Broke my apache configuration: Secure Connection Failed

t_neo · April 4, 2025, 6:19am

I wanted to enable HTTP/2 for my Apache configuration. Following this article. However that broke my Apache. (I reverted all the steps from this article).

Executing the command:

sudo zypper remove apache2-prefork
Reading installed packages...
Resolving package dependencies...

The following 4 packages are going to be REMOVED:
  apache2 apache2-mod_php8 apache2-prefork postfixadmin-apache

4 packages to remove.

Removed Apache and PHP.

Okay I was not awake when I confirmed.

However that is when the problems started. I removed the event package that the article mentioned and re-installed the removed packages. I ran into the issue that Apache did not wanted to start and I had to modify my /etc/sysconfig/apache2 file and tell Apache to use ‘prefork’ for MPM.

After some more tinkering I was able to start Apache without errors. However my site is not served by Apache. And I’m now presented by " Secure Connection Failed", but I don’t understand why.

sudo apache2ctl -M
[Fri Apr 04 00:01:10.000864 2025] [so:warn] [pid 28556] AH01574: module headers_module is already loaded, skipping
[Fri Apr 04 00:01:10.001123 2025] [so:warn] [pid 28556] AH01574: module proxy_module is already loaded, skipping
[Fri Apr 04 00:01:10.001127 2025] [so:warn] [pid 28556] AH01574: module proxy_http_module is already loaded, skipping
Loaded Modules:
 core_module (static)
 so_module (static)
 http_module (static)
 mpm_prefork_module (static)
 unixd_module (static)
 systemd_module (static)
 actions_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_host_module (shared)
 authz_groupfile_module (shared)
 authz_core_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cgi_module (shared)
 dir_module (shared)
 env_module (shared)
 expires_module (shared)
 include_module (shared)
 log_config_module (shared)
 mime_module (shared)
 negotiation_module (shared)
 setenvif_module (shared)
 ssl_module (shared)
 socache_shmcb_module (shared)
 userdir_module (shared)
 reqtimeout_module (shared)
 rewrite_module (shared)
 proxy_module (shared)
 proxy_http_module (shared)
 remoteip_module (shared)
 headers_module (shared)
 php_module (shared)

I removed the http/2 Protocol line from my VHost, so that I’m back at the original version that worked previously. When I check the logs I don’t see the request coming in on Apache for the site. There is not an entry in both the access and error log for both Apache in general and the site specific.

What else could I try?

dcurtisfra · April 4, 2025, 10:20am

@t_neo:

Does the systemd status of the apache2.service indicate anything strange?

There’s this Apache guide for HTTP/2 – <HTTP/2 guide>

t_neo · April 4, 2025, 12:54pm

@dcurtisfra No. All is normal.

sudo systemctl status apache2 
● apache2.service - The Apache Webserver
     Loaded: loaded (/usr/lib/systemd/system/apache2.service; disabled; preset: disabled)
     Active: active (running) since Fri 2025-04-04 00:16:24 CST; 6h ago
   Main PID: 1838 (httpd-prefork)
     Status: "Total requests: 122; Idle/Busy workers 100/0;Requests/sec: 0.00516; Bytes served/sec:   0 B/sec"
      Tasks: 7
        CPU: 2.658s
     CGroup: /system.slice/apache2.service
             ├─1838 /usr/sbin/httpd-prefork -DSYSCONFIG -C "PidFile /run/httpd.pid" -C "Include /etc/apache2/sysconfig.d//loadmodule.conf" -C "Include /etc/apache2/sysconfig.d//global.conf" -f /etc/apache2/httpd.conf -c "Include /etc/apache2/sysconfig.d//include.conf" >
             ├─1845 /usr/sbin/httpd-prefork -DSYSCONFIG -C "PidFile /run/httpd.pid" -C "Include /etc/apache2/sysconfig.d//loadmodule.conf" -C "Include /etc/apache2/sysconfig.d//global.conf" -f /etc/apache2/httpd.conf -c "Include /etc/apache2/sysconfig.d//include.conf" >
             ├─1846 /usr/sbin/httpd-prefork -DSYSCONFIG -C "PidFile /run/httpd.pid" -C "Include /etc/apache2/sysconfig.d//loadmodule.conf" -C "Include /etc/apache2/sysconfig.d//global.conf" -f /etc/apache2/httpd.conf -c "Include /etc/apache2/sysconfig.d//include.conf" >
             ├─1847 /usr/sbin/httpd-prefork -DSYSCONFIG -C "PidFile /run/httpd.pid" -C "Include /etc/apache2/sysconfig.d//loadmodule.conf" -C "Include /etc/apache2/sysconfig.d//global.conf" -f /etc/apache2/httpd.conf -c "Include /etc/apache2/sysconfig.d//include.conf" >
             ├─1848 /usr/sbin/httpd-prefork -DSYSCONFIG -C "PidFile /run/httpd.pid" -C "Include /etc/apache2/sysconfig.d//loadmodule.conf" -C "Include /etc/apache2/sysconfig.d//global.conf" -f /etc/apache2/httpd.conf -c "Include /etc/apache2/sysconfig.d//include.conf" >
             ├─1849 /usr/sbin/httpd-prefork -DSYSCONFIG -C "PidFile /run/httpd.pid" -C "Include /etc/apache2/sysconfig.d//loadmodule.conf" -C "Include /etc/apache2/sysconfig.d//global.conf" -f /etc/apache2/httpd.conf -c "Include /etc/apache2/sysconfig.d//include.conf" >
             └─4523 /usr/sbin/httpd-prefork -DSYSCONFIG -C "PidFile /run/httpd.pid" -C "Include /etc/apache2/sysconfig.d//loadmodule.conf" -C "Include /etc/apache2/sysconfig.d//global.conf" -f /etc/apache2/httpd.conf -c "Include /etc/apache2/sysconfig.d//include.conf" >

