0

Been weeks, even months, that after a logrotate, my Apache2 server suddenly stops and can't restart, mainly because of the password on the cert. but I do not want to remove it.

At the beginning I thought it was due to Logrotate. But then, I monitored it better and made some tests and this was not the cause.

I searched logs everywhere until this morning, when it crashed again, and I found this:

error.log

[Wed Aug 03 06:34:41.322231 2016] [mpm_prefork:notice] [pid 2726] AH00169: caught SIGTERM, shutting down
[Wed Aug 03 06:34:42.301179 2016] [ssl:info] [pid 18371] AH02200: Loading certificate & private key of SSL-aware server 'aa.bb.cc:443'

syslog

Aug  3 06:34:40 myserver php5-common: php5_invoke pdo: already enabled for apache2 SAPI
Aug  3 06:34:40 myserver php5-common: php5_invoke pdo: already enabled for cli SAPI
Aug  3 06:34:40 myserver php5-common: php5_invoke opcache: already enabled for apache2 SAPI
Aug  3 06:34:40 myserver php5-common: php5_invoke opcache: already enabled for cli SAPI
Aug  3 06:34:40 myserver php5-cli: php5_invoke opcache: already enabled for cli SAPI
Aug  3 06:34:40 myserver php5-cli: php5_invoke pdo_pgsql: already enabled for cli SAPI
Aug  3 06:34:40 myserver php5-cli: php5_invoke json: already enabled for cli SAPI
Aug  3 06:34:40 myserver php5-cli: php5_invoke pdo: already enabled for cli SAPI
Aug  3 06:34:40 myserver php5-cli: php5_invoke pgsql: already enabled for cli SAPI
Aug  3 06:34:40 myserver php5-cli: php5_invoke readline: already enabled for cli SAPI
Aug  3 06:34:40 myserver php5-readline: php5_invoke readline: already enabled for apache2 SAPI
Aug  3 06:34:40 myserver php5-readline: php5_invoke readline: already enabled for cli SAPI
Aug  3 06:34:41 myserver libapache2-mod-php5: php5_invoke opcache: already enabled for apache2 SAPI
Aug  3 06:34:41 myserver libapache2-mod-php5: php5_invoke pdo_pgsql: already enabled for apache2 SAPI
Aug  3 06:34:41 myserver libapache2-mod-php5: php5_invoke json: already enabled for apache2 SAPI
Aug  3 06:34:41 myserver libapache2-mod-php5: php5_invoke pdo: already enabled for apache2 SAPI
Aug  3 06:34:41 myserver libapache2-mod-php5: php5_invoke pgsql: already enabled for apache2 SAPI
Aug  3 06:34:41 myserver libapache2-mod-php5: php5_invoke readline: already enabled for apache2 SAPI
Aug  3 06:34:41 myserver libapache2-mod-php5: apache2_invoke php5: already enabled
Aug  3 06:34:42 myserver apache2: No way to ask user for passphrase

alternatives.log.1

update-alternatives 2016-08-03 06:34:40: run with --install /usr/bin/php php /usr/bin/php5 50 --slave /usr/share/man/man1/php.1.gz php.1.gz /usr/share/man/man1/php5.1.gz

I guess I finally found why my server suddenly stops working. But I do not know what update-alternatives is for, I have never heard of it and would need advices on how to move, to solve my problem. It can be both updating php or stopping this program from running at 6.34 AM, or stopping at all.

Any advice is greatly appreciated!

EDIT: Best answer (and only one) marked as accepted because I found out my system was installing updates, among these, the php. Which let the system both having updated version of php and improper shut down of the apache service, due to the certificate. I want the password on the certificate, so disabling the updates with 

dpkg-reconfigure -plow unattended-upgrades

seemed that resolved my problem. But I can not be sure.. Have to wait the next SIGTERM, if there will ever be.

aPugLife
  • 287
  • 1
  • 5
  • 14
  • You sure that your problem doesn't root in the fact that your apache2 can't load your ssl certificate because: `Aug 3 06:34:42 myserver apache2: No way to ask user for passphrase` – Broco Aug 03 '16 at 12:55
  • The problem is not that it asks for the password, rather, why does it ask for the password? Apache for some reason crashes. When it does, it then restart itself and without password, can not proceed. Therefore the service remain stopped. Apache or any other service, after a crash, can not be restarted by their own, so it is a system thing. That update-alternatives is the bad guy! – aPugLife Aug 03 '16 at 13:39
  • 1
    I did not know that auto updates were on... and off.. I wrote it in another comment. I disabled them again. And I noticed that php over these lasts months got updated! so.. that command ran the update invoked by the system, the update succeeded but service needed to be restarted. After restart, no password = no start. – aPugLife Aug 03 '16 at 13:42
  • Yes, you need a password to unlock your private server key. You can automate the password process too btw. – Broco Aug 03 '16 at 15:20

1 Answers1

2

See man update-alternatives for a description of the alternatives system

This is the command being run on your system

update-alternatives --install /usr/bin/php php /usr/bin/php5 50 --slave /usr/share/man/man1/php.1.gz php.1.gz /usr/share/man/man1/php5.1.gz

I'm not sure why, but I'm wondering if you have automatic updates enabled. If a new php was installed, this command might be executed.

If I'm correct, disabling automatic updates should fix your problem. Otherwise it's likely a cron job, but I couldn't find anything on my Ubuntu system that looked like it would do that.

Ryan Babchishin
  • 6,260
  • 2
  • 17
  • 37
  • Thanks for your answer, yes I read the manual already and more or less I now know how to move. So I ran `update-alternatives --config php` and result is: `There is only one alternative in link group php (providing /usr/bin/php): /usr/bin/php5 Nothing to configure.` So, `update-alternatives --display php` shows: `php - auto mode link currently points to /usr/bin/php5 /usr/bin/php5 - priority 50 slave php.1.gz: /usr/share/man/man1/php5.1.gz Current 'best' version is '/usr/bin/php5'. ` Automatic updates are disabled already and crontab is empty. Any idea on how to disable it? – aPugLife Aug 03 '16 at 09:24
  • Found something: apparently this server had automatic updates disabled and enabled(?) at the same time. I ran: `dpkg-reconfigure -plow unattended-upgrades` and set to NO auto updates. The file: 20auto-upgrades changed from "1" to "0". So now they are disabled. It is different than another server of mine, where this file does not exists at all. And updates are disabled anyway. I solved this auto-update thing, I guess.. But i do not know if this caused the auto-update of php – aPugLife Aug 03 '16 at 09:40