Starquest321
asked on
Unable to enable https
Hi Experts,
I have been spending a lot of time for the past cpl of days figuring out what's wrong with my apache. Our website is up and running fine with http. Now, we want to enable https (using self signed certs) for some internal testing. However, when try to enable https, http fails to start with the following message(s):
[Thu Mar 12 00:57:06.392414 2015] [core:crit] [pid 35735] (22)Invalid argument: AH00069: make_sock: for address [::]:443, apr_socket_opt_set: (IPV6_V6ONLY)
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
[Thu Mar 12 00:57:06.392522 2015] [mpm_prefork:alert] [pid 35735] no listening sockets available, shutting down
I checked that there is no other process is using 443 before starting apache. I also checked that there are no multiple config files using 443. Infact I did try to change the ssl port to something else and start apache, but apache doesn't start.
Need your help identifying the issue.
Thanks,
Sri
I have been spending a lot of time for the past cpl of days figuring out what's wrong with my apache. Our website is up and running fine with http. Now, we want to enable https (using self signed certs) for some internal testing. However, when try to enable https, http fails to start with the following message(s):
[Thu Mar 12 00:57:06.392414 2015] [core:crit] [pid 35735] (22)Invalid argument: AH00069: make_sock: for address [::]:443, apr_socket_opt_set: (IPV6_V6ONLY)
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
[Thu Mar 12 00:57:06.392522 2015] [mpm_prefork:alert] [pid 35735] no listening sockets available, shutting down
I checked that there is no other process is using 443 before starting apache. I also checked that there are no multiple config files using 443. Infact I did try to change the ssl port to something else and start apache, but apache doesn't start.
Need your help identifying the issue.
Thanks,
Sri
ASKER
Well.. I checked all the basic stuff already.. nothing is running on port 443.
[root@ahoi httpd]# netstat -anlp|grep 443
[root@ahoi httpd]#
[root@ahoi ~]# grep 443 ssl.conf
Listen 443 https
<VirtualHost _default_:443>
ServerName 192.168.1.103:443
There is no other config file using a listen directive on port 443.
Thanks,
Sri
[root@ahoi httpd]# netstat -anlp|grep 443
[root@ahoi httpd]#
[root@ahoi ~]# grep 443 ssl.conf
Listen 443 https
<VirtualHost _default_:443>
ServerName 192.168.1.103:443
There is no other config file using a listen directive on port 443.
Thanks,
Sri
Are you using name based or IP based virtual hosts?
Do you have any ssl configuration in any other conf file in /etc/httpd/conf.d or /etc/httpd/conf?
Do you have any ssl configuration in any other conf file in /etc/httpd/conf.d or /etc/httpd/conf?
ASKER
Yes.. we are using name based virtual hosts to host multiple vhosts, but they are all http. (no https).
We don't have any other ssl config file anywhere else..
[root@ahoi httpd]# pwd
/etc/httpd
[root@ahoi httpd]# grep -r 443 .
./conf.d/ssl.conf:Listen 443 https
./conf.d/ssl.conf:<Virtual
./conf.d/ssl.conf:ServerNa
[root@ahoi httpd]# grep -ri listen .
./conf/httpd.conf:# Listen: Allows you to bind Apache to specific IP addresses and/or
./conf/httpd.conf:# Change this to Listen on specific IP addresses as shown below to
./conf/httpd.conf:#Listen 12.34.56.78:80
./conf/httpd.conf:Listen 80
./conf.d/ssl.conf:# When we also provide SSL we have to listen to the
./conf.d/ssl.conf:Listen 443 https
Thanks,
Sri
We don't have any other ssl config file anywhere else..
[root@ahoi httpd]# pwd
/etc/httpd
[root@ahoi httpd]# grep -r 443 .
./conf.d/ssl.conf:Listen 443 https
./conf.d/ssl.conf:<Virtual
./conf.d/ssl.conf:ServerNa
[root@ahoi httpd]# grep -ri listen .
