SSL証明書の更新中にこの問題が発生しました。 出力は次のとおりです。
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/httpd.service.d
└─quick_kill.conf
Active: failed (Result: exit-code) since Tue 2019-10-08 14:39:37 PST; 21min ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 3343 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 2862 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 2862 (code=exited, status=1/FAILURE)
Oct 08 14:39:35 .noblecomms.net.ph systemd[1]: Starting The Apache HTTP Server...
Oct 08 14:39:37 .noblecomms.net.ph systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Oct 08 14:39:37 .noblecomms.net.ph kill[3343]: kill: cannot find process ""
Oct 08 14:39:37 .noblecomms.net.ph systemd[1]: httpd.service: control process exited, code=exited status=1
Oct 08 14:39:37 .noblecomms.net.ph systemd[1]: Failed to start The Apache HTTP Server.
Oct 08 14:39:37 .noblecomms.net.ph systemd[1]: Unit httpd.service entered failed state.
Oct 08 14:39:37 .noblecomms.net.ph systemd[1]: httpd.service failed.
ポート 443 および 80 が開いており、httpd サービスを開始できません。
ps -ef | grep httpd 出力:
mostrev+ 19108 5796 0 13:09 pts/0 00:00:00 grep --color=auto httpd
/etc/systemd/system/httpd.service.d/quick_kill.conf 出力
[Service]
TimeoutStopSec=5
ネットワーク統計出力:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost:52986 localhost:websm ESTABLISHED
tcp 0 0 xxxx.xxxx.:56252 10.1.1.2:microsoft-ds ESTABLISHED
tcp 0 0 localhost:9981 localhost:60868 ESTABLISHED
tcp 0 0 xxxx.xxxx.:57862 10.1.1.2:49153 ESTABLISHED
tcp 0 0 xxxx.xxxx.n:3322 host-b8e2d970.nob:34712 ESTABLISHED
tcp 0 0 localhost:50862 localhost:6379 TIME_WAIT
tcp 0 0 localhost:51096 localhost:6379 ESTABLISHED
tcp 0 0 localhost:6379 localhost:51096 ESTABLISHED
tcp 0 0 localhost:9981 localhost:60870 ESTABLISHED
tcp 0 0 localhost:46384 localhost:6378 ESTABLISHED
tcp 0 0 localhost:60868 localhost:9981 ESTABLISHED
tcp 0 0 xxxx.xxxx.:46770 10.1.1.2:ldap ESTABLISHED
tcp 0 0 xxxx.xxxx.n:3322 250.37.61.113.acc:51962 ESTABLISHED
tcp 0 0 localhost:60870 localhost:9981 ESTABLISHED
tcp 0 0 xxxx.xxxx.:38050 10.1.1.2:msft-gc ESTABLISHED
tcp 0 0 localhost:46386 localhost:6378 ESTABLISHED
tcp 0 0 xxxx.xxxx.:56254 10.1.1.2:microsoft-ds ESTABLISHED
tcp 0 0 xxxx.xxxx.:56256 10.1.1.2:microsoft-ds ESTABLISHED
tcp 0 0 localhost:6378 localhost:46384 ESTABLISHED
tcp 0 0 localhost:6378 localhost:46386 ESTABLISHED
tcp6 0 0 localhost:websm localhost:52986 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ] DGRAM 26584 /var/lib/samba/private/msg.sock/3120
unix 2 [ ] DGRAM 32058 /var/lib/samba/private/msg.sock/3121
unix 3 [ ] DGRAM 14346 /run/systemd/notify
unix 2 [ ] DGRAM 14348 /run/systemd/cgroups-agent
unix 2 [ ] DGRAM 26586 /var/lib/samba/private/msg.sock/3122
unix 2 [ ] DGRAM 27284 /var/lib/samba/private/msg.sock/3126
unix 6 [ ] DGRAM 14369 /run/systemd/journal/socket
unix 30 [ ] DGRAM 14371 /dev/log
unix 2 [ ] DGRAM 27762 /var/lib/samba/private/msg.sock/2382
unix 2 [ ] DGRAM 32027 /var/lib/samba/private/msg.sock/2886
unix 2 [ ] DGRAM 23660 /var/run/chrony/chronyd.sock
