Oracle Linux:Unable To Start Apache Services Caused by Broken CSR certificate (Doc ID 2336960.1)

Last updated on APRIL 15, 2021

Applies to:

Symptoms

The service httpd failed with the following error:

[root@server certs]# systemctl start httpd
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.

Checking the status of the httpd service returns the following:

[root@server certs]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2017-12-05 09:21:55 EST; 5s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 11433 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 23516 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=1/FAILURE)
Process: 11429 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 11429 (code=exited, status=1/FAILURE)

The system log shows the following errors logged to /var/log/messages:
Dec 05 09:21:54 server systemd[1]: Starting The Apache HTTP Server...
Dec 05 09:21:54 server systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Dec 05 09:21:55 server kill[11433]: kill: cannot find process ""
Dec 05 09:21:55 server systemd[1]: httpd.service: control process exited, code=exited status=1
Dec 05 09:21:55 server systemd[1]: Failed to start The Apache HTTP Server.
Dec 05 09:21:55 server systemd[1]: Unit httpd.service entered failed state.
Dec 05 09:21:55 server systemd[1]: httpd.service failed.

Checking the ssl.conf and CSR certificate permissions shows a standard configuration:

ssl.conf:

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/xxx.com.crt

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/xxx.com.key

The path and permissions of the CSR certificate in ssl.conf is correct:
# pwd
/etc/pki/tls/certs
# ll *.crt
-rw-r-----. 1 root root 1035 Dec 4 22:32 xxx.com.crt

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.