I’ve been trying to get SSL running on my domain (thebashfeed.com) for a few days. I believe I have Apache set up properly and installed Lets Encrypt using DO’s official tutorial. The site is accessible from http:// but not from https://. In fact, when you lead the domain with https:// it returns an internal server error with the following verbiage:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log. **
[Fri Feb 24 19:25:11.151229 2017] [mpm_prefork:notice] [pid 30408] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.21 OpenSSL/1.0.1f configured – resuming normal operations [Fri Feb 24 19:25:11.151330 2017] [core:notice] [pid 30408] AH00094: Command line: ‘/usr/sbin/apache2’ libpng warning: Incorrect sBIT chunk length libpng warning: Incorrect sBIT chunk length [Fri Feb 24 20:49:50.636080 2017] [mpm_prefork:notice] [pid 30408] AH00169: caught SIGTERM, shutting down [Fri Feb 24 20:49:51.460157 2017] [mpm_prefork:notice] [pid 30887] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.21 OpenSSL/1.0.1f configured – resuming normal operations [Fri Feb 24 20:49:51.460250 2017] [core:notice] [pid 30887] AH00094: Command line: ‘/usr/sbin/apache2’ [Fri Feb 24 21:00:11.496576 2017] [mpm_prefork:notice] [pid 30887] AH00169: caught SIGTERM, shutting down [Fri Feb 24 21:15:00.327000 2017] [mpm_prefork:notice] [pid 31444] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.21 OpenSSL/1.0.1f configured – resuming normal operations [Fri Feb 24 21:15:00.327157 2017] [core:notice] [pid 31444] AH00094: Command line: ‘/usr/sbin/apache2’
If you can help me understand what needs to be done I would greatly appreciate it.
Thank in advance.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
In regards to Apache, if you’re still having an issue with Apache + SSL, I just posted recent configs for LetsEncrypt, which I’ve outlined below for comparison.
…
/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName domain.com
ServerAlias www.domain.com
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =domain.com [OR]
RewriteCond %{SERVER_NAME} =www.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
…
/etc/apache2/sites-available/000-default-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName domain.com
ServerAlias www.domain.com
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
…
/var/www/html/.htaccess
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
…
Of course, in the above, domain.com
should be replaced with your actual domain name. These are stock, and should work for any domain that has a valid SSL Certificate from LetsEncrypt w/ WP.
These are from ./sites-available
and are symlinked to ./sites-enabled
by default (which was done by LE when the service was ran).
The line in /etc/apache2/apache2.conf
that controls pulling from ./sites-enabled
is:
IncludeOptional sites-enabled/*.conf
So you could very well change that to better suit your own needs, or to just include a single site. For example, I could modify that to:
IncludeOptional sites-available/000-default.conf
IncludeOptional sites-available/000-default-le-ssl.conf
And in those files, I’d use the configuration I posted above, then restart apache2.
service apache2 restart
And that should get things in working order for you. You don’t have to use those two directories. I rarely do as I rather dislike having to use symlinks for configuration. I’d much rather it be located in a central directory and simply use mv
or cp
to get files where they need to be as symlinks can be finicky from time to time.
Correct. Those files will be recreated once you start/restart MySQL and will then take on the size that is set in the newer configuration, which should prevent that error from popping back up.
If MySQL still fails to start, please tail -50
the log file and post back and we’ll take another look.
No problem at all, glad to help! Let me know how things go.
Here’s what I would try and see how it works for you. This is based off an 8GB & 12GB Droplet I was working on with a client just a week ago.
If this doesn’t work, you may in fact need to upgrade RAM, or consider splitting the database from the web server (i.e. a Droplet dedicated to MySQL only).
Please make sure you backed up your configuration prior (as noted in my previous response) so you can revert back should something not work. This should work as-is, though different versions have different options.
