0

I'm experiencing an issue starting httpd:

# service httpd status
httpd is stopped
# service httpd start
Starting httpd: [Tue Nov 01 12:02:53 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
                                                           [FAILED]
# tail /var/log/httpd/error_log
[Tue Nov 01 12:59:57 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Nov 01 13:00:11 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[Tue Nov 01 13:00:11 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 13:00:49 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Nov 01 13:05:15 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[Tue Nov 01 13:05:15 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 14:38:56 2016] [notice] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Nov 01 14:40:38 2016] [notice] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Tue Nov 01 14:59:55 2016] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Nov 01 15:00:40 2016] [notice] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
# cat /var/log/httpd/error_log | grep -v 'SELinux policy enabled'
[Tue Nov 01 12:30:07 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 12:30:52 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 12:31:17 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 12:31:35 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 12:31:43 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 12:32:10 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 12:38:22 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 13:00:11 2016] [info] Init: Initialized OpenSSL library
[Tue Nov 01 13:05:15 2016] [info] Init: Initialized OpenSSL library
# getenforce 
Permissive
# httpd -t
Syntax OK
# httpd -e debug -k start
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module authz_host_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module log_config_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module setenvif_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module mime_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module autoindex_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module negotiation_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module dir_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module alias_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module rewrite_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module proxy_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module proxy_http_module
[Tue Nov 01 12:32:10 2016] [debug] mod_so.c(246): loaded module ssl_module
# echo $?
1
# run_init service httpd start
Authenticating root.
Password: 
Starting httpd:                                            [FAILED]
#

My environment:

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.8 (Santiago)
# uname -a
Linux X 2.6.32-642.6.1.el6.x86_64 #1 SMP Thu Aug 25 12:42:19 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux
# rpm -q httpd
httpd-2.2.15-54.el6_8.x86_64
#

Please advice.

alexus
  • 13,112
  • 32
  • 117
  • 174
  • A notice level message hardly seems like a reason for the server to stop. Are there any other messages logged in the error log or just that one line? – DerfK Nov 01 '16 at 16:26
  • @derfk I'm going try to bump logging to debug and get exact message where it fails, however since `SELinux` is in `Permissive`, it shouldn't fail due to `SELinux`. – alexus Nov 01 '16 at 16:28
  • On RHEL 6 and earlier, when manually starting services you need to use `run_init` to start services with the correct SELinux contexts, e.g. `run_init service httpd restart`. This is no longer required beginning with RHEL 7. But I suspect whatever your problem is probably isn't related to SELinux. – Michael Hampton Nov 01 '16 at 17:23
  • @MichaelHampton I updated my question with output with `run_init`, but I agree, I don't think it's `SELinux` related. – alexus Nov 01 '16 at 18:41
  • As you see, that cleared the SELinux notice, but it's still failing to start. What else is in the apache logs? – Michael Hampton Nov 01 '16 at 18:59
  • @MichaelHampton last message is same as before `SELinux policy enabled`. – alexus Nov 01 '16 at 19:02
  • What else is in the apache logs? – Michael Hampton Nov 01 '16 at 19:07
  • @MichaelHampton, I updated question with entire log (spoiler: nothing useful) – alexus Nov 01 '16 at 20:15

1 Answers1

0

I was able to locate actual issue here...

[Thu Nov 03 10:16:37 2016] [error] Unable to configure RSA server private key
[Thu Nov 03 10:16:37 2016] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

after I restored backup of ssl key, httpd starts without any issues)

alexus
  • 13,112
  • 32
  • 117
  • 174