Question

HTTPS Returns 500 Internal Server Error While HTTP Does Not?

I’ve been trying to get SSL running on my domain (thebashfeed.com) for a few days. I believe I have Apache set up properly and installed Lets Encrypt using DO’s official tutorial. The site is accessible from http:// but not from https://. In fact, when you lead the domain with https:// it returns an internal server error with the following verbiage:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log. **

Here is my server’s Apache error log:**

[Fri Feb 24 19:25:11.151229 2017] [mpm_prefork:notice] [pid 30408] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.21 OpenSSL/1.0.1f configured – resuming normal operations [Fri Feb 24 19:25:11.151330 2017] [core:notice] [pid 30408] AH00094: Command line: ‘/usr/sbin/apache2’ libpng warning: Incorrect sBIT chunk length libpng warning: Incorrect sBIT chunk length [Fri Feb 24 20:49:50.636080 2017] [mpm_prefork:notice] [pid 30408] AH00169: caught SIGTERM, shutting down [Fri Feb 24 20:49:51.460157 2017] [mpm_prefork:notice] [pid 30887] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.21 OpenSSL/1.0.1f configured – resuming normal operations [Fri Feb 24 20:49:51.460250 2017] [core:notice] [pid 30887] AH00094: Command line: ‘/usr/sbin/apache2’ [Fri Feb 24 21:00:11.496576 2017] [mpm_prefork:notice] [pid 30887] AH00169: caught SIGTERM, shutting down [Fri Feb 24 21:15:00.327000 2017] [mpm_prefork:notice] [pid 31444] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.21 OpenSSL/1.0.1f configured – resuming normal operations [Fri Feb 24 21:15:00.327157 2017] [core:notice] [pid 31444] AH00094: Command line: ‘/usr/sbin/apache2’

If you can help me understand what needs to be done I would greatly appreciate it.

Thank in advance.

Subscribe
Share

Can you supply your entire configuration for the domain? It should be placed in /etc/apache2/sites-available/ If you have sensitive information, like paths, domains or IPs, then just mask it. There must be a configuration error somewhere, which leads to the internal error. Sadly the log file you’ve included doesn’t give much help. It usually does, but something else must be triggering a fatal error.

That file doesn’t exist in that location. Could that be the issue?

Every conf-file placed in /etc/apache2/sites-enabled/ are active. Everything here should only be linked to files in /sites-available/ Can you also list your /etc/apache2/conf-available/ssl-params.conf It seems like something might have happened when Let’s Encrypt created the configuration automatically.

This is the configuration located at /etc/apache2/sites-available/mydomain.com.conf

<VirtualHost *:80> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request’s Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com

    ServerAdmin webmaster@mydomain.com
    DocumentRoot /var/www/
    ServerName mydomain.com
    ServerAlias www.mydomain.com

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    <Directory /var/www>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
                    Require all granted
    </Directory>
    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

</VirtualHost>

<VirtualHost *:443> ServerName mydomain.com ServerAlias www.mydomain.com

    <Directory /var/www>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
    Require all granted
    </Directory>

    ServerAdmin webmaster@mydomain.com
    DocumentRoot /var/www
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

NOTE It might be worth noting that there is a 000-default.conf in the same location, which I have made some adjustments to although it is my understanding that the 000-default.conf file has been disabled. I could be wrong though.


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

@bashfeedbusiness

In regards to Apache, if you’re still having an issue with Apache + SSL, I just posted recent configs for LetsEncrypt, which I’ve outlined below for comparison.

/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ServerName domain.com
        ServerAlias www.domain.com

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        RewriteEngine on
        RewriteCond %{SERVER_NAME} =domain.com [OR]
        RewriteCond %{SERVER_NAME} =www.domain.com
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

/etc/apache2/sites-available/000-default-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ServerName domain.com
        ServerAlias www.domain.com

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

/var/www/html/.htaccess
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Of course, in the above, domain.com should be replaced with your actual domain name. These are stock, and should work for any domain that has a valid SSL Certificate from LetsEncrypt w/ WP.

These are from ./sites-available and are symlinked to ./sites-enabled by default (which was done by LE when the service was ran).

The line in /etc/apache2/apache2.conf that controls pulling from ./sites-enabled is:

IncludeOptional sites-enabled/*.conf

So you could very well change that to better suit your own needs, or to just include a single site. For example, I could modify that to:

IncludeOptional sites-available/000-default.conf
IncludeOptional sites-available/000-default-le-ssl.conf

And in those files, I’d use the configuration I posted above, then restart apache2.

service apache2 restart

And that should get things in working order for you. You don’t have to use those two directories. I rarely do as I rather dislike having to use symlinks for configuration. I’d much rather it be located in a central directory and simply use mv or cp to get files where they need to be as symlinks can be finicky from time to time.

@bashfeedbusiness

Correct. Those files will be recreated once you start/restart MySQL and will then take on the size that is set in the newer configuration, which should prevent that error from popping back up.

If MySQL still fails to start, please tail -50 the log file and post back and we’ll take another look.

@bashfeedbusiness

No problem at all, glad to help! Let me know how things go.

@bashfeedbusiness

Here’s what I would try and see how it works for you. This is based off an 8GB & 12GB Droplet I was working on with a client just a week ago.

If this doesn’t work, you may in fact need to upgrade RAM, or consider splitting the database from the web server (i.e. a Droplet dedicated to MySQL only).