unix 2 [ ] DGRAM 27285 /var/lib/samba/private/msg.sock/3127
unix 2 [ ] DGRAM 10147 /run/systemd/shutdownd
unix 2 [ ] DGRAM 33498 /var/lib/samba/private/msg.sock/4040
unix 2 [ ] DGRAM 27975 /var/lib/samba/private/msg.sock/3112
unix 2 [ ] DGRAM 32056 /var/lib/samba/private/msg.sock/3113
unix 3 [ ] STREAM CONNECTED 32773
unix 2 [ ] DGRAM 23581
unix 2 [ ] DGRAM 43016
unix 3 [ ] STREAM CONNECTED 33139
unix 3 [ ] STREAM CONNECTED 20791
unix 3 [ ] STREAM CONNECTED 25665 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 33142
unix 3 [ ] STREAM CONNECTED 24683 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 57666
unix 3 [ ] STREAM CONNECTED 33141
unix 2 [ ] DGRAM 22401
unix 2 [ ] DGRAM 58573
unix 3 [ ] STREAM CONNECTED 33144
unix 3 [ ] STREAM CONNECTED 14168 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 33116
unix 3 [ ] STREAM CONNECTED 67352
unix 3 [ ] STREAM CONNECTED 14152 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 23649
unix 3 [ ] STREAM CONNECTED 21220
unix 3 [ ] STREAM CONNECTED 17802
unix 3 [ ] STREAM CONNECTED 33145
unix 3 [ ] STREAM CONNECTED 33148
unix 3 [ ] STREAM CONNECTED 21221
unix 3 [ ] STREAM CONNECTED 33115
unix 3 [ ] STREAM CONNECTED 20421 /var/lib/sss/pipes/private/sbus-monitor
unix 2 [ ] DGRAM 28024
unix 2 [ ] DGRAM 29930
unix 3 [ ] STREAM CONNECTED 26788 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 36026
unix 3 [ ] STREAM CONNECTED 33147
unix 3 [ ] STREAM CONNECTED 21222
unix 3 [ ] STREAM CONNECTED 1725 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 66005
unix 2 [ ] DGRAM 19926
unix 2 [ ] STREAM CONNECTED 58582
unix 3 [ ] STREAM CONNECTED 33150
unix 3 [ ] STREAM CONNECTED 22383
unix 2 [ ] DGRAM 33078
unix 3 [ ] STREAM CONNECTED 28080
unix 2 [ ] DGRAM 26799
unix 2 [ ] DGRAM 32320
unix 2 [ ] DGRAM 27800
unix 2 [ ] DGRAM 28052
unix 3 [ ] STREAM CONNECTED 20428 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 27205 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 23595 /run/gssproxy.sock
unix 3 [ ] STREAM CONNECTED 33151
unix 3 [ ] STREAM CONNECTED 20041
unix 2 [ ] DGRAM 26623
unix 2 [ ] DGRAM 13668
unix 3 [ ] STREAM CONNECTED 33154
unix 3 [ ] STREAM CONNECTED 29931
unix 3 [ ] STREAM CONNECTED 33121
unix 3 [ ] STREAM CONNECTED 33153
unix 3 [ ] STREAM CONNECTED 22029
unix 3 [ ] STREAM CONNECTED 26594
unix 3 [ ] STREAM CONNECTED 23588
unix 2 [ ] STREAM CONNECTED 43025
unix 3 [ ] STREAM CONNECTED 33124
unix 3 [ ] STREAM CONNECTED 20783
unix 2 [ ] DGRAM 1735
unix 3 [ ] STREAM CONNECTED 33119
unix 3 [ ] STREAM CONNECTED 26589
unix 3 [ ] STREAM CONNECTED 33123
unix 3 [ ] STREAM CONNECTED 14237 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 26625
unix 3 [ ] STREAM CONNECTED 33126
unix 3 [ ] STREAM CONNECTED 32047
unix 3 [ ] STREAM CONNECTED 14147 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 27961
unix 3 [ ] STREAM CONNECTED 27281 /var/lib/sss/pipes/private/sbus-monitor
unix 3 [ ] STREAM CONNECTED 29917
unix 3 [ ] STREAM CONNECTED 26057 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 27174
