Unable to enable https

Hi Experts,

I have been spending a lot of time for the past cpl of days figuring out what's wrong with my apache. Our website is up and running fine with http. Now, we want to enable https (using self signed certs) for some internal testing. However, when try to enable https, http fails to start with the following message(s):

[Thu Mar 12 00:57:06.392414 2015] [core:crit] [pid 35735] (22)Invalid argument: AH00069: make_sock: for address [::]:443, apr_socket_opt_set: (IPV6_V6ONLY)
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
[Thu Mar 12 00:57:06.392522 2015] [mpm_prefork:alert] [pid 35735] no listening sockets available, shutting down

I checked that there is no other process is using 443 before starting apache. I also checked that there are no multiple config files using 443. Infact I did try to change the ssl port to something else and start apache, but apache doesn't start.

Need your help identifying the issue.


Thanks,
Sri
Starquest321Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jan SpringerCommented:
netstat -an | grep 443

what do you see?
0
Starquest321Author Commented:
Well.. I checked all the basic stuff already.. nothing is running on port 443.

[root@ahoi httpd]# netstat -anlp|grep 443
[root@ahoi httpd]#

[root@ahoi ~]# grep 443 ssl.conf
Listen 443 https
<VirtualHost _default_:443>
ServerName 192.168.1.103:443

There is no other config file using a listen directive on port 443.

Thanks,
Sri
0
Jan SpringerCommented:
Are you using name based or IP based virtual hosts?

Do you have any ssl configuration in any other conf file in /etc/httpd/conf.d or /etc/httpd/conf?
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Starquest321Author Commented:
Yes.. we are using name based virtual hosts to host multiple vhosts, but they are all http. (no https).

We don't have any other ssl config file anywhere else..

[root@ahoi httpd]# pwd
/etc/httpd
[root@ahoi httpd]# grep -r 443 .
./conf.d/ssl.conf:Listen 443 https
./conf.d/ssl.conf:<VirtualHost _default_:443>
./conf.d/ssl.conf:ServerName 192.168.1.103:443

[root@ahoi httpd]# grep -ri listen .
./conf/httpd.conf:# Listen: Allows you to bind Apache to specific IP addresses and/or
./conf/httpd.conf:# Change this to Listen on specific IP addresses as shown below to
./conf/httpd.conf:#Listen 12.34.56.78:80
./conf/httpd.conf:Listen 80
./conf.d/ssl.conf:# When we also provide SSL we have to listen to the
./conf.d/ssl.conf:Listen 443 https


Thanks,
Sri
0
Jan SpringerCommented:
You should be using a fully qualified domain name instead of an IP address.  Past that, I'd need to see the ssl.conf file.
0
Jan SpringerCommented:
Something to consider:

stop httpd
lsof -i -n|grep http
0
Starquest321Author Commented:
I tried by changing the IP to the FQDN, doesn't work. Here's the ssl.conf file for your reference: ( i changed the actual domain name on purpose)
[root@ahoi ~]# grep -v '#' ssl.conf|grep -v '^$'
Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout  300
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
DocumentRoot "/var/www/html"
ServerName ahoi.com:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>                                  

BTW, this is the error that we get while starting apche:

 httpd[3776]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:443

Thanks,
Sri
0
Jan SpringerCommented:
that's ipv6.

let's eliminate this as the problem.

change this:

 Listen 443 https

to this:

 Listen 192.168.1.103:443
0
Starquest321Author Commented:
Same issue:

Mar 12 09:26:10 ahoi.com httpd[5786]: (98)Address already in use: AH00072: make_sock: could not bind to address 192.168.1.103:443
Mar 12 09:26:10 ahoi.com httpd[5786]: no listening sockets available, shutting down
Mar 12 09:26:10 ahoi.com httpd[5786]: AH00015: Unable to open logs
0
Jan SpringerCommented:
ok back to the previous request.

shut down httpd and run lsof.
0
Starquest321Author Commented:
[root@ahoi conf.d]# service httpd stop
Redirecting to /bin/systemctl stop  httpd.service
# lsof -i -n|grep http
[root@ahoi conf.d]#
0
Jan SpringerCommented:
which linux distribution are you using?
0
Starquest321Author Commented:
[root@ahoi conf.d]# cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)

[root@ahoi conf.d]# uname -a
Linux ahoi.com 3.10.0-123.8.1.el7.x86_64 #1 SMP Mon Sep 22 19:06:58 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
0
Jan SpringerCommented:
grep -i include /etc/httpd/conf/httpd.conf

i wonder if you're including both all files in conf.d as well as ssl.conf
0
Starquest321Author Commented:
There we go, not sure why there are two directives. I have disabled the later one now and https is working.

Include conf.d/*.conf
IncludeOptional conf.d/*.conf

Thank you so much.
0
Starquest321Author Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for Starquest321's comment #a40661147

for the following reason:

ssl.conf is getting included twice which was the root cause.
0
Jan SpringerCommented:
i don't understand why the author accepts his answer (even with 0 points) as the solution.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Starquest321Author Commented:
clicked in error...how can I award you the points? Thanks for your help.
1
Jan SpringerCommented:
that i don't know but i appreciate the acknowledgement.
1
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.