SSL Issue

Discussion in 'Server Operation' started by tashman89, Feb 22, 2022.

  1. tashman89

    tashman89 Member

    Hello Dears,
    I installed cacti on CentOS Linux release 7.9.2009 (Core) and it working fine with any issue, but when trying to install SSL certificate I get the below error on httpd
    I have purchased a public certificate from DigiCert as well as I have installed mod_ssl
    I tried to virtual host in three locations but had no luck

    1- /etc/httpd/conf/httpd.conf
    2-/etc/httpd/conf.d/cacti.conf
    3- /etc/httpd/conf.d/ssl.conf

    ERROR
    ========================================================================================
    [[email protected] ~]# systemctl status httpd
    ● httpd.service - The Apache HTTP Server
    Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
    Active: failed (Result: exit-code) since Tue 2022-02-22 19:11:47 EET; 4min 55s ago
    Docs: man:httpd(8)
    man:apachectl(8)
    Process: 1614 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
    Main PID: 1614 (code=exited, status=1/FAILURE)

    Feb 22 19:11:47 monitor.jo.zain.com systemd[1]: Starting The Apache HTTP Server...
    Feb 22 19:11:47 monitor.jo.zain.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
    Feb 22 19:11:47 monitor.jo.zain.com systemd[1]: Failed to start The Apache HTTP Server.
    Feb 22 19:11:47 monitor.jo.zain.com systemd[1]: Unit httpd.service entered failed state.
    Feb 22 19:11:47 monitor.jo.zain.com systemd[1]: httpd.service failed.
    [[email protected] ~]# systemctl restart httpd
    Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
    [[email protected] ~]# cat /etc/redhat-release
    CentOS Linux release 7.9.2009 (Core)

    ========================================================================================
    upload_2022-2-22_19-35-19.png
    Thanks
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    You could run 'apachectl -t' for config tests (assuming that works on centos), or check 'journalctl -xe' and/or the apache error log to see what the error(s) is(are).
     
  3. tashman89

    tashman89 Member

    Thanks Jesse for your reply,
    [[email protected] ~]# apachectl -t
    Syntax OK

