Httpd not starting after failed update

munozj · July 3, 2021, 2:26pm

got an message about this pending update:
sangoma-pbx.noarch 2107-3.sng7 (current: 2104.1.sng7)

tried to run it but i never appeared to complete. HTTPD appeared to die. Did a fwconsole stop and fwconsole start but no luck. Even rebooted the entire server but it doesn’t appear to be starting.

[root@freepbx ~]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2021-07-03 09:22:14 CDT; 14s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 8767 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 8767 (code=exited, status=1/FAILURE)

Jul 03 09:22:14 freepbx.sangoma.local systemd[1]: Starting The Apache HTTP Server…
Jul 03 09:22:14 freepbx.sangoma.local httpd[8767]: [Sat Jul 03 09:22:14.330783 2021] [so:warn] [pid 8767] AH01574: module ssl_module is already lo…skipping
Jul 03 09:22:14 freepbx.sangoma.local httpd[8767]: AH00526: Syntax error on line 15 of /etc/httpd/conf.d/ssl.conf:
Jul 03 09:22:14 freepbx.sangoma.local httpd[8767]: SSLProtocol: Illegal protocol ‘TLSv1.3’
Jul 03 09:22:14 freepbx.sangoma.local systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jul 03 09:22:14 freepbx.sangoma.local systemd[1]: Failed to start The Apache HTTP Server.
Jul 03 09:22:14 freepbx.sangoma.local systemd[1]: Unit httpd.service entered failed state.
Jul 03 09:22:14 freepbx.sangoma.local systemd[1]: httpd.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

lgaetz · July 3, 2021, 2:32pm

You can get the content of line 15 with

 cat -n /etc/httpd/conf.d/ssl.conf

that might give you a clue to what’s up

munozj · July 3, 2021, 2:38pm

it appears to be a reference to enable TLS 1.3. Does this apache support 1.3?

13  SSLCryptoDevice builtin
14  #https://mozilla.github.io/server-side-tls/ssl-config-generator/
15  SSLProtocol +TLSv1.2 +TLSv1.3
16  SSLHonorCipherOrder on

Stewart1 · July 3, 2021, 2:43pm

Strange. On my system, 1.3 is not supported by Apache, but not requested by ssl.conf. Either take out the 1.3 reference from ssl.conf, or see

if you really want it.

I have no idea why the updates are inconsistent.

munozj · July 3, 2021, 2:46pm

That did it, removing 1.3 let HTTPD start up.

lgaetz · July 3, 2021, 2:52pm

You’re running the SNG7 distro, where did that config come from? I don’t think System Admin could have generated that.

Apache SSL protocols are controlled in Sysadmin, https setup. If you submit that page with no changes, does +TLSv1.3 come back?

munozj · July 3, 2021, 3:10pm

resubmitting through sysadmin left 1.2 in place. it didn’t appear to add 1.3. i wonder if the 2107-3 update somehow inserted that.

lgaetz · July 3, 2021, 3:11pm

I’ve checked several systems and not seeing it, all are on sangoma-pbx 2107-3.

franckdanard · July 5, 2021, 6:16am

For my part, I’ve got this on my system.

sangoma-pbx.noarch                         2107-3.sng7           @sng-pkgs
httpd.x86_64                             2.4.6-93.el7.centos      @sng-base/7

Regarding your version, maybe there was a unknown setting on SSL.

Please, use ssh console and type:

# fwconsole sa rsp

And your SSL settings will be like this:

SSLProtocol all -SSLv3

If you decide to change your SSL settings, then please click on the help icon here and you will be redirected to the ssl-config.mozilla.org web site using your current apache and SSL version.
If you select a wrong value, the risk is to get this kind of error.
Using fwconsole sa rsp, you restore the default settings.

system · July 12, 2021, 6:28am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.