Apache Configuration Error AH00526: Syntax error
This tutorial series explains how to troubleshoot and fix some of the most common errors that you may encounter when using the Apache web server.
Each tutorial in this series includes descriptions of common Apache configuration, network, filesystem, or permission errors. The series begins with an overview of the commands and log files that you can use to troubleshoot Apache. Subsequent tutorials examine specific errors in detail.
AH00526: Syntax error message occurs when there is a typo or misconfigured setting somewhere in your Apache configuration files. It is a generic error that can be indicative of a number of underlying problems.
The error can be detected using
apachectl configtest before an invalid configuration is loaded. It can also be found using the
journalctl commands. In the latter two cases, Apache will be unable to run because of the error.
If you have detected the error using
apachectl then skip to the Troubleshooting Using the Built in
apachectl Command section of this tutorial. Otherwise, the next section will explain how to use
systemctl to troubleshoot the error.
Following the troubleshooting steps from the How to Troubleshoot Common Apache Errors tutorial at the beginning of this series, the first step when you are troubleshooting an AH00526 error is to check Apache’s status with
systemctl. It is important to understand if the error affects the running process, or if it is preventing Apache from starting up.
On Ubuntu and Debian derived Linux distributions, run the following to check Apache’s status:
- sudo systemctl status apache2.service -l --no-pager
On CentOS and Fedora systems, use this command to examine Apache’s status:
- sudo systemctl status httpd.service -l --no-pager
-l flag will ensure that
systemctl outputs the entire contents of a line, instead of substituting in ellipses (
…) for long lines. The
--no-pager flag will output the entire log to your screen without invoking a tool like
less that only shows a screen of content at a time.
Since you are troubleshooting an
AH00526: Syntax error message, you should receive output that is similar to the following:
Output● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled) Drop-In: /lib/systemd/system/apache2.service.d └─apache2-systemd.conf Active: failed (Result: exit-code) since Wed 2020-07-15 13:45:49 UTC; 1min 37s ago . . . Jul 15 13:45:49 f17f01056c5b systemd: Starting The Apache HTTP Server... Jul 15 13:45:49 f17f01056c5b apachectl: AH00526: Syntax error on line 2 of /etc/apache2/sites-enabled/000-default.conf: Jul 15 13:45:49 f17f01056c5b apachectl: Invalid command 'SSSLCertificateFile', perhaps misspelled or defined by a module not included in the server configuration Jul 15 13:45:49 f17f01056c5b apachectl: Action 'start' failed. Jul 15 13:45:49 f17f01056c5b apachectl: The Apache error log may have more information. Jul 15 13:45:49 f17f01056c5b systemd: apache2.service: Control process exited, code=exited status=1 Jul 15 13:45:49 f17f01056c5b systemd: apache2.service: Failed with result 'exit-code'. Jul 15 13:45:49 f17f01056c5b systemd: Failed to start The Apache HTTP Server.
In this case, Apache is not running because of the syntax error. The error is caused by an extra S character at the beginning of the
SSSLCertificateFile line in the
/etc/apache2/sites-enabled/000-default.conf file. The correct directive should be
SSLCertificateFile, so editing the file to fix the directive name in this example would resolve the error and allow Apache to start.
systemctl output in this example also includes some lines from the
systemd journal. If your output indicates a specific line in your configuration file is generating the syntax error, you can skip the
apachectl configtest troubleshooting steps. Instead, you can go directly to the file to inspect and edit the erroneous line to resolve the error.
If your output does not give specific information about the error location in Apache’s configuration files, you will need to examine
journalctl output from the
systemd logs. The following section explains how to use
journalctl to troubleshoot an AH00526 error.
systemctl output does not include specifics about an AH00526 syntax error, you can proceed with using the
journalctl command to examine
systemd logs for Apache.
On Ubuntu and Debian-derived systems, run the following command:
- sudo journalctl -u apache2.service --since today --no-pager
On CentOS, Fedora, and RedHat-derived systems, use this command to inspect the logs:
- sudo journalctl -u httpd.service --since today --no-pager
--since today flag will limit the output of the command to log entries beginning at 00:00:00 of the current day only. Using this option will help restrict the volume of log entries that you need to examine when checking for errors.
If you have an AH00526 error in your Apache configuration, look through the
journalctl command output for lines like the following:
Output-- Logs begin at Tue 2019-11-05 21:26:44 UTC, end at Tue 2020-06-09 15:13:01 UTC. -- . . . Jun 09 15:12:28 f17f01056c5b apachectl: AH00526: Syntax error on line 3 of /etc/apache2/sites-enabled/000-default.conf: Jun 09 15:12:28 f17f01056c5b apachectl: Invalid command 'SSLCertificateFile', perhaps misspelled or defined by a module not included in the server configuration . . .
The first line of output is the AH00526 error. Since this error is a general error related to an invalid setting or a typo in a configuration file, the next line explains what caused the error. In this case it is a directive called
SSLCertificateFile, which will only be valid if the
ssl module is enabled.
If you encounter an AH00526 error that is related to an invalid
SSLCertificateFile directive, you can resolve it by enabling the
ssl module and then restarting Apache to make the error go away.
For Ubuntu and Debian systems, run the following to enable the module:
- sudo a2enmod ssl
- sudo systemctl restart apache2.service
On CentOS and Fedora systems, ensure that the
mod_ssl package is installed, and then load the module by adding it to Apache’s
/etc/httpd/conf.modules.d directory in a file like this:
- sudo yum install mod_ssl
- echo "LoadModule ssl_module modules/mod_ssl.so" | sudo tee > /etc/httpd/conf.modules.d/00-ssl.conf
- sudo systemctl restart httpd.service
Once the module is referenced by Apache and you restart it using the command that is appropriate to your Linux distribution, the server will start up if there are no more errors in the configuration.
However, if there are more errors, Apache and
systemctl status will continue to report them and attempt to explain why the server cannot be started.
systemctl will output failure messages like this on Ubuntu and Debian systems:
Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details
And on CentOS, Fedora, and RedHat derived systems, a failed startup message will be similar to the following:
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
When Apache will still not start because of errors, using the
apachectl configtest command can be the most efficient and effective way to diagnose issues. The next section will explain how to use the utility to resolve an AH00526 error that is again related to an invalid
To troubleshoot an AH00526 error with Apache’s
apachectl utility, you can test your Apache configuration using the
configtest sub-command. This tool will parse your Apache files to determine whether it’s valid and, if not, locate incorrect settings in the Apache configuration.
apachectl configtest command is useful for catching syntax errors before reloading apache with a new configuration. This test can help you to avoid service outages in the event of a misconfigured setting in your Apache files.
The following example configuration test command will return an
AH00526 Syntax error message, and explains that the likely problem is that Apache is referencing an empty
- sudo apachectl configtest
OutputAH00526: Syntax error on line 3 of /etc/apache2/sites-enabled/000-default.conf: SSLCertificateFile: file '/etc/ssl/certs/example.com.pem' does not exist or is empty
In this example output, the
/etc/ssl/certs/example.com.pem file does not exist as the error message notes. Adding an SSL/TLS certificate to the file, or removing the directive will resolve the issue.
apachectl configtest invocation should result in output like this:
In this tutorial you learned how to troubleshoot an Apache AH00526 syntax error. The first step when investigating any Apache error is to examine the server’s status with
systemctl status apache2, or
systemctl status httpd depending on your Linux distribution. From there, you can determine whether Apache is running correctly, or if it is unable to start because of the error.
After you have determined Apache’s status, you can diagnose it further using
journalctl to examine the
systemd logs for the process. You can also use the
apachectl configtest command to check the configuration files for errors directly.