    [[email protected] ~]# journalctl -xe
    Feb 22 21:01:01 monitor.jo.zain.com systemd[1]: Started Session 27 of user root.
    -- Subject: Unit session-27.scope has finished start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit session-27.scope has finished starting up.
    --
    -- The start-up result is done.
    Feb 22 21:01:01 monitor.jo.zain.com CROND[4659]: (root) CMD (run-parts /etc/cron.hourly)
    Feb 22 21:01:01 monitor.jo.zain.com run-parts(/etc/cron.hourly)[4662]: starting 0anacron
    Feb 22 21:01:01 monitor.jo.zain.com run-parts(/etc/cron.hourly)[4668]: finished 0anacron
    Feb 22 21:04:32 monitor.jo.zain.com sshd[4670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.250.10 user=root
    Feb 22 21:04:32 monitor.jo.zain.com sshd[4670]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
    Feb 22 21:04:35 monitor.jo.zain.com sshd[4670]: Failed password for root from 192.168.250.10 port 55850 ssh2
    Feb 22 21:05:01 monitor.jo.zain.com systemd[1]: Started Session 28 of user cacti.
    -- Subject: Unit session-28.scope has finished start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit session-28.scope has finished starting up.
    --
    -- The start-up result is done.
    Feb 22 21:05:01 monitor.jo.zain.com CROND[4683]: (cacti) CMD (php /var/www/cacti/poller.php &>/dev/null)
    Feb 22 21:05:15 monitor.jo.zain.com sshd[4672]: Connection closed by 192.168.250.10 port 55852 [preauth]
    Feb 22 21:05:22 monitor.jo.zain.com sshd[4777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.250.10 user=root
    Feb 22 21:05:22 monitor.jo.zain.com sshd[4777]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
    Feb 22 21:05:24 monitor.jo.zain.com sshd[4777]: Failed password for root from 192.168.250.10 port 55861 ssh2
    Feb 22 21:05:32 monitor.jo.zain.com sshd[4777]: Accepted password for root from 192.168.250.10 port 55861 ssh2
    Feb 22 21:05:32 monitor.jo.zain.com systemd-logind[932]: New session 29 of user root.
    -- Subject: A new session 29 has been created for user root
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    -- Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
    --
    -- A new session with the ID 29 has been created for the user root.
    --
    -- The leading process of the session is 4777.
    Feb 22 21:05:32 monitor.jo.zain.com systemd[1]: Started Session 29 of user root.
    -- Subject: Unit session-29.scope has finished start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit session-29.scope has finished starting up.
    --
    -- The start-up result is done.
    Feb 22 21:05:32 monitor.jo.zain.com sshd[4777]: pam_unix(sshd:session): session opened for user root by (uid=0)
    Feb 22 21:05:46 monitor.jo.zain.com polkitd[917]: Registered Authentication Agent for unix-process:4795:685064 (system bus name :1.88 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object
    Feb 22 21:05:46 monitor.jo.zain.com systemd[1]: Starting The Apache HTTP Server...
    -- Subject: Unit httpd.service has begun start-up
    ...skipping...
    Feb 22 21:01:01 monitor.jo.zain.com systemd[1]: Started Session 27 of user root.
    -- Subject: Unit session-27.scope has finished start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit session-27.scope has finished starting up.
    --
    -- The start-up result is done.
    Feb 22 21:01:01 monitor.jo.zain.com CROND[4659]: (root) CMD (run-parts /etc/cron.hourly)
    Feb 22 21:01:01 monitor.jo.zain.com run-parts(/etc/cron.hourly)[4662]: starting 0anacron
    Feb 22 21:01:01 monitor.jo.zain.com run-parts(/etc/cron.hourly)[4668]: finished 0anacron
    Feb 22 21:04:32 monitor.jo.zain.com sshd[4670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.250.10 user=root
    Feb 22 21:04:32 monitor.jo.zain.com sshd[4670]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
    Feb 22 21:04:35 monitor.jo.zain.com sshd[4670]: Failed password for root from 192.168.250.10 port 55850 ssh2
    Feb 22 21:05:01 monitor.jo.zain.com systemd[1]: Started Session 28 of user cacti.
    -- Subject: Unit session-28.scope has finished start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit session-28.scope has finished starting up.
    --
    -- The start-up result is done.
    Feb 22 21:05:01 monitor.jo.zain.com CROND[4683]: (cacti) CMD (php /var/www/cacti/poller.php &>/dev/null)
    Feb 22 21:05:15 monitor.jo.zain.com sshd[4672]: Connection closed by 192.168.250.10 port 55852 [preauth]
    Feb 22 21:05:22 monitor.jo.zain.com sshd[4777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.250.10 user=root
    Feb 22 21:05:22 monitor.jo.zain.com sshd[4777]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
    Feb 22 21:05:24 monitor.jo.zain.com sshd[4777]: Failed password for root from 192.168.250.10 port 55861 ssh2
    Feb 22 21:05:32 monitor.jo.zain.com sshd[4777]: Accepted password for root from 192.168.250.10 port 55861 ssh2
    Feb 22 21:05:32 monitor.jo.zain.com systemd-logind[932]: New session 29 of user root.
    -- Subject: A new session 29 has been created for user root
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    -- Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
    --
    -- A new session with the ID 29 has been created for the user root.
    --
    -- The leading process of the session is 4777.
    Feb 22 21:05:32 monitor.jo.zain.com systemd[1]: Started Session 29 of user root.
    -- Subject: Unit session-29.scope has finished start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit session-29.scope has finished starting up.
    --
    -- The start-up result is done.
    Feb 22 21:05:32 monitor.jo.zain.com sshd[4777]: pam_unix(sshd:session): session opened for user root by (uid=0)
