Httpd not starting after failed update


(John) #1

got an message about this pending update:
sangoma-pbx.noarch 2107-3.sng7 (current: 2104.1.sng7)

tried to run it but i never appeared to complete. HTTPD appeared to die. Did a fwconsole stop and fwconsole start but no luck. Even rebooted the entire server but it doesn’t appear to be starting.

[[email protected] ~]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2021-07-03 09:22:14 CDT; 14s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 8767 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 8767 (code=exited, status=1/FAILURE)

Jul 03 09:22:14 freepbx.sangoma.local systemd[1]: Starting The Apache HTTP Server…
Jul 03 09:22:14 freepbx.sangoma.local httpd[8767]: [Sat Jul 03 09:22:14.330783 2021] [so:warn] [pid 8767] AH01574: module ssl_module is already lo…skipping
Jul 03 09:22:14 freepbx.sangoma.local httpd[8767]: AH00526: Syntax error on line 15 of /etc/httpd/conf.d/ssl.conf:
Jul 03 09:22:14 freepbx.sangoma.local httpd[8767]: SSLProtocol: Illegal protocol ‘TLSv1.3’
Jul 03 09:22:14 freepbx.sangoma.local systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jul 03 09:22:14 freepbx.sangoma.local systemd[1]: Failed to start The Apache HTTP Server.
Jul 03 09:22:14 freepbx.sangoma.local systemd[1]: Unit httpd.service entered failed state.
Jul 03 09:22:14 freepbx.sangoma.local systemd[1]: httpd.service failed.
Hint: Some lines were ellipsized, use -l to show in full.


(Lorne Gaetz) #2

You can get the content of line 15 with

 cat -n /etc/httpd/conf.d/ssl.conf

that might give you a clue to what’s up


(John) #3

it appears to be a reference to enable TLS 1.3. Does this apache support 1.3?

13  SSLCryptoDevice builtin
14  #https://mozilla.github.io/server-side-tls/ssl-config-generator/
15  SSLProtocol +TLSv1.2 +TLSv1.3
16  SSLHonorCipherOrder on

#4

Strange. On my system, 1.3 is not supported by Apache, but not requested by ssl.conf. Either take out the 1.3 reference from ssl.conf, or see


if you really want it.

I have no idea why the updates are inconsistent.


(John) #5

That did it, removing 1.3 let HTTPD start up.


(Lorne Gaetz) #6

You’re running the SNG7 distro, where did that config come from? I don’t think System Admin could have generated that.

Apache SSL protocols are controlled in Sysadmin, https setup. If you submit that page with no changes, does +TLSv1.3 come back?


(John) #7

resubmitting through sysadmin left 1.2 in place. it didn’t appear to add 1.3. i wonder if the 2107-3 update somehow inserted that.


(Lorne Gaetz) #8

I’ve checked several systems and not seeing it, all are on sangoma-pbx 2107-3.


(Franck Danard) #9

For my part, I’ve got this on my system.

sangoma-pbx.noarch                         2107-3.sng7           @sng-pkgs
httpd.x86_64                             2.4.6-93.el7.centos      @sng-base/7

Regarding your version, maybe there was a unknown setting on SSL.

Please, use ssh console and type:

# fwconsole sa rsp

And your SSL settings will be like this:

SSLProtocol all -SSLv3

If you decide to change your SSL settings, then please click on the help icon here and you will be redirected to the ssl-config.mozilla.org web site using your current apache and SSL version.
If you select a wrong value, the risk is to get this kind of error.
Using fwconsole sa rsp, you restore the default settings.


(system) closed #10

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.