unix 3 [ ] STREAM CONNECTED 26593
unix 3 [ ] STREAM CONNECTED 33127
unix 3 [ ] STREAM CONNECTED 22402
unix 3 [ ] STREAM CONNECTED 19765 /run/dbus/system_bus_socket
unix 3 [ ] DGRAM 25418
unix 3 [ ] STREAM CONNECTED 31045 /run/systemd/journal/stdout
unix 2 [ ] STREAM CONNECTED 30535
unix 3 [ ] STREAM CONNECTED 33130
unix 2 [ ] DGRAM 20792
unix 3 [ ] STREAM CONNECTED 34825
unix 3 [ ] STREAM CONNECTED 59608 private/anvil
unix 3 [ ] STREAM CONNECTED 33129
unix 3 [ ] STREAM CONNECTED 26787
unix 3 [ ] STREAM CONNECTED 33132
unix 2 [ ] DGRAM 21800
unix 3 [ ] STREAM CONNECTED 19763
unix 2 [ ] STREAM CONNECTED 35787
unix 3 [ ] STREAM CONNECTED 28079
unix 2 [ ] DGRAM 26814
unix 3 [ ] STREAM CONNECTED 65320 /var/lib/sss/pipes/nss
unix 3 [ ] STREAM CONNECTED 28600
unix 3 [ ] STREAM CONNECTED 33118
unix 3 [ ] STREAM CONNECTED 28021 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 26592
unix 3 [ ] STREAM CONNECTED 21802
unix 2 [ ] STREAM CONNECTED 28606
unix 3 [ ] STREAM CONNECTED 32946
unix 2 [ ] DGRAM 67354
unix 3 [ ] STREAM CONNECTED 33133
unix 3 [ ] STREAM CONNECTED 32048
unix 3 [ ] STREAM CONNECTED 30600 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 19764
unix 3 [ ] STREAM CONNECTED 63251 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 33136
unix 3 [ ] STREAM CONNECTED 28601 /run/systemd/journal/stdout
unix 2 [ ] STREAM CONNECTED 32329
unix 2 [ ] DGRAM 27818
unix 3 [ ] STREAM CONNECTED 33135
unix 2 [ ] STREAM CONNECTED 28603
unix 3 [ ] STREAM CONNECTED 26591
unix 2 [ ] STREAM CONNECTED 51781
unix 2 [ ] DGRAM 57644
unix 3 [ ] STREAM CONNECTED 33138
unix 3 [ ] STREAM CONNECTED 21801
unix 2 [ ] DGRAM 19814
unix 3 [ ] DGRAM 25419
unix 3 [ ] STREAM CONNECTED 22403 /run/dbus/system_bus_socket
unix 2 [ ] DGRAM 26588
unix 3 [ ] STREAM CONNECTED 32316
unix 3 [ ] STREAM CONNECTED 33171
unix 3 [ ] STREAM CONNECTED 26315 /run/systemd/journal/stdout
unix 2 [ ] DGRAM 30543
unix 3 [ ] STREAM CONNECTED 1733 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 32294
unix 2 [ ] DGRAM 32071
unix 3 [ ] STREAM CONNECTED 29068
unix 3 [ ] STREAM CONNECTED 25786
unix 3 [ ] STREAM CONNECTED 20422 /var/lib/sss/pipes/private/sbus-dp_xxxx.xxxx.xxxx.3123
unix 3 [ ] STREAM CONNECTED 32091
unix 3 [ ] STREAM CONNECTED 29081
unix 2 [ ] DGRAM 42709
unix 3 [ ] STREAM CONNECTED 27544
unix 3 [ ] STREAM CONNECTED 29932
unix 3 [ ] STREAM CONNECTED 33172
unix 3 [ ] STREAM CONNECTED 28001 /var/lib/sss/pipes/private/sbus-monitor
unix 3 [ ] STREAM CONNECTED 33175
unix 3 [ ] STREAM CONNECTED 29085
unix 2 [ ] STREAM CONNECTED 34455
unix 3 [ ] STREAM CONNECTED 69745 /var/lib/sss/pipes/nss
unix 3 [ ] STREAM CONNECTED 33174
unix 3 [ ] STREAM CONNECTED 62445
unix 3 [ ] STREAM CONNECTED 32308
unix 3 [ ] STREAM CONNECTED 14243 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 24936
unix 3 [ ] STREAM CONNECTED 33177
unix 3 [ ] STREAM CONNECTED 12973
unix 3 [ ] STREAM CONNECTED 42713
unix 2 [ ] STREAM CONNECTED 27552
unix 3 [ ] STREAM CONNECTED 32296
