I think i may need some help setting up a SLL.
Ive done this on 2 servers without any issues until now.
I tried to add SSL for the panel on a 3rd server i have and now get a error.
All servers have there own dedicated ip's.
Ive rebooted the OS, and reinstalled the panel a few times with same results.
My other 2 servers, i have the created the ssl & installed for the panel and are working no probs.
Just cant seem to get my head around why this server is not working. All same os.
What ive done.
Installing the cert using this tutorial. -> http://docs.sentora.org/?node=102 - Noticed the tutorial has added code now.
Ok my process:
Installed openssl, git, and then letsencrypt
Generated the cert for the panel using the panels url and letsencrypt.
Added below following the tutorial,
Changing Sentora port:
On Sentora Panel go to Admin -> Sentora Config -> Sentora Apache Port change to 443 and Save.
Adding a Custom Entry to the Sentora Virtual Host
On Sentora Panel go to Admin -> Module Admin -> Apache Config > Global Sentora Entry
Added below To GLOBAL SENTORA ENTRY
ADDED MY CERT LOCATION TO ABOVE CODE.
Again, I did notice that there were some additions to the code for adding SSL
that weren't on the tutorial page before. Didn't think that was the issue though.
OK, After all was installed.
RAN
Restarted apache and i get a error.
ERROR BELOW
RAN: systemctl status httpd.service:
ERROR LOG:
RAN: journalctl -xe
Could no longer access the panel, so i had to manually remove the SSL code and remove LISTEN 443 from: /etc/sentora/configs/apache/httpd-vhosts.conf
Any help on how to resolve this issue would be greatly appreciative.
Thanks in advance.
Ive done this on 2 servers without any issues until now.
I tried to add SSL for the panel on a 3rd server i have and now get a error.
All servers have there own dedicated ip's.
Ive rebooted the OS, and reinstalled the panel a few times with same results.
My other 2 servers, i have the created the ssl & installed for the panel and are working no probs.
Just cant seem to get my head around why this server is not working. All same os.
What ive done.
Installing the cert using this tutorial. -> http://docs.sentora.org/?node=102 - Noticed the tutorial has added code now.
Ok my process:
Installed openssl, git, and then letsencrypt
Generated the cert for the panel using the panels url and letsencrypt.
Added below following the tutorial,
Changing Sentora port:
On Sentora Panel go to Admin -> Sentora Config -> Sentora Apache Port change to 443 and Save.
Adding a Custom Entry to the Sentora Virtual Host
On Sentora Panel go to Admin -> Module Admin -> Apache Config > Global Sentora Entry
Added below To GLOBAL SENTORA ENTRY
Code:
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/panel.domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/panel.domain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/panel.domain.com/chain.pem
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
ADDED MY CERT LOCATION TO ABOVE CODE.
Again, I did notice that there were some additions to the code for adding SSL
that weren't on the tutorial page before. Didn't think that was the issue though.
OK, After all was installed.
RAN
Restarted apache and i get a error.
ERROR BELOW
RAN: systemctl status httpd.service:
Code:
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
ERROR LOG:
Code:
[Wed Feb 03 05:48:23.807491 2016] [core:notice] [pid 15355] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Wed Feb 03 05:48:23.808593 2016] [suexec:notice] [pid 15355] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Feb 03 05:48:23.836994 2016] [auth_digest:notice] [pid 15355] AH01757: generating secret for digest authentication ...
[Wed Feb 03 05:48:23.837887 2016] [lbmethod_heartbeat:notice] [pid 15355] AH02282: No slotmem from mod_heartmonitor
[Wed Feb 03 05:48:23.870052 2016] [mpm_prefork:notice] [pid 15355] AH00163: Apache/2.4.6 (CentOS) configured -- resuming normal operations
[Wed Feb 03 05:48:23.870092 2016] [core:notice] [pid 15355] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Feb 03 05:49:02.110753 2016] [mpm_prefork:notice] [pid 15355] AH00170: caught SIGWINCH, shutting down gracefully
[Wed Feb 03 05:49:31.023323 2016] [suexec:notice] [pid 2414] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Feb 03 05:49:31.071508 2016] [auth_digest:notice] [pid 2414] AH01757: generating secret for digest authentication ...
