Question

OpenSSL is causing my server to crash (I think)

Posted April 3, 2018 2.7k views
Apache Let's Encrypt Ubuntu 16.04

Hi there. I have an Apache server running on Ubuntu 16.04 and I have multiple websites running on it. I’ve noticed that occasionally, all of my sites are down with ‘This site cannot be reached’ errors. Restarting apache fixes this, but I’m just tring to find the cause. I’ve looked in the error logs and I noticed this:

[Mon Apr 02 12:31:31.411760 2018] [mpm_prefork:notice] [pid 20212] AH00163: Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g configured -- resuming normal operations
[Mon Apr 02 12:31:31.411836 2018] [core:notice] [pid 20212] AH00094: Command line: '/usr/sbin/apache2'
[Mon Apr 02 12:31:31.543994 2018] [mpm_prefork:notice] [pid 20212] AH00169: caught SIGTERM, shutting down

Am I right in thinking that this is the cause of my problem? I followed the tutorial here for enabling SSL, but ran in to some issues where I had to do things differently. I basically just ran commands I found on Google until it worked (stupid I know, but I’m very inexperienced with this stuff).

If anyone could tell me how I could resolve this, I would be very grateful!

Add a comment
jackharding
By:
jackharding
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer
ryanpq April 3, 2018

The log snippet you shared does not in itself indicate an issue. The caught SIGTERM, shutting down is what Apache logs normally when it receives a stop or restart command.

Can you share your Apache configuration found in /etc/apache2/sites-enabled (feel free to change identifying names to something like example.org if you’d like. Seeing this will help in identifying the problem.

As this happens randomly it’s also possible that it’s related to resource usage, especially if this is a smaller droplet. Are you using the monitoring agent on your droplet?

Reply Report
  • jackharding April 6, 2018

    Sorry for the delayed response!

    This is example.co.uk.conf:

    <VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin test@gmail.com
        ServerName example.co.uk
        ServerAlias www.example.co.uk
        DocumentRoot /var/www/example.co.uk/public_html

        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/example.co.uk/public_html>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.co.uk [OR]
RewriteCond %{SERVER_NAME} =example.co.uk
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

    example.co.uk-le-ssl.conf

    <IfModule mod_ssl.c>
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin test@gmail.com
        ServerName example.co.uk
        ServerAlias www.example.co.uk
        DocumentRoot /var/www/example.co.uk/public_html

        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/example.co.uk/public_html>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.

# RewriteCond %{SERVER_NAME} =www.example.co.uk [OR]
# RewriteCond %{SERVER_NAME} =example.co.uk
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.co.uk/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.co.uk/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
    Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help