unix 3 [ ] STREAM CONNECTED 32092
unix 3 [ ] STREAM CONNECTED 22252 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 68374
unix 3 [ ] STREAM CONNECTED 29087
unix 3 [ ] STREAM CONNECTED 26305
unix 2 [ ] DGRAM 42646
unix 2 [ ] STREAM CONNECTED 33426
unix 2 [ ] DGRAM 25349
unix 3 [ ] STREAM CONNECTED 33178
unix 2 [ ] DGRAM 29075
unix 3 [ ] STREAM CONNECTED 65281 /var/lib/sss/pipes/nss
unix 2 [ ] STREAM CONNECTED 42710
unix 3 [ ] STREAM CONNECTED 19120
unix 3 [ ] STREAM CONNECTED 25054
unix 3 [ ] STREAM CONNECTED 33181
unix 3 [ ] STREAM CONNECTED 29086
unix 3 [ ] STREAM CONNECTED 25951
unix 2 [ ] STREAM CONNECTED 34168
unix 3 [ ] STREAM CONNECTED 32065
unix 3 [ ] STREAM CONNECTED 33180
unix 3 [ ] STREAM CONNECTED 32309
unix 3 [ ] STREAM CONNECTED 14241 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 26169 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 42650
unix 3 [ ] STREAM CONNECTED 14239 /run/systemd/journal/stdout
unix 2 [ ] STREAM CONNECTED 33189
unix 2 [ ] STREAM CONNECTED 44657
unix 2 [ ] STREAM CONNECTED 42647
unix 3 [ ] STREAM CONNECTED 26306 /run/dbus/system_bus_socket
unix 3 [ ] STREAM CONNECTED 42651
unix 2 [ ] DGRAM 33898
unix 3 [ ] STREAM CONNECTED 18988
unix 3 [ ] STREAM CONNECTED 26699 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 32311
unix 3 [ ] STREAM CONNECTED 19048
unix 3 [ ] DGRAM 8689
unix 3 [ ] STREAM CONNECTED 33156
unix 2 [ ] DGRAM 32040
unix 2 [ ] DGRAM 23764
unix 3 [ ] STREAM CONNECTED 34065
unix 3 [ ] DGRAM 8688
unix 3 [ ] STREAM CONNECTED 33157
unix 2 [ ] STREAM CONNECTED 33429
unix 3 [ ] STREAM CONNECTED 42714
unix 2 [ ] DGRAM 32090
unix 3 [ ] STREAM CONNECTED 33160
unix 2 [ ] DGRAM 57126
unix 3 [ ] STREAM CONNECTED 32315
unix 2 [ ] STREAM CONNECTED 32060
unix 3 [ ] STREAM CONNECTED 33159
unix 3 [ ] STREAM CONNECTED 29082
unix 3 [ ] STREAM CONNECTED 32302
unix 3 [ ] STREAM CONNECTED 25667 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 33162
unix 2 [ ] STREAM CONNECTED 33428
unix 3 [ ] STREAM CONNECTED 34064
unix 3 [ ] STREAM CONNECTED 32312
unix 3 [ ] STREAM CONNECTED 32066
unix 3 [ ] STREAM CONNECTED 20427 /var/lib/sss/pipes/private/sbus-dp_xxxx.xxxx.xxxx.xxxx.3123
unix 3 [ ] STREAM CONNECTED 33163
unix 3 [ ] STREAM CONNECTED 22475
unix 2 [ ] DGRAM 39182
unix 3 [ ] STREAM CONNECTED 26693 /run/systemd/journal/stdout
unix 2 [ ] STREAM CONNECTED 30323
unix 3 [ ] STREAM CONNECTED 32293
unix 3 [ ] STREAM CONNECTED 33165
unix 3 [ ] STREAM CONNECTED 14272 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 26168
unix 2 [ ] STREAM CONNECTED 32450
unix 3 [ ] STREAM CONNECTED 32303
unix 3 [ ] STREAM CONNECTED 29084
unix 3 [ ] STREAM CONNECTED 32297
unix 3 [ ] STREAM CONNECTED 29083
unix 3 [ ] STREAM CONNECTED 33120
unix 3 [ ] STREAM CONNECTED 27543
unix 2 [ ] DGRAM 30314
unix 3 [ ] STREAM CONNECTED 29267 /run/systemd/journal/stdout
unix 3 [ ] STREAM CONNECTED 33166
unix 3 [ ] STREAM CONNECTED 33169
unix 3 [ ] STREAM CONNECTED 30019
unix 3 [ ] STREAM CONNECTED 33168
unix 3 [ ] STREAM CONNECTED 29080