[Wed Feb 03 05:49:31.072171 2016] [lbmethod_heartbeat:notice] [pid 2414] AH02282: No slotmem from mod_heartmonitor
[Wed Feb 03 05:49:33.586096 2016] [mpm_prefork:notice] [pid 2414] AH00163: Apache/2.4.6 (CentOS) configured -- resuming normal operations
[Wed Feb 03 05:49:33.586140 2016] [core:notice] [pid 2414] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Feb 03 05:52:20.421424 2016] [mpm_prefork:notice] [pid 2414] AH00170: caught SIGWINCH, shutting down gracefully
[Wed Feb 03 05:52:21.500784 2016] [suexec:notice] [pid 10722] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Feb 03 05:52:21.530731 2016] [auth_digest:notice] [pid 10722] AH01757: generating secret for digest authentication ...
[Wed Feb 03 05:52:21.531432 2016] [lbmethod_heartbeat:notice] [pid 10722] AH02282: No slotmem from mod_heartmonitor
[Wed Feb 03 05:52:21.561902 2016] [mpm_prefork:notice] [pid 10722] AH00163: Apache/2.4.6 (CentOS) configured -- resuming normal operations
[Wed Feb 03 05:52:21.561936 2016] [core:notice] [pid 10722] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Feb 03 06:00:02.167959 2016] [mpm_prefork:notice] [pid 10722] AH00171: Graceful restart requested, doing restart
[Wed Feb 03 06:00:02.224397 2016] [auth_digest:notice] [pid 10722] AH01757: generating secret for digest authentication ...
[Wed Feb 03 06:00:02.225166 2016] [lbmethod_heartbeat:notice] [pid 10722] AH02282: No slotmem from mod_heartmonitor
[Wed Feb 03 06:00:02.250553 2016] [mpm_prefork:notice] [pid 10722] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Wed Feb 03 06:00:02.250571 2016] [core:notice] [pid 10722] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Feb 03 06:01:20.354688 2016] [mpm_prefork:notice] [pid 10722] AH00170: caught SIGWINCH, shutting down gracefully
[Wed Feb 03 06:03:44.489162 2016] [suexec:notice] [pid 12276] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Feb 03 06:03:44.519417 2016] [auth_digest:notice] [pid 12276] AH01757: generating secret for digest authentication ...
[Wed Feb 03 06:03:44.520190 2016] [lbmethod_heartbeat:notice] [pid 12276] AH02282: No slotmem from mod_heartmonitor
[Wed Feb 03 06:03:44.554685 2016] [mpm_prefork:notice] [pid 12276] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Wed Feb 03 06:03:44.554725 2016] [core:notice] [pid 12276] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Feb 03 06:05:01.486869 2016] [mpm_prefork:notice] [pid 12276] AH00171: Graceful restart requested, doing restart
[Wed Feb 03 06:05:01.539990 2016] [auth_digest:notice] [pid 12276] AH01757: generating secret for digest authentication ...
[Wed Feb 03 06:05:01.540664 2016] [lbmethod_heartbeat:notice] [pid 12276] AH02282: No slotmem from mod_heartmonitor
[Wed Feb 03 06:05:01.564315 2016] [mpm_prefork:notice] [pid 12276] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Wed Feb 03 06:05:01.564341 2016] [core:notice] [pid 12276] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Feb 03 06:06:57.530838 2016] [mpm_prefork:notice] [pid 12276] AH00170: caught SIGWINCH, shutting down gracefully
[Wed Feb 03 06:07:30.753310 2016] [suexec:notice] [pid 13132] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Feb 03 06:07:30.784469 2016] [auth_digest:notice] [pid 13132] AH01757: generating secret for digest authentication ...
