Resolved Plesk 12.5 Apache service do not start, tried every magic we know of...

[AmaZili Communication]

Hi,

we run servers with multiple domains from multiple customers.

One of our server is running CentOS Linux release 7.2.1511 and plesk 12.5.30 CentOS 7 1205160608.10
The domains are configured to run nginx as a proxy and runs as php-fpm served by nginx.

Our servers are updated on a regular base.

The plesk web interface runs well.

We noticed some glitches recently on all the domain running on this server.
First, Let's encrypt certificates did not renewed.
Second, we got Nginx 502 errors every time we tried to access a web page with the form of url like :

thisdomain.tld/thissubmenu

the error did not appeared when the url was :

thisdomain.tld/thissubmenu/

with a trailing /

We then investigated and discovered that the apache server was not running.
in the service management page, a click on start the apache service results in :

Error: Unable to make action: Unable to manage service by apache_control_adapter: ('start', 'web'). Error:

On the command line :

service httpd status -l

results in :

Redirecting to /bin/systemctl status  -l httpd.service
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/httpd.service.d
           └─limit_nofile.conf
   Active: failed (Result: exit-code) since mer. 2016-09-28 18:20:33 CEST; 14min ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 2857 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
  Process: 2730 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 2730 (code=exited, status=1/FAILURE)

sept. 28 18:20:26 server.ourdomain.tld systemd[1]: Starting The Apache HTTP Server...
sept. 28 18:20:33 server.ourdomain.tld systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
sept. 28 18:20:33 server.ourdomain.tld kill[2857]: kill: cannot find process ""
sept. 28 18:20:33 server.ourdomain.tld systemd[1]: httpd.service: control process exited, code=exited status=1
sept. 28 18:20:33 server.ourdomain.tld systemd[1]: Failed to start The Apache HTTP Server.
sept. 28 18:20:33 server.ourdomain.tld systemd[1]: Unit httpd.service entered failed state.
sept. 28 18:20:33 server.ourdomain.tld systemd[1]: httpd.service failed.

we tried :

plesk repair all -y

then :

plesk repair web

everything was [OK]

Tried :

 yum update

then :

plesk installer --select-release-current --reinstall-patch --upgrade-installed-components

then :

/usr/local/psa/admin/sbin/websrvmng -a -v

and also :

/usr/local/psa/admin/sbin/httpdmng --reconfigure-all

Nothing changed, the service httpd did not start and :

service httpd status -l

Is still the same.


Can someone help with this ?

 

[IgorG]

Do you have enabled ModSecurity for Apache?
Have you tried to check webserver configuration with Webserver Configuration Troubleshooter extension?
Do you have any related error messages in Apache error log?

 

[AmaZili Communication]

Hi Igor,

Thanks for reply fast.
Modsecurity was enabled, we disabled it for debugging purpose.
Webserver troubleshooter extension says everything is ok (green dot)

httpd log files says a bunch of :

[Thu Sep 29 08:39:33.981188 2016] [suexec:notice] [pid 24615:tid 140688562788416] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Sep 29 08:39:33.993939 2016] [ssl:emerg] [pid 24615:tid 140688562788416] AH02242: Init: Multiple RSA server certificates not allowed
[Thu Sep 29 08:39:33.993950 2016] [ssl:emerg] [pid 24615:tid 140688562788416] AH02312: Fatal error initialising mod_ssl, exiting.
[Thu Sep 29 08:40:21.289805 2016] [suexec:notice] [pid 24711:tid 140732173805632] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Sep 29 08:40:21.302421 2016] [ssl:emerg] [pid 24711:tid 140732173805632] AH02242: Init: Multiple RSA server certificates not allowed
[Thu Sep 29 08:40:21.302431 2016] [ssl:emerg] [pid 24711:tid 140732173805632] AH02312: Fatal error initialising mod_ssl, exiting.

And this is where it strted to fail :

