringerCommented:
Something to consider:

stop httpd
lsof -i -n|grep http
0
 
Starquest321Author Commented:
I tried by changing the IP to the FQDN, doesn't work. Here's the ssl.conf file for your reference: ( i changed the actual domain name on purpose)
[root@ahoi ~]# grep -v '#' ssl.conf|grep -v '^$'
Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout  300
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
DocumentRoot "/var/www/html"
ServerName ahoi.com:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>                                  

BTW, this is the error that we get while starting apche:

 httpd[3776]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:443

Thanks,
Sri
0
 
Jan SpringerCommented:
that's ipv6.

let's eliminate this as the problem.

change this:

 Listen 443 https

to this:

 Listen 192.168.1.103:443
0
 
Starquest321Author Commented:
Same issue:

Mar 12 09:26:10 ahoi.com httpd[5786]: (98)Address already in use: AH00072: make_sock: could not bind to address 192.168.1.103:443
Mar 12 09:26:10 ahoi.com httpd[5786]: no listening sockets available, shutting down
Mar 12 09:26:10 ahoi.com httpd[5786]: AH00015: Unable to open logs
0
 
Jan SpringerCommented:
ok back to the previous request.

shut down httpd and run lsof.
0
 
Starquest321Author Commented:
[root@ahoi conf.d]# service httpd stop
Redirecting to /bin/systemctl stop  httpd.service
# lsof -i -n|grep http
[root@ahoi conf.d]#
0
 
Jan SpringerCommented:
which linux distribution are you using?
0
 
Starquest321Author Commented:
[root@ahoi conf.d]# cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)

[root@ahoi conf.d]# uname -a
Linux ahoi.com 3.10.0-123.8.1.el7.x86_64 #1 SMP Mon Sep 22 19:06:58 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
0
 
Jan SpringerCommented:
grep -i include /etc/httpd/conf/httpd.conf

i wonder if you're including both all files in conf.d as well as ssl.conf
0
 
Starquest321Author Commented:
There we go, not sure why there are two directives. I have disabled the later one now and https is working.

Include conf.d/*.conf
IncludeOptional conf.d/*.conf

Thank you so much.
0
 
Starquest321Author Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for Starquest321's comment #a40661147

for the following reason:

ssl.conf is getting included twice which was the root cause.
0
 
Jan SpringerCommented:
i don't understand why the author accepts his answer (even with 0 points) as the solution.
1
 
Starquest321Author Commented:
clicked in error...how can I award you the points? Thanks for your help.
1
 
Jan SpringerCommented:
that i don't know but i appreciate the acknowledgement.
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 10
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now