    Feb 22 21:05:46 monitor.jo.zain.com polkitd[917]: Registered Authentication Agent for unix-process:4795:685064 (system bus name :1.88 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object
    Feb 22 21:05:46 monitor.jo.zain.com systemd[1]: Starting The Apache HTTP Server...
    -- Subject: Unit httpd.service has begun start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit httpd.service has begun starting up.
    Feb 22 21:05:46 monitor.jo.zain.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
    Feb 22 21:05:46 monitor.jo.zain.com systemd[1]: Failed to start The Apache HTTP Server.
    -- Subject: Unit httpd.service has failed
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit httpd.service has failed.
    --
    -- The result is failed.
    Feb 22 21:05:46 monitor.jo.zain.com systemd[1]: Unit httpd.service entered failed state.
    Feb 22 21:05:46 monitor.jo.zain.com systemd[1]: httpd.service failed.
    Feb 22 21:05:46 monitor.jo.zain.com polkitd[917]: Unregistered Authentication Agent for unix-process:4795:685064 (system bus name :1.88, object path /org/freedesktop/PolicyKit1/Authenticati
    Feb 22 21:10:01 monitor.jo.zain.com systemd[1]: Started Session 30 of user cacti.
    -- Subject: Unit session-30.scope has finished start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit session-30.scope has finished starting up.
    --
    -- The start-up result is done.
    Feb 22 21:10:01 monitor.jo.zain.com CROND[4807]: (cacti) CMD (php /var/www/cacti/poller.php &>/dev/null)
    Feb 22 21:05:22 monitor.jo.zain.com sshd[4777]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
    Feb 22 21:05:24 monitor.jo.zain.com sshd[4777]: Failed password for root from 192.168.250.10 port 55861 ssh2
    Feb 22 21:05:32 monitor.jo.zain.com sshd[4777]: Accepted password for root from 192.168.250.10 port 55861 ssh2
    Feb 22 21:05:32 monitor.jo.zain.com systemd-logind[932]: New session 29 of user root.
    -- Subject: A new session 29 has been created for user root
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    -- Documentation: http://www.freedesktop.org/wiki/Software/systemd/multiseat
    --
    -- A new session with the ID 29 has been created for the user root.
    --
    -- The leading process of the session is 4777.
    Feb 22 21:05:32 monitor.jo.zain.com systemd[1]: Started Session 29 of user root.
    -- Subject: Unit session-29.scope has finished start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit session-29.scope has finished starting up.
    --
    -- The start-up result is done.
    Feb 22 21:05:32 monitor.jo.zain.com sshd[4777]: pam_unix(sshd:session): session opened for user root by (uid=0)
    Feb 22 21:05:46 monitor.jo.zain.com polkitd[917]: Registered Authentication Agent for unix-process:4795:685064 (system bus name :1.88 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object
    Feb 22 21:05:46 monitor.jo.zain.com systemd[1]: Starting The Apache HTTP Server...
    -- Subject: Unit httpd.service has begun start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit httpd.service has begun starting up.
    Feb 22 21:05:46 monitor.jo.zain.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
    Feb 22 21:05:46 monitor.jo.zain.com systemd[1]: Failed to start The Apache HTTP Server.
    -- Subject: Unit httpd.service has failed
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit httpd.service has failed.
    --
    -- The result is failed.
    Feb 22 21:05:46 monitor.jo.zain.com systemd[1]: Unit httpd.service entered failed state.
    Feb 22 21:05:46 monitor.jo.zain.com systemd[1]: httpd.service failed.
    Feb 22 21:05:46 monitor.jo.zain.com polkitd[917]: Unregistered Authentication Agent for unix-process:4795:685064 (system bus name :1.88, object path /org/freedesktop/PolicyKit1/Authenticati
    Feb 22 21:10:01 monitor.jo.zain.com systemd[1]: Started Session 30 of user cacti.
    -- Subject: Unit session-30.scope has finished start-up
    -- Defined-By: systemd
    -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
    --
    -- Unit session-30.scope has finished starting up.
    --
    -- The start-up result is done.
    Feb 22 21:10:01 monitor.jo.zain.com CROND[4807]: (cacti) CMD (php /var/www/cacti/poller.php &>/dev/null)
    lines 2430-2478/2478 (END)

    Thanks
     
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    What shows up in your apache error log when you restart it? I don't identify a cause for failure from what you pasted, my only thought is basically wondering if a recent patch for that policy-kit bug might be affecting you, as these messages are just before/after httpd starts:
    I'd think that's probably unlikely, but don't really know, and I don't run any centos systems to check anything. If apache error log doesn't show anything, try searching the web from that policy kit authentication agent angle.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    If apache config syntax is ok but apache fails nonetheless without a real apache related error in the log, then the most likely reason is that SSL cert and key do not match or in other words, the wrong key for that cert or key or cert file are incomplete.
     
  6. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    to further check the SSL files, run the SSL test script (Thanks @Croydon):
    To start the script, run the following command as root user on your server:
    Code:
    curl https://gitplace.net/pixcept/ispconfig-tools/-/raw/stable/cert_check.sh | sh
    Share the output here in code blocks please (insert -> code).
     

Share This Page