[Wed Feb 03 06:07:30.785113 2016] [lbmethod_heartbeat:notice] [pid 13132] AH02282: No slotmem from mod_heartmonitor
[Wed Feb 03 06:07:30.814751 2016] [mpm_prefork:notice] [pid 13132] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Wed Feb 03 06:07:30.814786 2016] [core:notice] [pid 13132] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Feb 03 06:14:26.187593 2016] [mpm_prefork:notice] [pid 13132] AH00171: Graceful restart requested, doing restart
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
[Wed Feb 03 06:14:26.235610 2016] [auth_digest:notice] [pid 13132] AH01757: generating secret for digest authentication ...
[Wed Feb 03 06:14:26.236266 2016] [lbmethod_heartbeat:notice] [pid 13132] AH02282: No slotmem from mod_heartmonitor
[Wed Feb 03 06:14:26.237571 2016] [ssl:warn] [pid 13132] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Feb 03 06:14:26.259794 2016] [mpm_prefork:notice] [pid 13132] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Wed Feb 03 06:14:26.259810 2016] [core:notice] [pid 13132] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Feb 03 06:14:29.308835 2016] [mpm_prefork:notice] [pid 13132] AH00170: caught SIGWINCH, shutting down gracefully
[Wed Feb 03 06:21:26.329741 2016] [suexec:notice] [pid 13696] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Feb 03 06:21:26.359945 2016] [auth_digest:notice] [pid 13696] AH01757: generating secret for digest authentication ...
[Wed Feb 03 06:21:26.360605 2016] [lbmethod_heartbeat:notice] [pid 13696] AH02282: No slotmem from mod_heartmonitor
[Wed Feb 03 06:21:26.394073 2016] [mpm_prefork:notice] [pid 13696] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Wed Feb 03 06:21:26.394112 2016] [core:notice] [pid 13696] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Feb 03 06:21:34.504030 2016] [mpm_prefork:notice] [pid 13696] AH00170: caught SIGWINCH, shutting down gracefully
[Wed Feb 03 06:23:58.421075 2016] [suexec:notice] [pid 13730] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Feb 03 06:23:58.453228 2016] [auth_digest:notice] [pid 13730] AH01757: generating secret for digest authentication ...
[Wed Feb 03 06:23:58.453881 2016] [lbmethod_heartbeat:notice] [pid 13730] AH02282: No slotmem from mod_heartmonitor
[Wed Feb 03 06:23:58.487694 2016] [mpm_prefork:notice] [pid 13730] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Wed Feb 03 06:23:58.487740 2016] [core:notice] [pid 13730] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Feb 03 06:27:00.921948 2016] [mpm_prefork:notice] [pid 13730] AH00171: Graceful restart requested, doing restart
[Wed Feb 03 06:27:00.975501 2016] [auth_digest:notice] [pid 13730] AH01757: generating secret for digest authentication ...
[Wed Feb 03 06:27:00.976106 2016] [lbmethod_heartbeat:notice] [pid 13730] AH02282: No slotmem from mod_heartmonitor
[Wed Feb 03 06:27:00.998658 2016] [mpm_prefork:notice] [pid 13730] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Wed Feb 03 06:27:00.998675 2016] [core:notice] [pid 13730] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Feb 03 06:30:01.945693 2016] [mpm_prefork:notice] [pid 13730] AH00171: Graceful restart requested, doing restart
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
[Wed Feb 03 06:30:02.008138 2016] [auth_digest:notice] [pid 13730] AH01757: generating secret for digest authentication ...
