OpenSSL is causing my server to crash (I think)

April 3, 2018 111 views
Apache Let's Encrypt Ubuntu 16.04

Hi there. I have an Apache server running on Ubuntu 16.04 and I have multiple websites running on it. I've noticed that occasionally, all of my sites are down with 'This site cannot be reached' errors. Restarting apache fixes this, but I'm just tring to find the cause. I've looked in the error logs and I noticed this:

[Mon Apr 02 12:31:31.411760 2018] [mpm_prefork:notice] [pid 20212] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Apr 02 12:31:31.411836 2018] [core:notice] [pid 20212] AH00094: Command line: '/usr/sbin/apache2'
[Mon Apr 02 12:31:31.543994 2018] [mpm_prefork:notice] [pid 20212] AH00169: caught SIGTERM, shutting down

Am I right in thinking that this is the cause of my problem? I followed the tutorial here for enabling SSL, but ran in to some issues where I had to do things differently. I basically just ran commands I found on Google until it worked (stupid I know, but I'm very inexperienced with this stuff).

If anyone could tell me how I could resolve this, I would be very grateful!

1 Answer

The log snippet you shared does not in itself indicate an issue. The caught SIGTERM, shutting down is what Apache logs normally when it receives a stop or restart command.

Can you share your Apache configuration found in /etc/apache2/sites-enabled (feel free to change identifying names to something like example.org if you'd like. Seeing this will help in identifying the problem.

As this happens randomly it's also possible that it's related to resource usage, especially if this is a smaller droplet. Are you using the monitoring agent on your droplet?

  • Sorry for the delayed response!

    This is example.co.uk.conf:

    <VirtualHost *:80>
            # The ServerName directive sets the request scheme, hostname and port that
            # the server uses to identify itself. This is used when creating
            # redirection URLs. In the context of virtual hosts, the ServerName
            # specifies what hostname must appear in the request's Host: header to
            # match this virtual host. For the default virtual host (this file) this
            # value is not decisive as it is used as a last resort host regardless.
            # However, you must set it for any further virtual host explicitly.
            #ServerName www.example.com
    
            ServerAdmin test@gmail.com
            ServerName example.co.uk
            ServerAlias www.example.co.uk
            DocumentRoot /var/www/example.co.uk/public_html
    
            <Directory />
                    Options FollowSymLinks
                    AllowOverride None
            </Directory>
            <Directory /var/www/example.co.uk/public_html>
                    Options Indexes FollowSymLinks MultiViews
                    AllowOverride All
                    Order allow,deny
                    allow from all
            </Directory>
    
            # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
            # error, crit, alert, emerg.
            # It is also possible to configure the loglevel for particular
            # modules, e.g.
            #LogLevel info ssl:warn
    
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
    
            # For most configuration files from conf-available/, which are
            # enabled or disabled at a global level, it is possible to
            # include a line for only one particular virtual host. For example the
            # following line enables the CGI configuration for this host only
            # after it has been globally disabled with "a2disconf".
            #Include conf-available/serve-cgi-bin.conf
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =www.example.co.uk [OR]
    RewriteCond %{SERVER_NAME} =example.co.uk
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    </VirtualHost>
    

    example.co.uk-le-ssl.conf

    <IfModule mod_ssl.c>
    <VirtualHost *:443>
            # The ServerName directive sets the request scheme, hostname and port that
            # the server uses to identify itself. This is used when creating
            # redirection URLs. In the context of virtual hosts, the ServerName
            # specifies what hostname must appear in the request's Host: header to
            # match this virtual host. For the default virtual host (this file) this
            # value is not decisive as it is used as a last resort host regardless.
            # However, you must set it for any further virtual host explicitly.
            #ServerName www.example.com
    
            ServerAdmin test@gmail.com
            ServerName example.co.uk
            ServerAlias www.example.co.uk
            DocumentRoot /var/www/example.co.uk/public_html
    
            <Directory />
                    Options FollowSymLinks
                    AllowOverride None
            </Directory>
            <Directory /var/www/example.co.uk/public_html>
                    Options Indexes FollowSymLinks MultiViews
                    AllowOverride All
                    Order allow,deny
                    allow from all
            </Directory>
    
            # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
            # error, crit, alert, emerg.
            # It is also possible to configure the loglevel for particular
            # modules, e.g.
            #LogLevel info ssl:warn
    
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
    
            # For most configuration files from conf-available/, which are
            # enabled or disabled at a global level, it is possible to
            # include a line for only one particular virtual host. For example the
            # following line enables the CGI configuration for this host only
            # after it has been globally disabled with "a2disconf".
            #Include conf-available/serve-cgi-bin.conf
    RewriteEngine on
    # Some rewrite rules in this file were disabled on your HTTPS site,
    # because they have the potential to create redirection loops.
    
    # RewriteCond %{SERVER_NAME} =www.example.co.uk [OR]
    # RewriteCond %{SERVER_NAME} =example.co.uk
    # RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/example.co.uk/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.co.uk/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
    </VirtualHost>
    </IfModule>
    
Have another answer? Share your knowledge.