GUI broken after https ssl certificate install

pricie1991 · September 16, 2020, 7:34pm

Hi All,

Today i installed our ssl certificate to enable https however it was ages installing then the gui didn’t load.
Now we are unable to get to the gui. I’ve logged into cli and tried service httpd restart and its fails.

● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2020-09-16 20:33:20 BST; 23s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 16174 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 16173 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 16173 (code=exited, status=1/FAILURE)

Sep 16 20:33:20 freepbx.fortress.local systemd[1]: Starting The Apache HTTP Server…
Sep 16 20:33:20 freepbx.fortress.local httpd[16173]: [Wed Sep 16 20:33:20.205300 2020] [so:warn] [pid 16173] AH01574: module ssl_module is already loaded, skipping
Sep 16 20:33:20 freepbx.fortress.local systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Sep 16 20:33:20 freepbx.fortress.local kill[16174]: kill: cannot find process “”
Sep 16 20:33:20 freepbx.fortress.local systemd[1]: httpd.service: control process exited, code=exited status=1
Sep 16 20:33:20 freepbx.fortress.local systemd[1]: Failed to start The Apache HTTP Server.
Sep 16 20:33:20 freepbx.fortress.local systemd[1]: Unit httpd.service entered failed state.
Sep 16 20:33:20 freepbx.fortress.local systemd[1]: httpd.service failed.
[root@freepbx ~]#

Anyone have any ideas?

TheWebMachine · September 17, 2020, 5:07am

Can you please explain the process with which you installed the certificate? Did you use Certificate Management? Is this a LetsEncrypt cert or one you obtained elsewhere?

In short, we need a bit more information about your situation before we can even begin to help you out.

pricie1991 · September 17, 2020, 8:18am

We used Certificate Management and uploaded a signed certificate from our CA.
We then went to System Admin > Https Setup. selected uploaded certificate and pressed install.

It sat on installing for 10 minutes + then gui stopped working. We have also tried restarting the server.

pricie1991 · September 22, 2020, 8:47pm

anyone got any ideas? still have no gui thankfully call server still working.

shahin · September 23, 2020, 9:54am

Hi @pricie1991
What about your PBX Modules update ? are up to date ?
Pls try to check first updates and check your ssl permissions. Could be your pbx Cert Manager module version are old.

fwconsole ma refreshsignatures
fwconsole ma showupgrades
fwconsole ma upgradeall
fwconsole chown
fwconsole r --verbose

Try to re-install your Custom SSL Certificate and check HTTPS Port from Port Management:

Admin → System Admin → 1-Port Management : HTTPS Port check 443 →
2- HTTPS Setup → Settings Tab → Press to Install Button.

Then you can check from PBX CLI your FQDN name (SSL Certificate) with below command.

openssl s_client -connect pbx_fqdn_name:443

If all okay, You should see return on your PBX CLI Display below messages.

Verify return code: 0 (ok)
— read:errno=0

jerrm · September 23, 2020, 12:55pm

He can’t do that because httpd isn’t running.

jerrm · September 23, 2020, 1:23pm

My guess is the cert is hosed and causing apache to bomb out.

Try manually generating your own cert for apache from the command line:

mv /etc/pki/tls/private/localhost.key /etc/pki/tls/private/localhost.key.old
mv /etc/pki/tls/certs/localhost.crt /etc/pki/tls/certs/localhost.crt.old
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out  /etc/pki/tls/certs/localhost.crt
systemctl start httpd

With luck that may get the GUI operational and then you can try the import again.

pricie1991 · September 24, 2020, 8:21am

Did all you suggested and still came back with:

[root@freepbx ~]# systemctl start httpd
Job for httpd.service failed because the control process exited with error code. See “systemctl status httpd.service” and “journalctl -xe” for details.

pricie1991 · September 24, 2020, 9:06am

Just found this not sure if it helps?

[root@freepbx ~]# egrep -R “Listen” /etc/httpd/
/etc/httpd/conf/httpd.conf:# Listen: Allows you to bind Apache to specific IP addresses and/or
/etc/httpd/conf/httpd.conf:# Change this to Listen on specific IP addresses as shown below to
/etc/httpd/conf/httpd.conf:#Listen 12.34.56.78:80
/etc/httpd/conf.d/ssl.conf:Listen 443
/etc/httpd/conf.d/schmoozecom.conf:Listen 80
/etc/httpd/conf.d/schmoozecom.conf:Listen 82
/etc/httpd/conf.d/schmoozecom.conf:Listen 84
Binary file /etc/httpd/modules/mod_heartmonitor.so matches
Binary file /etc/httpd/modules/mod_mpm_event.so matches
Binary file /etc/httpd/modules/mod_mpm_prefork.so matches
Binary file /etc/httpd/modules/mod_mpm_worker.so matches

pricie1991 · September 24, 2020, 9:19am

cat /var/log/httpd/error_log
[Thu Sep 24 09:20:31.514337 2020] [suexec:notice] [pid 23983] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Sep 24 09:20:31.515175 2020] [ssl:emerg] [pid 23983] AH01903: Failed to configure CA certificate chain!
[Thu Sep 24 09:20:31.515192 2020] [ssl:emerg] [pid 23983] AH02312: Fatal error initialising mod_ssl, exiting.
[Thu Sep 24 09:29:36.317872 2020] [suexec:notice] [pid 25074] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Sep 24 09:29:36.318825 2020] [ssl:emerg] [pid 25074] AH01903: Failed to configure CA certificate chain!
[Thu Sep 24 09:29:36.318867 2020] [ssl:emerg] [pid 25074] AH02312: Fatal error initialising mod_ssl, exiting.
[Thu Sep 24 09:31:01.644409 2020] [suexec:notice] [pid 25285] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Sep 24 09:31:01.645173 2020] [ssl:emerg] [pid 25285] AH01903: Failed to configure CA certificate chain!
[Thu Sep 24 09:31:01.645191 2020] [ssl:emerg] [pid 25285] AH02312: Fatal error initialising mod_ssl, exiting.
[Thu Sep 24 09:31:34.153399 2020] [suexec:notice] [pid 25396] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Sep 24 09:31:34.154215 2020] [ssl:emerg] [pid 25396] AH01903: Failed to configure CA certificate chain!
[Thu Sep 24 09:31:34.154242 2020] [ssl:emerg] [pid 25396] AH02312: Fatal error initialising mod_ssl, exiting.
[Thu Sep 24 09:59:39.565089 2020] [suexec:notice] [pid 28563] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Sep 24 09:59:39.566245 2020] [ssl:emerg] [pid 28563] AH01903: Failed to configure CA certificate chain!
[Thu Sep 24 09:59:39.566288 2020] [ssl:emerg] [pid 28563] AH02312: Fatal error initialising mod_ssl, exiting.

jerrm · September 24, 2020, 11:15pm

Apologies, I had paths for centos defaults in error.

Let’s try a simpler approach, try:

mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.old
systemctl restart http

Wouldn’t hurt to post the contents of the file too.

pricie1991 · September 29, 2020, 9:01am

Your suggestion worked I now have GUI access thank you.

systemctl restart httpd

pricie1991 · September 29, 2020, 9:19pm

So I tried to reinstall the ssl certificate and ended backup in the same place.
I have to do:

mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.old
systemctl restart httpd

to get the gui back.
Any ideas how to install ssl certificate without having this issue?

jerrm · September 29, 2020, 10:06pm

Post the /etc/httpd/conf.d/ssl.conf.old file

Have you tried generating a LetsEncrypt cert to see if that works?

system · October 6, 2020, 10:06pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.