[Wed Feb 03 06:30:02.008891 2016] [lbmethod_heartbeat:notice] [pid 13730] AH02282: No slotmem from mod_heartmonitor
[Wed Feb 03 06:30:02.032505 2016] [mpm_prefork:notice] [pid 13730] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Wed Feb 03 06:30:02.032524 2016] [core:notice] [pid 13730] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Feb 03 06:34:10.400327 2016] [mpm_prefork:notice] [pid 13730] AH00170: caught SIGWINCH, shutting down gracefully
[Wed Feb 03 06:38:07.683803 2016] [suexec:notice] [pid 14830] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Feb 03 06:38:07.716178 2016] [core:crit] [pid 14830] (22)Invalid argument: AH00069: make_sock: for address [::]:443, apr_socket_opt_set: (IPV6_V6ONLY)
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
[Wed Feb 03 06:38:07.716228 2016] [mpm_prefork:alert] [pid 14830] no listening sockets available, shutting down
[Wed Feb 03 06:38:07.716231 2016] [:emerg] [pid 14830] AH00019: Unable to open logs, exiting
[Wed Feb 03 06:38:13.630715 2016] [suexec:notice] [pid 14844] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Feb 03 06:38:13.663895 2016] [core:crit] [pid 14844] (22)Invalid argument: AH00069: make_sock: for address [::]:443, apr_socket_opt_set: (IPV6_V6ONLY)
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
[Wed Feb 03 06:38:13.663946 2016] [mpm_prefork:alert] [pid 14844] no listening sockets available, shutting down
[Wed Feb 03 06:38:13.663949 2016] [:emerg] [pid 14844] AH00019: Unable to open logs, exiting
[Wed Feb 03 06:38:26.791382 2016] [suexec:notice] [pid 14860] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Feb 03 06:38:26.821138 2016] [auth_digest:notice] [pid 14860] AH01757: generating secret for digest authentication ...
[Wed Feb 03 06:38:26.821842 2016] [lbmethod_heartbeat:notice] [pid 14860] AH02282: No slotmem from mod_heartmonitor
[Wed Feb 03 06:38:26.854903 2016] [mpm_prefork:notice] [pid 14860] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Wed Feb 03 06:38:26.854947 2016] [core:notice] [pid 14860] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Feb 03 06:40:37.417376 2016] [mpm_prefork:notice] [pid 14860] AH00170: caught SIGWINCH, shutting down gracefully
[Wed Feb 03 06:40:57.341872 2016] [suexec:notice] [pid 14905] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Feb 03 06:40:57.375055 2016] [auth_digest:notice] [pid 14905] AH01757: generating secret for digest authentication ...
[Wed Feb 03 06:40:57.375681 2016] [lbmethod_heartbeat:notice] [pid 14905] AH02282: No slotmem from mod_heartmonitor
[Wed Feb 03 06:40:57.408368 2016] [mpm_prefork:notice] [pid 14905] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Wed Feb 03 06:40:57.408408 2016] [core:notice] [pid 14905] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Feb 03 06:52:44.586567 2016] [suexec:notice] [pid 2224] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Feb 03 06:52:44.753446 2016] [auth_digest:notice] [pid 2224] AH01757: generating secret for digest authentication ...
[Wed Feb 03 06:52:44.754451 2016] [lbmethod_heartbeat:notice] [pid 2224] AH02282: No slotmem from mod_heartmonitor
[Wed Feb 03 06:52:46.289228 2016] [mpm_prefork:notice] [pid 2224] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips configured -- resuming normal operations
[Wed Feb 03 06:52:46.289274 2016] [core:notice] [pid 2224] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Wed Feb 03 07:02:39.081240 2016] [mpm_prefork:notice] [pid 2224] AH00170: caught SIGWINCH, shutting down gracefully
Code:
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
Feb 03 07:16:00 mydomain.tld httpd[18693]: (98)Address already in use: AH00072: make_sock: could not bin
Feb 03 07:16:00 mydomain.tld httpd[18693]: (98)Address already in use: AH00072: make_sock: could not bin
Feb 03 07:16:00 mydomain.tld httpd[18693]: no listening sockets available, shutting down
Feb 03 07:16:00 mydomain.tld [root@s1 httpd]#
Could no longer access the panel, so i had to manually remove the SSL code and remove LISTEN 443 from: /etc/sentora/configs/apache/httpd-vhosts.conf
Any help on how to resolve this issue would be greatly appreciative.
Thanks in advance.