HELP - Apache2 won't start!

Hi all

I was installing a new SSL cert this am and after installation i tried to restart apache2 but I get the error message:

* Starting web server apache2
(98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
…fail!

I can’t seem to find the problem and was hoping someone might be able to point me in the right direction.

I desperately need to get this sorted ASAP, so any quick response would be a massive help.

Thanks in advance.

Oh, I also added a new IP address to the system for use by the site that needed the SSL cert. The IP seemed to be working fine after a little issue that was discussed here.

I’m not sure if this is related to my current problem, but I thought it might be worth mentioning.

Cheers

It’s possible an old Apache process is stuck and still blocking the port.

Try netstat -tpln | grep :80 and see if an Apache turns up. You can kill it with kill -9 PID with PID being the number before the Apache executable name.

It’s possible an old Apache process is stuck and still blocking the port.

Try netstat -tpln | grep :80 and see if an Apache turns up. You can kill it with kill -9 PID with PID being the number before the Apache executable name.

Thanks Locutus, this does seem to be part of the problem - ie the bit that flags up that I have an issue, but not the root cause.

When I try to install the SSL cert via Virtualmin > Server Config > Manage SSL Certificate I get an error that the cert doesn’t match the key, however I’ve regenerated the CSR and key several times and requested a reissue of the cert each time from CA - but still no joy.

If I try to manually install the CSR, key and cert files and restart Apache2, then Apache2 simply fails with the same error I mentioned in the first post. If I try to reboot ubuntu, Apache still fails to start with the same error.

To get Apache running again I have to regenerate a new CSR and then self-sign a new certificate for the virtual server that I’m working with. After this, I can simply hit the Restart Apache button and everything is back up and running with the exception of the CA cert. The self signed cert still works fine and is available via the browser no problem.

I can’t think of anything else to try - does anyone have any other suggestion?

Cheers

Hmm, well the error message clearly states that something is already listening on port 80 when you try to start Apache. If it’s not a stuck Apache process, and no other application, then it must be Apache itself.

Is maybe the SSL port for Apache configured to 80 as well? That should not happen, but would explain why it’s trying to listen on an already occupied port.

I don’t think that is the issue, as I have an existing site with a CA issued SSL working fine and the self-signed cert works fine for the site I’m having trouble with. Both of these are correctly configured to port 443.

It seems that Apache just gets upset when I try to manually install the cert, which means I must be doing something wrong. But what I don’t understand is why Virtualmin keeps reporting that the cert and the key do not match when I try to install the cert via the Virtualmin interface - I’ve gone through the reissue process around 4 times now, so I’m pretty sure I must have got at least one of them right!?

Do you have any other options for me?

Nope sorry, I really don’t see how a port-in-use error message could be caused by some incorrect certificate. If at all, Apache should warn and continue then, skipping the virtual server in question, but not fail to start completely with a port error…

You might try performing an Apache config file syntax check:

export APACHE_RUN_USER=www-data export APACHE_RUN_GROUP=www-data apache2 -t

Oh dear - that means that I’m stuck then…

Like I said above, the only step I need to take in order to get Apahce2 to function correctly again is to regenerate the self-signed cert - perhaps that in itself fixes some other problem which may indeed cause the port-in-use error?

After running the commands in your post, I get Syntax OK

Back to the drawing board then - wish me luck!

and thanks again for trying.

You’re welcome, and good luck! :slight_smile:

One more thing: The “(98)” in your initial report might be the line number in the config file where Apache bailed out. Can you check what that line says?

nice try, but it’s a commented out line…

# MinSpareServers: minimum number of server processes which are kept spare

Howdy,

I’d be curious to see the details of your commercial SSL cert/key.

Assuming that “ssl.cert” is your commercial SSL certificate, and “ssl.key” is the key for that certificate – can you run these commands, and attach the resulting file to this thread?

openssl x509 -in ssl.cert -text -noout > ssl_test.txt echo "========" >> ssl_test.txt openssl rsa -in ssl.key -text -noout >> ssl_test.txt

That will generate some information we can use for debugging.

In particular, I’m curious to see if the “modulus” for both the cert and key are indeed different. If they are, that means that they really don’t match, those would need to be the same.

-Eric

Hi again Eric

I’m one step ahead of you at the moment :wink:

I just checked and the modulus for the csr and cert do not match, moreover the key and csr do not match. That is massively confusing for me, as I’ve just requested brand new csr and key (via Virtualmin > Server Config > Manage SSL Certificate) to debug and the pair that are generated do not match either!

I can’t understand how the newly generated csr and key cannot match - I even used a 3rd party checking tool double check the results, seeing as I will be replacing the key I didn’t think it would cause any harm to be sure.

Is there some way that OpenSSL could be failing to match them up somehow?

This is a real head-scratcher for me right now.

Wow - get ready for the solution to this problem… i can’t believe I didn’t notice this sooner!

i don’t understand why it was causing Apache to refuse to start but, the problem with the ssl cert was down to my email client.

I’m running Outlook 2010 on a Windows machine, and the ssl cert from the CA was simply included inline in the middle of the email body. Outlook had kindly injected unwanted linebreaks and possible some foreign html objects into the cert which caused the validation to fail.

Whilst this proves that Outlook is rubbish in this regard, I would have expected the CA to issue the cert in a file rather than in the middle of the email body.

In the end I used the ‘Read User Mail’ webmin server to view the text only version and extracted the cert from there - problem solved.

I can only assume that the unwanted linebreaks or html were causing the ssl cert to break the Apache startup procedure, but I have absolutely no idea why. After installing the cert correctly I am able to stop and start Apache via the terminal and via Webmin without any issues at all.

A lesson [re]learned - Microsoft stuff can be a pain in the a$$.

Hopefully this will prove useful to some others who may experience similar problems.

Thanks to all who tried to help me.