[SOLVED] SSLEngine on / mod_ssl breaking apache

Aaaand boy has this been the install from hell… But the ‘migrating one site’ with hard disk failure, 5 day hosting debacle, and 3 day double install of 30 sites on virtualmin is another story altogether :):slight_smile:

Apache was failing with no error message, just "failed to start" (yeah, wonderfully helpful). I stripped all the virtualhosts from my httpd.conf and started adding them one at a time until I isolated the problem.

Adding in the line "SSLEngine on" proved to be the cause of the error.

I noted that mod_ssl wasn’t installed, so I did:

[code:1]
[root@server public_html]# yum install mod_ssl
Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
–> Populating transaction set with selected packages. Please wait.
—> Package mod_ssl.i386 2:2.0.53-3.6.vm set to be updated
–> Running transaction check
–> Processing Dependency: httpd = 1:2.0.53-3.6.vm for package: mod_ssl
–> Restarting Dependency Resolution with new changes.
–> Populating transaction set with selected packages. Please wait.
—> Package httpd.i386 1:2.0.53-3.6.vm set to be updated
–> Running transaction check
–> Processing Dependency: httpd = 2.0.52-38.ent.centos4.2 for package: httpd-suexec
–> Restarting Dependency Resolution with new changes.
–> Populating transaction set with selected packages. Please wait.
—> Package httpd-suexec.i386 1:2.0.53-3.6.vm set to be updated
–> Running transaction check

Dependencies Resolved

=============================================================================
Package Arch Version Repository Size

Updating:
mod_ssl i386 2:2.0.53-3.6.vm virtualmin 276 k
Updating for dependencies:
httpd i386 1:2.0.53-3.6.vm virtualmin 1.9 M
httpd-suexec i386 1:2.0.53-3.6.vm virtualmin 30 k

Transaction Summary

Install 0 Package(s)
Update 3 Package(s)
Remove 0 Package(s)
Total download size: 2.2 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): httpd-suexec-2.0.5 100% |=========================| 30 kB 00:00
(2/3): httpd-2.0.53-3.6.v 100% |=========================| 1.9 MB 00:03
(3/3): mod_ssl-2.0.53-3.6 100% |=========================| 276 kB 00:00
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : httpd-suexec ######################### [1/6]
Updating : httpd [2/6]warning: /etc/httpd/conf/httpd.conf created as /etc/httpd/conf/httpd.conf.rpmnew
Updating : httpd ######################### [2/6]
Updating : mod_ssl ######################### [3/6]
Cleanup : httpd-suexec ######################### [4/6]
Cleanup : httpd ######################### [5/6]
Cleanup : mod_ssl ######################### [6/6]

Updated: mod_ssl.i386 2:2.0.53-3.6.vm
Dependency Updated: httpd.i386 1:2.0.53-3.6.vm httpd-suexec.i386 1:2.0.53-3.6.vm
Complete!
[/code:1]

However, still no dice:

[code:1]
[root@server public_html]# service httpd restart
Stopping httpd: [FAILED]
Starting httpd: Syntax error on line 190 of /etc/httpd/conf/httpd.conf:
Cannot load /etc/httpd/modules/mod_version.so into server: /etc/httpd/modules/mod_version.so: cannot open shared object file: No such file or directory
[FAILED]
[root@server public_html]# locate mod_version.so
[root@server public_html]#
[/code:1]

So I’m missing mod_version.so, but from what I can tell that’s supposed to be installed with httpd?

Any advice on this one?<br><br>Post edited by: kato, at: 2008/08/01 08:30

Hi Kato,

Well, I don’t have mod_version either. The difference is that my Apache starts :wink: So, what might cause that…

I have a suspicion that you don’t actually need it. What mod_version does is described here:

http://httpd.apache.org/docs/2.2/mod/mod_version.html

But before we go removing it though, we can verify that with this:

find /etc/httpd/ -name "*.conf"|xargs grep -i version

What all does that output?

If you don’t see anything which is actually using mod_version’s functionality, my recommendation would be to simply remove mod_version from the list of modules being loaded.
-Eric

[code:1]
[root@server public_html]# find /etc/httpd/ -name ".conf"|xargs grep -i version
/etc/httpd/conf/httpd.conf:#LoadModule version_module modules/mod_version.so
/etc/httpd/conf/httpd.conf:# Optionally add a line containing the server version and virtual host
/etc/httpd/conf/httpd.conf:IndexOptions FancyIndexing VersionSort NameWidth=

/etc/httpd/conf/httpd.conf:# (“Full” adds the server version; “Block” removes all outgoing Via: headers)
/etc/httpd/conf.d/subversion.conf:# containing Subversion repositories, “/var/www/svn”. Each repository
/etc/httpd/conf.d/ssl.conf:# user name is the `one line’ version of the client’s X.509 certificate.
[/code:1]

Are you using SSL? I only have this issue when SSLEngine on appears in my httpd.conf. So it seems like it’s getting used by SSL somehow.

Based on the article you referenced, I looked for IfVersion… it definitely appears unused atm.

[code:1]
[root@server public_html]# find /etc/httpd/ -name "*.conf"|xargs grep -i IfVersion
[root@server public_html]#
[/code:1]

Hrm.

What’s on line 190 of this file:

/etc/httpd/conf/httpd.conf

If you’re a vi user, you can determine that by running:

vi +190 /etc/httpd/conf/httpd.conf

I suspect this comes from previously having a newer (non-standard) Apache version on your system, I think, so the configuration file has directives that don’t exist in your current (now standard) Apache version. Obviously, it would be safe to remove configuration directives related to non-existent modules. :wink:

k; So I don’t need SSLEngine On to make the ssl websites work?

andreychek wrote:

What's on line 190 of this file
Thanks for the great ideas!

Line 190 now reads (note the comment):

[code:1]
#LoadModule version_module modules/mod_version.so
[/code:1]

And it’s running fine without.

If you're a vi user
No thanks, I quit using years ago.

I 'm not sure he’s saying that so much as there’s probably something else in there that may not need to be.

For example, what’s on line 190 of your Apache config?

One of your errors was this:

"Starting httpd: Syntax error on line 190 of /etc/httpd/conf/httpd.conf"

Which tells me that might point to part of the problem.

I think the SSLEngine issue you found is a symptom rather than the actual problem.
-Eric