Apr 04 00:16:23 postoffice systemd[1]: Starting The Apache Webserver...
Apr 04 00:16:23 postoffice start_apache2[1838]: [Fri Apr 04 00:16:23.965960 2025] [so:warn] [pid 1838] AH01574: module headers_module is already loaded, skipping
Apr 04 00:16:23 postoffice start_apache2[1838]: [Fri Apr 04 00:16:23.966042 2025] [so:warn] [pid 1838] AH01574: module proxy_module is already loaded, skipping
Apr 04 00:16:23 postoffice start_apache2[1838]: [Fri Apr 04 00:16:23.966046 2025] [so:warn] [pid 1838] AH01574: module proxy_http_module is already loaded, skipping
Apr 04 00:16:24 postoffice systemd[1]: Started The Apache Webserver.

I have read the Apache documentation, but it did not help me to resolve my issue.
In the access log for the site I see the comment:

AH01909: www.mysite.com:443:0 server certificate does NOT include an ID which matches the server name

The Servername is set in the Vhost.

t_neo · April 4, 2025, 1:34pm

I appear to have resolved the AH01909 message. What I don’t understand is that I don’t see any request in the access log or error log when I try to visit the site.

t_neo · April 4, 2025, 2:03pm

I have now a new error. I noticed a typo in the reference file for my httpd.conf.local file. Now Apache does not want to start at all. The status gives this error:

sudo systemctl status apache2.service
× apache2.service - The Apache Webserver
     Loaded: loaded (/usr/lib/systemd/system/apache2.service; disabled; preset: disabled)
     Active: failed (Result: exit-code) since Fri 2025-04-04 08:01:22 CST; 2s ago
   Duration: 6min 15.223s
    Process: 29486 ExecStart=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k start (code=exited, status=1/FAILURE)
   Main PID: 29486 (code=exited, status=1/FAILURE)
     Status: "Reading configuration..."
        CPU: 53ms

Apr 04 08:01:22 postoffice systemd[1]: Starting The Apache Webserver...
Apr 04 08:01:22 postoffice start_apache2[29486]: [Fri Apr 04 08:01:22.498426 2025] [so:warn] [pid 29486] AH01574: module headers_module is already loaded, skipping
Apr 04 08:01:22 postoffice start_apache2[29486]: [Fri Apr 04 08:01:22.498511 2025] [so:warn] [pid 29486] AH01574: module proxy_module is already loaded, skipping
Apr 04 08:01:22 postoffice start_apache2[29486]: [Fri Apr 04 08:01:22.498516 2025] [so:warn] [pid 29486] AH01574: module proxy_http_module is already loaded, skipping
Apr 04 08:01:22 postoffice start_apache2[29486]: AH00526: Syntax error on line 19 of /etc/apache2/listen.conf:
Apr 04 08:01:22 postoffice start_apache2[29486]: Cannot define multiple Listeners on the same IP:port
Apr 04 08:01:22 postoffice systemd[1]: apache2.service: Main process exited, code=exited, status=1/FAILURE
Apr 04 08:01:22 postoffice systemd[1]: apache2.service: Failed with result 'exit-code'.
Apr 04 08:01:22 postoffice systemd[1]: Failed to start The Apache Webserver.

However listen.conf is the default file and on line 19 it states “Listen 80”.

t_neo · April 4, 2025, 2:40pm

Resolved the listen issue as well. Still no luck and nothing stands out that I can try to resolve my issue.

sudo apachectl configtest
[Fri Apr 04 08:38:14.158134 2025] [so:warn] [pid 11736] AH01574: module headers_module is already loaded, skipping
[Fri Apr 04 08:38:14.158219 2025] [so:warn] [pid 11736] AH01574: module proxy_module is already loaded, skipping
[Fri Apr 04 08:38:14.158224 2025] [so:warn] [pid 11736] AH01574: module proxy_http_module is already loaded, skipping
AH00558: httpd-prefork: Could not reliably determine the server's fully qualified domain name, using 38.242.242.124. Set the 'ServerName' directive globally to suppress this message
Syntax OK

It appears Apache is not listening on 443, but the listen.conf file has that line in there and the SSL module is enabled.

sudo lsof -i | grep http
httpd-pre  7359     root  4u  IPv6 25601313      0t0  TCP *:http (LISTEN)
httpd-pre  7374   wwwrun  4u  IPv6 25601313      0t0  TCP *:http (LISTEN)
httpd-pre  7375   wwwrun  4u  IPv6 25601313      0t0  TCP *:http (LISTEN)
httpd-pre  7376   wwwrun  4u  IPv6 25601313      0t0  TCP *:http (LISTEN)
httpd-pre  7377   wwwrun  4u  IPv6 25601313      0t0  TCP *:http (LISTEN)
httpd-pre  7378   wwwrun  4u  IPv6 25601313      0t0  TCP *:http (LISTEN)

t_neo · April 4, 2025, 2:46pm

Resolved my issue. Turns out a flag was unset and setting that back resolves the issue and Apache is serving my site again.

sudo a2enflag SSL sudo systemctl restart apache2