httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Southwell <da...@vizion2000.net>
Subject Re: [users@httpd] apache server not starting - Please help decipher an additional clue!
Date Tue, 05 Oct 2010 15:24:12 GMT
> apache22 is no longer starting after recent upgrade.
> 
> I have been trying to fix this for over a week but got nowhere - thanks in
> a dvance for any help.
> 
> 
> I have included some information which may be relevant;
> 
> Some guidance would be appreciated as I cannot get the web server to run
> and .
> 
> It seems that something must have changed with the latest upgrade as there
> were no changes to the config.
> Syntax is ok:
> 
> dns1# /usr/local/sbin/apachectl -t
> Syntax OK
> I have rebuilt apache22 but apache does not start as evidenced below:
> dns1# /usr/local/sbin/apachectl start
> 
> Apache/2.2.16 mod_ssl/2.2.16 (Pass Phrase Dialog)
> Some of your private key files are encrypted for security reasons.
> In order to read them you have to provide the pass phrases.
> [ NOTE I am using a self issued CA certificate which has been working fine]
> Server www.vizion2000.net:443 (RSA)
> Enter pass phrase:
> 
> OK: Pass Phrase Dialog successful.
> 
> dns1# ps -aux |grep httpd
> root       64784  0.0  0.0  5892  1284  p1  D+   10:42AM   0:00.00 grep
> httpd dns1# /usr/local/sbin/apachectl restart
> httpd not running, trying to start
> Apache/2.2.16 mod_ssl/2.2.16 (Pass Phrase Dialog)
> Some of your private key files are encrypted for security reasons.
> In order to read them you have to provide the pass phrases.
> 
> Server www.vizion2000.net:443 (RSA)
> Enter pass phrase:
> 
> OK: Pass Phrase Dialog successful.
> dns1#
> _____________________
> 
> Testing openssl seems to indicate certificate is fine.
> dns1# openssl x509 -in www.vizion2000.net.crt -noout -subject
> subject= /C=UK/ST=South Gloucestershire/L=Kingswood/O=Vizion
> Communications/OU=IT/CN=www.vizion2000.net/emailAddress=david@vizion2000.ne
> t dns1#
> 
> 
> Can anyone please tell me how I can find out why apache is not starting.
> Here is the entry from httpd-error.log:
> 
> [Tue Oct 05 15:21:05 2010] [info] Init: Seeding PRNG with 144 bytes of
> entropy [Tue Oct 05 15:21:05 2010] [info] Loading certificate & private
> key of SSL- aware server
> [Tue Oct 05 15:21:05 2010] [info] Init: Requesting pass phrase via builtin
> terminal dialog
> [Tue Oct 05 15:21:10 2010] [debug] ssl_engine_pphrase.c(476): encrypted RSA
> private key - pass phrase requested
> [Tue Oct 05 15:21:10 2010] [info] Init: Wiped out the queried pass phrases
> from memory
> [Tue Oct 05 15:21:10 2010] [info] Init: Generating temporary RSA private
> keys (512/1024 bits)
> [Tue Oct 05 15:21:10 2010] [info] Init: Generating temporary DH parameters
> (512/1024 bits)
> [Tue Oct 05 15:21:10 2010] [info] Init: Initializing (virtual) servers for
> SSL [Tue Oct 05 15:21:10 2010] [info] Configuring server for SSL protocol
> [Tue Oct 05 15:21:10 2010] [debug] ssl_engine_init.c(465): Creating new
> SSL context (protocols: SSLv2, SSLv3, TLSv1)
> [Tue Oct 05 15:21:10 2010] [debug] ssl_engine_init.c(661): Configuring
> permitted SSL ciphers
> [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2: +EXP:+eNULL]
> [Tue Oct 05 15:21:10 2010] [debug] ssl_engine_init.c(420): Configuring TLS
> extension handling
> [Tue Oct 05 15:21:10 2010] [debug] ssl_engine_init.c(792): Configuring RSA
> server certificate
> [Tue Oct 05 15:21:10 2010] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Tue Oct 05 15:21:10 2010] [debug] ssl_engine_init.c(831): Configuring RSA
> server private key
> [Tue Oct 05 15:21:10 2010] [info] mod_ssl/2.2.16 compiled against Server:
> Apache/2.2.16, Library: OpenSSL/1.0.0a
> [Tue Oct 05 15:21:10 2010] [info] mod_unique_id: using ip addr 62.49.197.50
> [Tue Oct 05 15:21:11 2010] [info] Init: Seeding PRNG with 144 bytes of
> entropy [Tue Oct 05 15:21:11 2010] [info] Loading certificate & private
> key of SSL- aware server
> [Tue Oct 05 15:21:11 2010] [info] www.vizion2000.net:443 reusing existing
> RSA private key on restart
> [Tue Oct 05 15:21:11 2010] [info] Init: Generating temporary RSA private
> keys (512/1024 bits)
> [Tue Oct 05 15:21:11 2010] [info] Init: Generating temporary DH parameters
> (512/1024 bits)
> [Tue Oct 05 15:21:11 2010] [debug] ssl_scache_shmcb.c(253): shmcb_init
> allocated 512000 bytes of shared memory
> [Tue Oct 05 15:21:11 2010] [debug] ssl_scache_shmcb.c(272): for 511920
> bytes (512000 including header), recommending 32 subcaches, 133 indexes
> each [Tue Oct 05 15:21:11 2010] [debug] ssl_scache_shmcb.c(306):
> shmcb_init_memory choices follow
> [Tue Oct 05 15:21:11 2010] [debug] ssl_scache_shmcb.c(308): subcache_num =
> 32 [Tue Oct 05 15:21:11 2010] [debug] ssl_scache_shmcb.c(310):
> subcache_size = 15992
> [Tue Oct 05 15:21:11 2010] [debug] ssl_scache_shmcb.c(312):
> subcache_data_offset = 3208
> [Tue Oct 05 15:21:11 2010] [debug] ssl_scache_shmcb.c(314):
> subcache_data_size = 12784
> [Tue Oct 05 15:21:11 2010] [debug] ssl_scache_shmcb.c(316): index_num = 133
> [Tue Oct 05 15:21:11 2010] [info] Shared memory session cache initialised
> [Tue Oct 05 15:21:11 2010] [info] Init: Initializing (virtual) servers for
> SSL [Tue Oct 05 15:21:11 2010] [info] Configuring server for SSL protocol
> [Tue Oct 05 15:21:11 2010] [debug] ssl_engine_init.c(465): Creating new
> SSL context (protocols: SSLv2, SSLv3, TLSv1)
> [Tue Oct 05 15:21:11 2010] [debug] ssl_engine_init.c(661): Configuring
> permitted SSL ciphers
> [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2: +EXP:+eNULL]
> [Tue Oct 05 15:21:11 2010] [debug] ssl_engine_init.c(420): Configuring TLS
> extension handling
> [Tue Oct 05 15:21:11 2010] [debug] ssl_engine_init.c(792): Configuring RSA
> server certificate
> [Tue Oct 05 15:21:11 2010] [warn] RSA server certificate is a CA
> certificate (BasicConstraints: CA == TRUE !?)
> [Tue Oct 05 15:21:11 2010] [debug] ssl_engine_init.c(831): Configuring RSA
> server private key
> [Tue Oct 05 15:21:11 2010] [info] mod_ssl/2.2.16 compiled against Server:
> Apache/2.2.16, Library: OpenSSL/1.0.0a
> 
> 
The system is freebsd 7.2 p3