unix 2 [ ] STREAM CONNECTED 29506
Quick_kill.conf出力:
[Service]
TimeoutStopSec=5
tail -f /var/log/httpd/error_log出力:
[Thu Oct 10 09:39:01.757405 2019] [suexec:notice] [pid 21293] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Oct 10 09:39:01.758608 2019] [ssl:emerg] [pid 21293] AH02311: Fatal error initialising mod_ssl, exiting. See /etc/httpd/logs/ssl_error_log for more information
[Thu Oct 10 09:42:22.747752 2019] [suexec:notice] [pid 3021] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Oct 10 09:42:22.790473 2019] [ssl:emerg] [pid 3021] AH02311: Fatal error initialising mod_ssl, exiting. See /etc/httpd/logs/ssl_error_log for more information
[Thu Oct 10 10:02:30.774432 2019] [suexec:notice] [pid 11196] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Oct 10 10:02:30.775639 2019] [ssl:emerg] [pid 11196] AH02311: Fatal error initialising mod_ssl, exiting. See /etc/httpd/logs/ssl_error_log for more information
[Thu Oct 10 11:05:32.920750 2019] [suexec:notice] [pid 18791] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Oct 10 11:05:32.933032 2019] [ssl:emerg] [pid 18791] AH02311: Fatal error initialising mod_ssl, exiting. See /etc/httpd/logs/ssl_error_log for more information
[Thu Oct 10 11:09:07.092589 2019] [suexec:notice] [pid 2910] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Oct 10 11:09:07.154310 2019] [ssl:emerg] [pid 2910] AH02311: Fatal error initialising mod_ssl, exiting. See /etc/httpd/logs/ssl_error_log for more information
答え1
新しいSSLをインストールする前にapache / httpdが機能している場合は、次のコマンドを使用して構成構文を確認することをお勧めします。
httpd -t
apache/httpd の設定を編集するたびに、構文が正しいことを確認する必要があります。それ以外の場合は、apache / httpdサービスを再起動しても回復されません。以下は、有効なSSL設定の例です。
<VirtualHost *:443>
DocumentRoot "/var/www/jesus"
ServerName jare.site
ServerAlias www.jare.site
ReWriteEngine on
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/letsencrypt/live/www.jare.site/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.jare.site/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.jare.site/fullchain.pem
</VirtualHost>
これで、SSLCertificateFile /etc/letsencrypt/live/www.jare.site/cert.pe を編集し、最後の「m」を削除しました。ご覧のとおり、Apache / httpdは回復されません。
<VirtualHost *:443>
DocumentRoot "/var/www/jesus"
ServerName jare.site
ServerAlias www.jare.site
#AllowOverride All
#Require all granted
ReWriteEngine on
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/letsencrypt/live/www.jare.site/cert.pe <---
SSLCertificateKeyFile /etc/letsencrypt/live/www.jare.site/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.jare.site/fullchain.pem
</VirtualHost>
httpd構文をテストします。
$ httpd -t
AH00526: Syntax error on line 25 of /etc/httpd/conf.d/jesus.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/www.jare.site/cert.pe' does not exist
or is empty
httpd/apacheが起動を拒否する
$ service httpd restart
Redirecting to /bin/systemctl restart httpd.service
Job for httpd.service failed because the control process exited with error code. See
"systemctl status httpd.service" and "journalctl -xe" for details.