One of our Apache 2.4 web servers strangely stopped working and didn’t want to come back up. I tried to start it but it came back with a vague error message:
$ sudo service apache2 start Starting web server apache2 Action 'start' failed. The Apache error log may have more information.
A quick look in /var/log/apache2/error.log just showed nothing useful:
$ tail var/log/apache2/error.log AH00016: Configuration Failed, exiting
So, I ran the Apache configuration check tool on the configuration files but the syntax was okay.
$ sudo apache2ctl configtest Syntax OK
This means that there isn’t anything wrong with the syntax of the Apache config and I generally find that this means either an SSL certificate isn’t installed incorrectly or there is something wrong with a more general configuration file. To find which host had configuration file problems – I used the strace command. This is really good because it shows all of Apache’s interactions with the file system. Therefore you can see the last file Apache opened before failing.
sudo apt-get update sudo apt-get install strace sudo strace -f apache2ctl start
The output from strace is quite large but you can clearly see where Apache failed.
..... [pid 6068] munmap(0x7f45c6c38000, 4096) = 0 [pid 6068] write(11, "[Sun Oct 05 07:35:44.207805 2014"..., 189) = 189 [pid 6068] write(2, "AH00016: Configuration Failed\n", 30) = 30 [pid 6068] select(0, NULL, NULL, NULL, {0, 10000}) = 0 (Timeout) .....
and just before this was this…
[pid 6068] munmap(0x7f45c6c38000, 4096) = 0 [pid 6068] open("/etc/ssl/private/a_website_ssl.key", O_RDONLY) = 45 [pid 6068] fstat(45, {st_mode=S_IFREG|0644, st_size=1704, ...}) = 0 [pid 6068] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f45c6c38000 [pid 6068] read(45, "-----BEGIN PRIVATE KEY-----\nMIIE"..., 4096) = 1704 [pid 6068] close(45)
This enabled me to quickly idenfity which ssl certicate was causing the problems and disable the site which was using that key.
sudo a2dissite a_weebsite.conf
I hope that someone finds this useful.
Was your issue related to a mismatch between the certificate and the private key instead ?
http://httpd.apache.org/docs/2.4/en/ssl/ssl_faq.html#verify
Yes. It was exactly this.
I was just putting this post up to show how to debug Apache using strace because it can sometimes be really hard to find out what the problem is.
thank you, this solution saved my day
Nearly 4 yours later, this post saved my day as well. Thank you.
This did happened to me today. From the Apache 2.2 days I was used to have a clearer error message. The Apache 2.4 error was not very helpful to find its a SSL Private Key and Cert mismatch. Thanks for your hint and sharing it.
Thank you so much for this! It’s a brilliant idea that helped us figure out our SSL certs and keys were out of sync
Thanks this helped me figure out the issue with the certs (apache logs weren’t so helpful)