[Fri Sep 23 19:53:59.294692 2016] [ssl:warn] [pid 8666:tid 140073499854912] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Fri Sep 23 19:53:59.295836 2016] [:notice] [pid 8666:tid 140073499854912] mod_bw : Memory Allocated 0 bytes (each conf takes 48 bytes)
[Fri Sep 23 19:53:59.295844 2016] [:notice] [pid 8666:tid 140073499854912] mod_bw : Version 0.92 - Initialized [0 Confs]
[Fri Sep 23 19:53:59.304484 2016] [mpm_event:notice] [pid 8666:tid 140073499854912] AH00489: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips Apache mod_fcgid/2.3.9 mod_perl/2.0.9dev Perl/v5.16.3 configured -- resuming normal operations
[Fri Sep 23 19:53:59.304511 2016] [core:notice] [pid 8666:tid 140073499854912] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Fri Sep 23 20:23:59.497334 2016] [mpm_event:notice] [pid 8666:tid 140073499854912] AH00492: caught SIGWINCH, shutting down gracefully
[Fri Sep 23 20:24:01.428795 2016] [suexec:notice] [pid 12259:tid 140098506135616] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Sep 23 20:24:01.441909 2016] [ssl:emerg] [pid 12259:tid 140098506135616] AH02242: Init: Multiple RSA server certificates not allowed
[Fri Sep 23 20:24:01.441921 2016] [ssl:emerg] [pid 12259:tid 140098506135616] AH02312: Fatal error initialising mod_ssl, exiting.
[Fri Sep 23 20:24:02.327673 2016] [suexec:notice] [pid 12349:tid 140683485038656] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Sep 23 20:24:02.340964 2016] [ssl:emerg] [pid 12349:tid 140683485038656] AH02242: Init: Multiple RSA server certificates not allowed
[Fri Sep 23 20:24:02.340975 2016] [ssl:emerg] [pid 12349:tid 140683485038656] AH02312: Fatal error initialising mod_ssl, exiting.
[Fri Sep 23 20:54:03.072680 2016] [suexec:notice] [pid 22295:tid 140691587246144] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Sep 23 20:54:03.085937 2016] [ssl:emerg] [pid 22295:tid 140691587246144] AH02242: Init: Multiple RSA server certificates not allowed
[Fri Sep 23 20:54:03.085948 2016] [ssl:emerg] [pid 22295:tid 140691587246144] AH02312: Fatal error initialising mod_ssl, exiting.
[Fri Sep 23 20:54:03.953212 2016] [suexec:notice] [pid 22341:tid 139898044201024] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Sep 23 20:54:03.966332 2016] [ssl:emerg] [pid 22341:tid 139898044201024] AH02242: Init: Multiple RSA server certificates not allowed
[Fri Sep 23 20:54:03.966344 2016] [ssl:emerg] [pid 22341:tid 139898044201024] AH02312: Fatal error initialising mod_ssl, exiting.
[Fri Sep 23 21:24:05.047643 2016] [suexec:notice] [pid 28890:tid 139646678775872] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Sep 23 21:24:05.060888 2016] [ssl:emerg] [pid 28890:tid 139646678775872] AH02242: Init: Multiple RSA server certificates not allowed
[Fri Sep 23 21:24:05.060900 2016] [ssl:emerg] [pid 28890:tid 139646678775872] AH02312: Fatal error initialising mod_ssl, exiting.
[Fri Sep 23 21:24:05.918042 2016] [suexec:notice] [pid 28936:tid 140498585712704] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Sep 23 21:24:05.931129 2016] [ssl:emerg] [pid 28936:tid 140498585712704] AH02242: Init: Multiple RSA server certificates not allowed
[Fri Sep 23 21:24:05.931140 2016] [ssl:emerg] [pid 28936:tid 140498585712704] AH02312: Fatal error initialising mod_ssl, exiting.

 

[IgorG]

Multiple RSA server certificates not allowed

Please check this KB article - https://kb.plesk.com/en/129528

 

[AmaZili Communication]

Igor,

Is there any way to find which domains to seek for (there are plenty on the server...)
kb says :
Edit /var/www/vhosts/system/domain.tld/conf/vhost_ssl.conf Remove or comment out SSLCertificateFile directive.

 

[UFHH01]

Hi AmaZili Communication,

consider to use "find" for example, to find corresponding entries:

find /var/www/vhosts/system -type f -name "*ssl.conf" -exec grep -i -H "SSLCertificateFile" {} \;
or
find /var/www/vhosts/system -type f -name "*.conf" -exec grep -i -H "SSLCertificateFile" {} \;​

 

[AmaZili Communication]

Igor,

Thank you so much !

I found it after checking all A, B starting names domains, which are very few...
It was one of your first names starting with a C !!!!

I commented out the ssl certificate déclaration, and the apache process restarted.

In the same time, we understood what happened, and this can be a good help for other users.
for some reason, someone from this customer's team added :

SSLCertificateFile /usr/local/psa/var/modules/letsencrypt/etc/live/guilty-domain.tld/cert.pem
SSLCertificateKeyFile /usr/local/psa/var/modules/letsencrypt/etc/live/guilty-domain.tld/privkey.pem

into the https additional directives and We guess this worked until the apache server restarted than failed.

It's now up and running.

This could help all the people with similar configuration.

Thanks again, Plesk people are great !

Philippe

 

[AmaZili Communication]

Hi AmaZili Communication,

consider to use "find" for example, to find corresponding entries:

find /var/www/vhosts/system -type f -name "*ssl.conf" -exec grep -i -H "SSLCertificateFile" {} \;
or
find /var/www/vhosts/system -type f -name "*.conf" -exec grep -i -H "SSLCertificateFile" {} \;​

Thanks, saw it too late, but, we'llkeep it for future use