One fine morning I have discovered that my Apache (httpd) service is down and can't be started :)
Step 1: Checking httpd Service Status:
#/etc/init.d/httpd status
httpd dead but pid file exists
Step 2: Search httpd processes and kill those
#ps -ef | grep httpd
# killall -9 httpd
Step 3: Remove httpd lock file if exist
# rm -f /var/lock/subsys/httpd
Step4: Restart Apache/httpd Service
# service httpd restart
Stop httpd [FAILED]
Start httpd [FAILED]
Need to dig down more.
Step 5: Check httpd error log file
Step 6: Check httpd nss error log file
#tail -300 /var/log/httpd/nss_error_log
[Sun Sep 22 04:03:27 2013] [error] Certificate not verified: 'Server-Cert'
[Sun Sep 22 04:03:27 2013] [error] SSL Library Error: -8181 Certificate has expired
[Sun Sep 22 04:03:27 2013] [error] Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
[Sun Sep 22 10:38:03 2013] [error] Certificate not verified: 'Server-Cert'
[Sun Sep 22 10:38:03 2013] [error] SSL Library Error: -8181 Certificate has expired
[Sun Sep 22 10:38:03 2013] [error] Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
[Sun Sep 22 10:45:53 2013] [error] Certificate not verified: 'Server-Cert'
[Sun Sep 22 10:45:53 2013] [error] SSL Library Error: -8181 Certificate has expired
[Sun Sep 22 10:45:53 2013] [error] Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
Step 7: Remove nss.conf file from httpd conf.d directory
#cd /etc/httpd/conf.d
#mv nss.conf nss.conf.orig
#/etc/init.d/httpd start
Start httpd [OK]
Step 1: Checking httpd Service Status:
#/etc/init.d/httpd status
httpd dead but pid file exists
Step 2: Search httpd processes and kill those
#ps -ef | grep httpd
# killall -9 httpd
Step 3: Remove httpd lock file if exist
# rm -f /var/lock/subsys/httpd
Step4: Restart Apache/httpd Service
# service httpd restart
Stop httpd [FAILED]
Start httpd [FAILED]
Need to dig down more.
Step 5: Check httpd error log file
# grep suexec /var/log/httpd/error_log
[Sun Sep 22 10:32:06 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Sep 22 10:33:51 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Sep 22 10:38:03 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Sep 22 10:45:53 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Sep 22 10:32:06 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Sep 22 10:33:51 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Sep 22 10:38:03 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Sep 22 10:45:53 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
#tail -300 /var/log/httpd/nss_error_log
[Sun Sep 22 04:03:27 2013] [error] Certificate not verified: 'Server-Cert'
[Sun Sep 22 04:03:27 2013] [error] SSL Library Error: -8181 Certificate has expired
[Sun Sep 22 04:03:27 2013] [error] Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
[Sun Sep 22 10:38:03 2013] [error] Certificate not verified: 'Server-Cert'
[Sun Sep 22 10:38:03 2013] [error] SSL Library Error: -8181 Certificate has expired
[Sun Sep 22 10:38:03 2013] [error] Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
[Sun Sep 22 10:45:53 2013] [error] Certificate not verified: 'Server-Cert'
[Sun Sep 22 10:45:53 2013] [error] SSL Library Error: -8181 Certificate has expired
[Sun Sep 22 10:45:53 2013] [error] Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
So, the root cause of this issue is in a module called nss. mod_nss is an alternative to mod_ssl; it does a few things that mod_ssl doesn't do, and can run along side mod_ssl.
Step 7: Remove nss.conf file from httpd conf.d directory
#cd /etc/httpd/conf.d
#mv nss.conf nss.conf.orig
#/etc/init.d/httpd start
Start httpd [OK]
10 comments:
Hi, Working for me,
Many Many Many Thanks !
Perfect!
You Rock man !!
Thanks its now working ..!!
after
Step 7: Remove nss.conf file from httpd conf.d directory
#cd /etc/httpd/conf.d
#mv nss.conf nss.conf.orig
#/etc/init.d/httpd start
Start httpd [OK]
Thanks!!!!!!
Cheers!!!
Cheers!!!
Pleasure :-)
:-)
Pleasure Sheikh.
Post a Comment