Please make sure you backed up your configuration prior (as noted in my previous response) so you can revert back should something not work. This should work as-is, though different versions have different options.

[client]
port                                    = 3306
socket                                  = /var/run/mysqld/mysqld.sock

[mysqld_safe]
socket                                  = /var/run/mysqld/mysqld.sock
nice                                    = 0

[mysqld]
user                                    = mysql
pid-file                                = /var/run/mysqld/mysqld.pid
socket                                  = /var/run/mysqld/mysqld.sock
port                                    = 3306
basedir                                 = /usr
datadir                                 = /var/lib/mysql
tmpdir                                  = /tmp
lc-messages-dir                         = /usr/share/mysql

skip-external-locking

bind-address                            = 127.0.0.1

key_buffer_size                         = 256M
join_buffer_size                        = 128K
read_buffer_size                        = 256K
sort_buffer_size                        = 256K
table_definition_cache                  = 8192
table_open_cache                        = 4096
thread_cache_size                       = 256
tmp_table_size                          = 256M
max_heap_table_size                     = 256M
max_allowed_packet                      = 64M
thread_stack                            = 192K
thread_cache_size                       = 8
myisam_sort_buffer_size                 = 256M
myisam_max_sort_file_size               = 2048M

myisam-recover                          = BACKUP

group_concat_max_len                    = 1024
max_length_for_sort_data                = 1024
net_buffer_length                       = 16384
max_connect_errors                      = 100000
concurrent_insert                       = 2
read_rnd_buffer_size                    = 512K
bulk_insert_buffer_size                 = 8M

query_cache_limit                       = 512K
query_cache_size                        = 64M
query_cache_type                        = 1
query_cache_min_res_unit                = 2K
query_prealloc_size                     = 262144
query_alloc_block_size                  = 65536

transaction_alloc_block_size            = 8192
transaction_prealloc_size               = 4096

default-storage-engine                  = InnoDB

log_warnings                            = 1
slow_query_log                          = 0
long_query_time                         = 1
slow_query_log_file                     = /var/log/mysql/slowq.log
log_error                               = /var/log/mysql/error.log

innodb_large_prefix                     = 1
innodb_purge_threads                    = 1
innodb_doublewrite                      = 1

innodb_file_per_table                   = 1
innodb_open_files                       = 1000
innodb_data_file_path                   = ibdata1:10M:autoextend
innodb_buffer_pool_size                 = 128M
innodb_additional_mem_pool_size         = 32M

innodb_log_files_in_group               = 2
innodb_log_file_size                    = 64M
innodb_log_buffer_size                  = 8M
innodb_flush_log_at_trx_commit          = 2
innodb_thread_concurrency               = 0
innodb_lock_wait_timeout                = 50

innodb_io_capacity                      = 100
innodb_read_io_threads                  = 2
innodb_write_io_threads                 = 2

[mysqldump]
quick
quote-names
max_allowed_packet                      = 64M

[mysql]

[isamchk]
key_buffer                              = 256M 
sort_buffer                             = 256K
read_buffer                             = 256K
write_buffer                            = 256K

!includedir /etc/mysql/conf.d/

I’ve cleaned up the comments and removed the options that were commented out to reduce the size, though it’s still a little lengthy.

Should MySQL fail to start, we need to check the MySQL error log, run tail -20 on it and that should help us troubleshoot which configuration var doesn’t work with the version you’re running.

@bashfeedbusiness

If you wouldn’t mind, would you please repost that in a code block. To do that, it’d be three backticks, hit enter, paste the config, hit enter, and three more backticks.

Using a code block will keep it formatted. The copy and paste above slightly changes the config and it’s hard to tell what is and isn’t commented in the file as it appears much of that has been stripped.

Once I have that, I’ll see what we can do to tune the config.

You mention that you have higher levels of traffic. What are we looking at?

@bashfeedbusiness

This is what I was looking for :-).

170308 7:06:12 InnoDB: Fatal error: cannot allocate memory for the buffer pool
170308 7:06:12 [ERROR] Plugin 'InnoDB' init function returned error.
170308 7:06:12 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
170308 7:06:12 [ERROR] Unknown/unsupported storage engine: InnoDB
170308 7:06:12 [ERROR] Aborting

Specifically:

170308 7:06:12 InnoDB: Fatal error: cannot allocate memory for the buffer pool

That error means you’re running out of RAM and MySQL/MariaDB is not able to allocate sufficient RAM, so it fails. What size is your Droplet? (specifically RAM).

Also, let’s figure out where your actual MySQL configuration is. You should have this directory:

/etc/mysql/mysql.conf.d

Inside that directory is going to be one of two files.

1). mysqld.cnf

or

2). 50-server.cnf

Can you post the complete contents of that file?

I do have both the ./sites-available and ./sites-enabled directories, just not the ./ssl-params.conf file.

Yes I use .htaccess for the wordpress installation on the domain hosted on this Droplet.

@bashfeedbusiness

If you don’t have the ./sites-available/ and ./sites-enabled/ directories, then you’re most likely pulling from either ./conf or ./conf.d, in which case anything that resides in there is going to get included by Apache during startup.

So if there’s an error in your 000-default.conf file, it could easily affect the rest of your sites just as a misconfigured .htaccess file could.

Do you happen to use .htaccess for any of your websites (normally in the web root for the domain) or is all configuration done through the Apache configuration?