On GPL version, if I restart httpd I get an error. I found some similar errors on the support site but no fixes.
The error is:
#/etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [Fri Jan 31 11:33:49 2014] [error] VirtualHost default:443 – mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
I see that the VirtualHost default:443 is in the conf but if I delete or change to VirtualHost default:443 apache fails.
Any advice as to what to look at. I run about 6 SSL certificates on the site and they all work.
Apache’s “default” SSL vhost is not really supposed to be used with Virtualmin, since it takes its document from /var/www, which is not supported by Virtualmin.
How did you set up / enable that SSL site? You should create your sites through the Virtualmin interface and turn on the “SSL Website” feature there, then Virtualmin will create a correct vhost entry for Apache on port 443. The default SSL site should be disabled.
This site has been stable for a year. This just started. In fact the site went down about 5 minutes ago. To add SSL I go to the virtual server, select manage SSL and add the cert and CA.
The crash that just happened, I tried to restart httpd, but ended up doing a full reboot, and again the two additional IPs and all IP6 did not load on reboot and I had to manually add.
[error] VirtualHost default:443 – mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
Well all I can say is that the default SSL site should not be enabled, since it indeed has a “*” as IP, and has its directory root in /var/www (normally, by default). Virtualmin configures its SSL sites with the actual server IP and uses /home/DOMAIN/public_html as directory root, as it is required.
To be able to say anything further, I’d probably need to take a look at your system directly, because otherwise it’d be too much poking in the dark on my end.
Here are the logs when apache failed:
[Sun Feb 02 12:20:38 2014] [warn] mod_fcgid: cleanup zombie process 28202
[Sun Feb 02 13:23:41 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Feb 02 13:23:41 2014] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Sun Feb 02 13:23:42 2014] [notice] Digest: generating secret for digest authentication …
[Sun Feb 02 13:23:42 2014] [notice] Digest: done
[Sun Feb 02 13:23:42 2014] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Sun Feb 02 13:23:42 2014] [notice] Apache/2.2.15 (Unix) DAV/2 mod_fcgid/2.3.9 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips SVN/1.6.11 mod_perl/2.0.4 Perl/v5.10.1 configured – resuming normal operations
PHP Warning: Module ‘mcrypt’ already loaded in Unknown on line 0
PHP Warning: Module ‘mcrypt’ already loaded in Unknown on line 0
PHP Warning: Module ‘mcrypt’ already loaded in Unknown on line 0
PHP Warning: Module ‘mcrypt’ already loaded in Unknown on line 0
PHP Warning: Module ‘mcrypt’ already loaded in Unknown on line 0
PHP Warning: Module ‘mcrypt’ already loaded in Unknown on line 0
PHP Warning: Module ‘mcrypt’ already loaded in Unknown on line 0
PHP Warning: Module ‘mcrypt’ already loaded in Unknown on line 0
PHP Warning: Module ‘mcrypt’ already loaded in Unknown on line 0
PHP Warning: Module ‘mcrypt’ already loaded in Unknown on line 0
[Sun Feb 02 13:25:19 2014] [notice] caught SIGTERM, shutting down
[Sun Feb 02 13:25:27 2014] [error] FastCGI process 17930 still did not exit, terminating forcefully
[Sun Feb 02 13:26:52 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Feb 02 13:26:52 2014] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Sun Feb 02 13:26:52 2014] [notice] Digest: generating secret for digest authentication …
[Sun Feb 02 13:26:52 2014] [notice] Digest: done
[Sun Feb 02 13:26:53 2014] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Sun Feb 02 13:26:53 2014] [notice] Apache/2.2.15 (Unix) DAV/2 mod_fcgid/2.3.9 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips SVN/1.6.11 mod_perl/2.0.4 Perl/v5.10.1 configured – resuming normal operations
PHP Warning: Module ‘mcrypt’ already loaded in Unknown on line 0
In the webmin miniserver.error logs I have this:
Error: Failed to connect to localhost:10001 : Connection refused
sh: -c: line 0: syntax error near unexpected token newline' sh: -c: line 0: (hostname) 2>’
Failed to initialize SSL connection
Failed to initialize SSL connection
Failed to initialize SSL connection
find /usr/share/perl5 -name .packlist -print
find /usr/local/share/perl5 -name .packlist -print
find: /usr/local/share/perl5': No such file or directory find \/usr\/local\/lib64\/perl5 -name .packlist -print find: /usr/local/lib64/perl5’: No such file or directory
find /usr/share/perl5/vendor_perl -name .packlist -print
find /usr/share/perl5 -name .packlist -print
Error: Starting httpd: [Sun Feb 02 13:21:33 2014] [error] VirtualHost default:443 – mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
(98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
[FAILED]
The problem is not an active or inactive SSL cert, but the fact that the Apache’s default vhost on port 443 is active. Its configuration has the “*:443” in it which probably triggers your error. You should just disable that vhost, and move its stuff elsewhere if you actually use it (which I doubt, since as I said its document root is usually in /var/www, which is not supported by Virtualmin).