./conf/httpd.conf:# Listen: Allows you to bind Apache to specific IP addresses and/or
./conf/httpd.conf:# Change this to Listen on specific IP addresses as shown below to
./conf/httpd.conf:#Listen 12.34.56.78:80
./conf/httpd.conf:Listen 80
./conf.d/ssl.conf:# When we also provide SSL we have to listen to the
./conf.d/ssl.conf:Listen 443 https
Thanks,
Sri
You should be using a fully qualified domain name instead of an IP address. Past that, I'd need to see the ssl.conf file.
Something to consider:
stop httpd
lsof -i -n|grep http
stop httpd
lsof -i -n|grep http
ASKER
I tried by changing the IP to the FQDN, doesn't work. Here's the ssl.conf file for your reference: ( i changed the actual domain name on purpose)
[root@ahoi ~]# grep -v '#' ssl.conf|grep -v '^$'
Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ss
SSLSessionCache shmcb:/run/httpd/sslcache(
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
DocumentRoot "/var/www/html"
ServerName ahoi.com:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.ke
<Files ~ "\.(cgi|shtml|phtml|php3?)
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
BTW, this is the error that we get while starting apche:
httpd[3776]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
Thanks,
Sri
[root@ahoi ~]# grep -v '#' ssl.conf|grep -v '^$'
Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ss
SSLSessionCache shmcb:/run/httpd/sslcache(
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
DocumentRoot "/var/www/html"
ServerName ahoi.com:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.ke
<Files ~ "\.(cgi|shtml|phtml|php3?)
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
BTW, this is the error that we get while starting apche:
httpd[3776]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
Thanks,
Sri
that's ipv6.
let's eliminate this as the problem.
change this:
Listen 443 https
to this:
Listen 192.168.1.103:443
let's eliminate this as the problem.
change this:
Listen 443 https
to this:
Listen 192.168.1.103:443
ASKER
Same issue:
Mar 12 09:26:10 ahoi.com httpd[5786]: (98)Address already in use: AH00072: make_sock: could not bind to address 192.168.1.103:443
Mar 12 09:26:10 ahoi.com httpd[5786]: no listening sockets available, shutting down
Mar 12 09:26:10 ahoi.com httpd[5786]: AH00015: Unable to open logs
Mar 12 09:26:10 ahoi.com httpd[5786]: (98)Address already in use: AH00072: make_sock: could not bind to address 192.168.1.103:443
Mar 12 09:26:10 ahoi.com httpd[5786]: no listening sockets available, shutting down
Mar 12 09:26:10 ahoi.com httpd[5786]: AH00015: Unable to open logs
ok back to the previous request.
shut down httpd and run lsof.
shut down httpd and run lsof.
ASKER
[root@ahoi conf.d]# service httpd stop
Redirecting to /bin/systemctl stop httpd.service
# lsof -i -n|grep http
[root@ahoi conf.d]#
Redirecting to /bin/systemctl stop httpd.service
# lsof -i -n|grep http
[root@ahoi conf.d]#
which linux distribution are you using?
ASKER
[root@ahoi conf.d]# cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)
[root@ahoi conf.d]# uname -a
Linux ahoi.com 3.10.0-123.8.1.el7.x86_64 #1 SMP Mon Sep 22 19:06:58 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
CentOS Linux release 7.0.1406 (Core)
[root@ahoi conf.d]# uname -a
Linux ahoi.com 3.10.0-123.8.1.el7.x86_64 #1 SMP Mon Sep 22 19:06:58 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
grep -i include /etc/httpd/conf/httpd.conf
i wonder if you're including both all files in conf.d as well as ssl.conf
i wonder if you're including both all files in conf.d as well as ssl.conf
ASKER
There we go, not sure why there are two directives. I have disabled the later one now and https is working.
Include conf.d/*.conf
IncludeOptional conf.d/*.conf
Thank you so much.
Include conf.d/*.conf
IncludeOptional conf.d/*.conf
Thank you so much.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for Starquest321's comment #a40661147
for the following reason:
ssl.conf is getting included twice which was the root cause.
Accepted answer: 0 points for Starquest321's comment #a40661147
for the following reason:
ssl.conf is getting included twice which was the root cause.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
clicked in error...how can I award you the points? Thanks for your help.
that i don't know but i appreciate the acknowledgement.
what do you see?