I ran 
# ktrace /usr/local/sbin/apachectl start
Using kdump to descipher the output I got the following at the end of 
ktrace.out

 3568 sh       CALL  dup2(0xb,0x1)
  3568 sh       RET   dup2 1
  3568 sh       CALL  close(0xb)
  3568 sh       RET   close 0
  3568 sh       CALL  dup2(0xc,0x2)
  3568 sh       RET   dup2 2
  3568 sh       CALL  close(0xc)
  3568 sh       RET   close 0
  3568 sh       CALL  getrlimit(RLIMIT_NOFILE,0x7fffffffe260)
  3568 sh       RET   getrlimit 0
  3568 sh       CALL  setrlimit(RLIMIT_NOFILE,0x7fffffffe260)
  3568 sh       RET   setrlimit 0
  3568 sh       CALL  read(0xa,0x5204c0,0x3ff)
  3568 sh       GIO   fd 10 read 380 bytes
       " is no longer supported.
            echo Please edit httpd.conf to include the SSL configuration 
settings
            echo and then use "apachectl start".
            ERROR=2
            ;;
        configtest)
            $HTTPD -t
            ERROR=$?
            ;;
        status)
            $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } '
            ;;
        fullstatus)
            $LYNX $STATUSURL
            ;;
        *)
            $HTTPD $ARGV
            ERROR=$?
        esac
        
        exit $ERROR
        
       "
  3568 sh       RET   read 380/0x17c
  3568 sh       CALL  fork
  3568 sh       RET   fork 3585/0xe01
  3568 sh       CALL  getpgrp
  3568 sh       RET   getpgrp 3568/0xdf0
  3568 sh       CALL  wait4(0xffffffff,0x7fffffffe1cc,WUNTRACED,0)
  3568 sh       RET   wait4 3585/0xe01
  3568 sh       CALL  exit(0)
dns1# 
dns1# pwd
/usr/home/david/trace
dns1# ls -l
total 50
-rw-------  1 root  david  49499 Oct  5 16:00 ktrace.out
dns1# 
______________________

This makes it seem as though there is something wrong with the ssl 
configuration for apache22.

Can anyone please point me in the right direction

Thanks in advance

David


Photographic Artist
Permanent Installations & Design
Creative Imagery and Advanced Digital Techniques
High Dynamic Range Photography & Official Portraiture
Combined darkroom & digital creations
& Systems Adminstrator for the vizion2000.net network

Mime
View raw message