My Oracle Support Banner

Oracle Linux:Unable To Start Apache Services Caused by Broken CSR certificate (Doc ID 2336960.1)

Last updated on AUGUST 04, 2018

Applies to:

Linux OS - Version Oracle Linux 7.2 with Unbreakable Enterprise Kerne [3.8.13] and later
Information in this document applies to any platform.

Symptoms

The service httpd failed with the following error:

[root@server certs]# systemctl start httpd
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.

Checking the status of the httpd service returns the following:

[root@server certs]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2017-12-05 09:21:55 EST; 5s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 11433 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 23516 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=1/FAILURE)
Process: 11429 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 11429 (code=exited, status=1/FAILURE)


The system log shows the following errors logged to /var/log/messages:
Dec 05 09:21:54 server systemd[1]: Starting The Apache HTTP Server...
Dec 05 09:21:54 server systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Dec 05 09:21:55 server kill[11433]: kill: cannot find process ""
Dec 05 09:21:55 server systemd[1]: httpd.service: control process exited, code=exited status=1
Dec 05 09:21:55 server systemd[1]: Failed to start The Apache HTTP Server.
Dec 05 09:21:55 server systemd[1]: Unit httpd.service entered failed state.
Dec 05 09:21:55 server systemd[1]: httpd.service failed.


Checking the ssl.conf and CSR certificate permissions shows a standard configuration:

ssl.conf:

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/xxx.com.crt

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/xxx.com.key

 

The path and permissions of the CSR certificate in ssl.conf is correct:
# pwd
/etc/pki/tls/certs
# ll *.crt
-rw-r-----. 1 root root 1035 Dec 4 22:32 xxx.com.crt

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.