Bug 64133
| Summary: | sometimes upon SIGHUP it doesn't like certificates and apache STOPS | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | hvv |
| Component: | mod_ssl | Assignee: | Nalin Dahyabhai <nalin> |
| Status: | CLOSED CANTFIX | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.2 | CC: | curtis, shishz |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2006-10-18 16:44:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Simply editing the localhost name in /etc/hosts will cause apache to die when the next logrotate event occurs. mod_ssl logs the following errors: "Ops, no RSA or DSA server certificate found?!" "You have to perform a *full* server restart when you added or removed a certificate and/or key file" Red Hat Linux is no longer supported by Red Hat, Inc. If you are still running Red Hat Linux, you are strongly advised to upgrade to a current Fedora Core release or Red Hat Enterprise Linux or comparable. Some information on which option may be right for you is available at http://www.redhat.com/rhel/migrate/redhatlinux/. Red Hat apologizes that these issues have not been resolved yet. We do want to make sure that no important bugs slip through the cracks. Please check if this issue is still present in a current Fedora Core release. If so, please change the product and version to match, and check the box indicating that the requested information has been provided. Note that any bug still open against Red Hat Linux on will be closed as 'CANTFIX' on September 30, 2006. Thanks again for your help. Red Hat Linux is no longer supported by Red Hat, Inc. If you are still running Red Hat Linux, you are strongly advised to upgrade to a current Fedora Core release or Red Hat Enterprise Linux or comparable. Some information on which option may be right for you is available at http://www.redhat.com/rhel/migrate/redhatlinux/. Closing as CANTFIX. |
Description of Problem: In the standard RH72 config, logrotate rotates logs every day at 4:00. After rotating, it sends SIGHUP to apache to restart (see /etc/logrotate.d/apache for exact details). Upon receipt of it, apache tries to restart. Today it failed to restart (thus, web server stopped running!!!) due to mod_ssl that thought that there are some problems with certificates. I didn't modify certificates (they are standard certificates for localhost, shipped with RH72). The server configuration was last modified 4 days ago. Of course manually issuing 'service httpd restart' solved the problem. Here is a content of the error.log: [Fri Apr 26 04:02:03 2002] [notice] SIGHUP received. Attempting to restart Processing config directory: /etc/httpd/conf/casino-conf Processing config file: /etc/httpd/conf/x/davpages-test Processing config file: /etc/httpd/conf/x/srvconfig Processing config file: /etc/httpd/conf/x/subsystems Processing config file: /etc/httpd/conf/x/subsystems-auth.in [Fri Apr 26 04:02:04 2002] [alert] httpd: Could not determine the server's fully qualified domain name, using 127.0.0.1 for ServerName [Fri Apr 26 04:02:04 2002] [error] mod_ssl: Init: (127.0.0.1:443) Ops, no RSA or DSA server certificate found?! [Fri Apr 26 04:02:04 2002] [error] mod_ssl: Init: (127.0.0.1:443) You have to perform a *full* server restart when you added or removed a certificate and/or key file Version-Release number of selected component (if applicable): apache-1.3.20-16 mod_ssl-2.8.4-9 glibc-2.2.4-19 How Reproducible: That's the 1st time during 4 month of web server's life. Solution: I rewrote /etc/logrotate.d/apache this way: ------ /var/log/httpd/access_log /var/log/httpd/agent_log /var/log/httpd/error_log /var/log/httpd/referer_log /var/log/httpd/ssl_request_log /var/log/httpd/ssl_engine_log { missingok sharedscripts postrotate #/bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true service httpd condrestart 2> /dev/null || true endscript } ------ - i.e. it restarts apache hard, thus guaranteeing that web server won't stop. Also note: standard /etc/logrotate.d/apache doesn't direct to rotate logs produced by ssl engine - namely /var/log/httpd/ssl_request_log and /var/log/httpd/ssl_engine_log - I consider this a severe bug too. My version of /etc/logrotate.d/apache lists them too. So please add these log files to /etc/logrotate.d/apache - otherwise one can run out of space on a busy https server.