Apache2 won't restart, no error being given

Hi guys, I have come back to Virtualmin after a number of years on someone elses cpanel :frowning: that I had to use.

I have my virtualmin all set up and ready to go except a few niggles I am working through but have just come across a game breaker I can’t figure out.

I finally managed to get my site migrated and working so I switched the DNS over to the new host, I went back in to Webmin to upload my ssl certificate which uploaded both parts and installed them just fine but then when I asked apache to restart it failed.

I have nothing of note coming up as an error message: I have tried :systemctl status apache2.service and journalctl -xe and neither show where the error might be. Is there any way in which i can get more information in order to try and figure a fix? My site DNS is likely to propagate shortly and other than reverting that back to the old host I am going to be left with a non working site which i’d like up and running even so people know we didn’t just vanish.

I am using the current build of webmin/virtualmin on a fresh debian 10.

Thanks for the help.

– An ExecStart= process belonging to unit apache2.service has exited.

– The process’ exit code is ‘exited’ and its exit status is 1.
Apr 25 01:18:30 boom.colonelboom.co.uk systemd[1]: apache2.service: Failed with result ‘exit-code’.
– Subject: Unit failed
– Defined-By: systemd
– Support: https://www.debian.org/support

– The unit apache2.service has entered the ‘failed’ state with result ‘exit-code’.
Apr 25 01:18:30 boom.colonelboom.co.uk systemd[1]: Failed to start The Apache HTTP Server.
– Subject: A start job for unit apache2.service has failed
– Defined-By: systemd
– Support: https://www.debian.org/support

– A start job for unit apache2.service has finished with a failure.

– The job identifier is 42711 and the job result is failed.

To add to this, I have gone back and reversed the ssl installation by going into the virtual host, turning off ssl, removing the three files and saving. Apache will restart - albeit my site still keeps trying to load under https despite there being no redirects in place.

I reissued the certificate again as it was done on a different server and I wanted to be sure the private key details were correct. Reissuing seemed to be the logical option.

I have followed the step by step guide from ssl’s :https://www.ssls.com/knowledgebase/how-to-install-an-ssl-certificate-in-webmin/

Still the same problem, apache won’t restart.

Your issue is simiar to the following and you could try some of the solutions suggested here

Check the log files or run “systemctl status apache2.service”.

Thanks for the replies.

As in the OP I checked the logs and apache status and both said no error. The issue seems to stem from uploading and applying the SSL certificate. Once I remove the ssl it restarts with no issues at all.

I also can’t get let’s encrypt to work so can’t just use that. It will upload the file to the directories i created but then doesn’t proceed. It also fails on autoconfig.domain so I manually filled in the www. non-www and mail.domain I actually need covering

It is possible that either the certificate is the cause of the problem or they way you implement it.

Thanks, I have since given up trying to use the paid ssl cert and gone back to let’s encrypt. I have managed to have success creating the cert just using the .domain.com address which is a step in the right direction but now am getting the following error on the domain when I try to access it.

This page isn’t working

www.colonelboom.co.uk redirected you too many times.

ERR_TOO_MANY_REDIRECTS

At least this is a new error which gives me hope that something, somewhere is working but just not directing correctly.

I have restarted apache and also cleared my browsing data so i am wondering if there is a redirect file somewhere that I need to take a look at and see if old redirects are the problem now.

Most likely its the previous redirects you did.
I dont think its an issue with paid certificates in general, more like the way you implemented it or it wasnt valid anymore / needed additional steps.

Are you aware of where apache stores the text file of previous redirects? virtualmin has nothing at showing in the aliases and redirects for the virtual host but it’s still redirecting away from ssl and adding www.

I have used an ssl check tool and the lets encrypt cert is showing as working and valid but I just cannot access a secure page.

If it was done via virtualmin, it should be written directly in the vhost file or in a config which gets loaded through the vhost file.
Either way, you should check the matching vhost file.

Did you really delete the browser cache? Tried another browser? If yes, then isnt a browser issue.

It’s a strange one for sure. and thanks for coming back to help too.

I have found the relevant conf file, no redirects exist. Having started to look through the settings I took a look at firewalld and found that has an error message ( Failed to list zones : Error: INVALID_ZONE) subsequently, it’s not running which concerns me.

The ssl cert works fine on a couple of checkers I have used but not in my browser. I checked it on my phone and it’s working so i am thankful for that at least.

My main worry now is firewalld. i don’t want to be leaving my build open to attack but can’t start the service which says it’s not running in virtualmin but systemctl status firewalld -l shows it as active and running. I’m wondering about removing it and going back to iptables as this is the first time I have had experience with firewalld and I have to say it’s disheartening.

root@boom:~# systemctl status firewalld -l
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2020-04-25 19:26:31 BST; 7min ago
Docs: man:firewalld(1)
Main PID: 15534 (firewalld)
Tasks: 2 (limit: 2359)
Memory: 21.2M
CGroup: /system.slice/firewalld.service
└─15534 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid

Apr 25 19:26:31 boom.colonelboom.co.uk systemd[1]: Starting firewalld - dynamic firewall daemon

Apr 25 19:26:31 boom.colonelboom.co.uk systemd[1]: Started firewalld - dynamic firewall daemon.
Apr 25 19:26:31 boom.colonelboom.co.uk firewalld[15534]: ERROR: ‘/usr/sbin/iptables-restore -w -n’ failed: iptables-restore v1.8.2 (nf_tables):
line 4: RULE_REPLACE failed (No such file or directory): rule in chain INPUT
line 4: RULE_REPLACE failed (No such file or directory): rule in chain OUTPUT
Apr 25 19:26:31 boom.colonelboom.co.uk firewalld[15534]: ERROR: ‘/usr/sbin/ip6tables-restore -w -n’ failed: ip6tables-restore v1.8.2 (nf_tables):
line 4: RULE_REPLACE failed (No such file or directory): rule in chain INPUT
line 4: RULE_REPLACE failed (No such file or directory): rule in chain OUTPUT
Apr 25 19:26:31 boom.colonelboom.co.uk firewalld[15534]: ERROR: COMMAND_FAILED: ‘/usr/sbin/ip6tables-restore -w -n’ failed: ip6tables-restore v1.8.2 (nf_
line 4: RULE_REPLACE failed (No such file or directory): rule in chain INPUT
line 4: RULE_REPLACE failed (No such file or directory): rule in chain OUTPUT
Apr 25 19:26:40 boom.colonelboom.co.uk firewalld[15534]: ERROR: INVALID_ZONE
Apr 25 19:32:23 boom.colonelboom.co.uk firewalld[15534]: ERROR: INVALID_ZONE

If I recall it correctly, its a back from iptables.

Add the backport repo to the source.list from apt:

deb http://deb.debian.org/debian buster-backports main

And then update iptables:

apt install -t buster-backports iptables

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.