Error starting apache httpd service in a Centos 7:
[root@localhost conf.d]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2020-03-25 22:25:56 CET; 6s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 29250 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 29244 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 29244 (code=exited, status=1/FAILURE)
Mar 25 22:25:55 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
Mar 25 22:25:56 localhost.localdomain systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Mar 25 22:25:56 localhost.localdomain kill[29250]: kill: cannot find process ""
Mar 25 22:25:56 localhost.localdomain systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 25 22:25:56 localhost.localdomain systemd[1]: Failed to start The Apache HTTP Server.
Mar 25 22:25:56 localhost.localdomain systemd[1]: Unit httpd.service entered failed state.
Mar 25 22:25:56 localhost.localdomain systemd[1]: httpd.service failed.
[root@localhost conf.d]# httpd -t
Syntax OK
[root@localhost conf.d]#
´´´
If we see the apache httpd log we find that it has something to see with which certificate used in the mod_nss module whose configuration is in the nss.conf file is expired, and in my case the certificate has lasted two years::
[Wed Mar 25 22:25:55.915478 2020] [core:notice] [pid 29244] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Wed Mar 25 22:25:55.916854 2020] [suexec:notice] [pid 29244] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Mar 25 22:25:56.088765 2020] [:error] [pid 29244] SSL Library Error: -8181 Certificate has expired
[Wed Mar 25 22:25:56.088820 2020] [:error] [pid 29244] Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
´´´
This apache mod_nss is to manage SSL, although mod_ssl is usually used for this purpose. It is always good to be familiar with this mod_nss module for serving as a workaround for any problem we have when using mod_ssl.
We see the configuration files that we have and certify that we have an nss.conf file:
The solution is to uninstall the mod_ssn, delete the contents of the apache "alias" folder (located in / etc / httpd / alias) and install again the mod_ssn that will generate the necessary certificates and elements for this mod_ssn module again.
The alias directory before uninstalling it has (we make a backup just in case):
We apply the solution with the following commands:
´´´
rpm -e mod_nss
rm /etc/httpd/alias/*
yum install mod_nss
service httpd restart
The "alias" directory once the mod_nss module is installed again looks like this:
We start httpd apache:
And we already have it working without the problems of before.
In two years we will have to repeat the action again ... if we continue with the same version of httpd apache.