See if you have the “a2dissite” command in your system, otherwise check the directory /etc/apache2/sites-enabled which contains softlinks to the files in sites-available and delete the problematic one.
I am running CentOS6 and so my apache is /etc/httpd/conf.d/ but there is no file sites-enabled - I searched through the ssl.conf file which includes the line:
VirtualHost default:443
But if I delete of cancel out it crashes apache.
Something somewhere in Virtualmin or Webmin must be pointing to the ssl.conf but I cannot find what. The ssl.conf is from April 2013.
Apache uses the ssl.conf file, and every other .conf file in that directory, whenever it starts up. It sounds like there’s some settings in there that are causing problems though.
In your case, you’d want to make sure that you don’t see any VirtualHost or NameVirtualHost entries that include an “*” in them. For example, you don’t want *:443, you always want it to use “x.x.x.x:443”, where x.x.x.x is your server’s IP address.
I blocked out the entire VirtualHost default block in the SSL.conf and that has got rid of the *:443 error, but now I am getting a warning: [warn] NameVirtualHost *:0 has no VirtualHosts
I’ve searched through the conf files but don’t see this.
Also, in the SSL.CONF there is one other *.443 that I’m not sure if I should block out:
LoadModule ssl_module modules/mod_ssl.so
I run multiple SSL on the same IPs. This was not a problem until the last few weeks. If you go to a site with 10000 or 20000 port, this is what I get:
You attempted to reach shoots.com, but instead you actually reached a server identifying itself as www.epdigital.biz. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of shoots.com.
I went to https://shoots.com:20000/ which has a SSL and is on its own IP address, but the cert that shows up is epdigital.biz - if I go to https://shoots.com the correct cert shows up. I know this is all related somewhere.
im pretty sure that under the Virtualmin Configuration page, there is a setting under the “apache” section, where you can either define to let users share your companies ssl cert (when landing on the webmin or usermin pages),
or in your case, you would want each site to use their own cert, in order to prevent this conflict-
i’m pretty sure it’s intended use scenario would include redirecting to your companies domain, where you have a working and paid for SSL cert. this would ensures that all users logging into Webmin, or Usermin, can verify their connection respectively to the back-end without needing to purchase their own certificate from an authenticated vendor.
Well, it has been 4 weeks of uneventful operation, then out of the blue yesterday at mid-day apache stops. There is nothing in the logs other than 100’s of zombie process warnings, but in the past I’ve been told on these forums that they are not an issue and to ignore.
I attempt restart apache and get this error: Error: Starting httpd: [Wed Mar 05 13:32:46 2014] [warn] NameVirtualHost *:0 has no VirtualHosts
(98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
[FAILED]
I am unable to restart. All other services are working normally - email, control panel, etc.
Next I re-boot the server and apache starts up, however, only one IP address loads in the Network Interface on eth0. The Network Config includes the other two IPs in eth0:1 and eth0:2, but they do not load and I have to manually add them. The IPs are listed in Host Addresses.
I don’t know immediately about the eth issue, but the “mid-day Apache stop” can well have been an OpenVZ issue. When you run into resource limitations, OpenVZ tends to just randomly kill processes. You can check the file /proc/user_beancounters then for values >0 in the “Fail” column.