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
[mysqld]
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
bind-address = 127.0.0.1
key_buffer_size = 256M
join_buffer_size = 128K
read_buffer_size = 256K
sort_buffer_size = 256K
table_definition_cache = 8192
table_open_cache = 4096
thread_cache_size = 256
tmp_table_size = 256M
max_heap_table_size = 256M
max_allowed_packet = 64M
thread_stack = 192K
thread_cache_size = 8
myisam_sort_buffer_size = 256M
myisam_max_sort_file_size = 2048M
myisam-recover = BACKUP
group_concat_max_len = 1024
max_length_for_sort_data = 1024
net_buffer_length = 16384
max_connect_errors = 100000
concurrent_insert = 2
read_rnd_buffer_size = 512K
bulk_insert_buffer_size = 8M
query_cache_limit = 512K
query_cache_size = 64M
query_cache_type = 1
query_cache_min_res_unit = 2K
query_prealloc_size = 262144
query_alloc_block_size = 65536
transaction_alloc_block_size = 8192
transaction_prealloc_size = 4096
default-storage-engine = InnoDB
log_warnings = 1
slow_query_log = 0
long_query_time = 1
slow_query_log_file = /var/log/mysql/slowq.log
log_error = /var/log/mysql/error.log
innodb_large_prefix = 1
innodb_purge_threads = 1
innodb_doublewrite = 1
innodb_file_per_table = 1
innodb_open_files = 1000
innodb_data_file_path = ibdata1:10M:autoextend
innodb_buffer_pool_size = 128M
innodb_additional_mem_pool_size = 32M
innodb_log_files_in_group = 2
innodb_log_file_size = 64M
innodb_log_buffer_size = 8M
innodb_flush_log_at_trx_commit = 2
innodb_thread_concurrency = 0
innodb_lock_wait_timeout = 50
innodb_io_capacity = 100
innodb_read_io_threads = 2
innodb_write_io_threads = 2
[mysqldump]
quick
quote-names
max_allowed_packet = 64M
[mysql]
[isamchk]
key_buffer = 256M
sort_buffer = 256K
read_buffer = 256K
write_buffer = 256K
!includedir /etc/mysql/conf.d/
I’ve cleaned up the comments and removed the options that were commented out to reduce the size, though it’s still a little lengthy.
Should MySQL fail to start, we need to check the MySQL error log, run tail -20
on it and that should help us troubleshoot which configuration var doesn’t work with the version you’re running.
If you wouldn’t mind, would you please repost that in a code block. To do that, it’d be three backticks, hit enter, paste the config, hit enter, and three more backticks.
Using a code block will keep it formatted. The copy and paste above slightly changes the config and it’s hard to tell what is and isn’t commented in the file as it appears much of that has been stripped.
Once I have that, I’ll see what we can do to tune the config.
You mention that you have higher levels of traffic. What are we looking at?
This is what I was looking for :-).
170308 7:06:12 InnoDB: Fatal error: cannot allocate memory for the buffer pool
170308 7:06:12 [ERROR] Plugin 'InnoDB' init function returned error.
170308 7:06:12 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
170308 7:06:12 [ERROR] Unknown/unsupported storage engine: InnoDB
170308 7:06:12 [ERROR] Aborting
Specifically:
170308 7:06:12 InnoDB: Fatal error: cannot allocate memory for the buffer pool
That error means you’re running out of RAM and MySQL/MariaDB is not able to allocate sufficient RAM, so it fails. What size is your Droplet? (specifically RAM).
Also, let’s figure out where your actual MySQL configuration is. You should have this directory:
/etc/mysql/mysql.conf.d
Inside that directory is going to be one of two files.
1). mysqld.cnf
or
2). 50-server.cnf
Can you post the complete contents of that file?
I do have both the ./sites-available and ./sites-enabled directories, just not the ./ssl-params.conf file.
Yes I use .htaccess for the wordpress installation on the domain hosted on this Droplet.
If you don’t have the ./sites-available/
and ./sites-enabled/
directories, then you’re most likely pulling from either ./conf
or ./conf.d
, in which case anything that resides in there is going to get included by Apache during startup.
So if there’s an error in your 000-default.conf
file, it could easily affect the rest of your sites just as a misconfigured .htaccess
file could.
Do you happen to use .htaccess
for any of your websites (normally in the web root for the domain) or is all configuration done through the Apache configuration?
Can you supply your entire configuration for the domain? It should be placed in /etc/apache2/sites-available/ If you have sensitive information, like paths, domains or IPs, then just mask it. There must be a configuration error somewhere, which leads to the internal error. Sadly the log file you’ve included doesn’t give much help. It usually does, but something else must be triggering a fatal error.
That file doesn’t exist in that location. Could that be the issue?
Every conf-file placed in /etc/apache2/sites-enabled/ are active. Everything here should only be linked to files in /sites-available/ Can you also list your /etc/apache2/conf-available/ssl-params.conf It seems like something might have happened when Let’s Encrypt created the configuration automatically.
This is the configuration located at /etc/apache2/sites-available/mydomain.com.conf
<VirtualHost *:80> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request’s Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com
</VirtualHost>
<VirtualHost *:443> ServerName mydomain.com ServerAlias www.mydomain.com
</VirtualHost>
vim: syntax=apache ts=4 sw=4 sts=4 sr noet
NOTE It might be worth noting that there is a 000-default.conf in the same location, which I have made some adjustments to although it is my understanding that the 000-default.conf file has been disabled. I could be wrong though.