Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Syntax error on line 24 of /etc/apache2/sites-enabled/default-ssl

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
User avatar
orynider
Posts: 8
Joined: 2021-12-23 09:50
Location: Arad
LinkedIN: florin-bodin-91442b1
Contact:
Contact orynider

Syntax error on line 24 of /etc/apache2/sites-enabled/default-ssl

#1 Post by orynider »

root@Programing-PC:~# journalctl -xeu apache2.service
░░ Subject: A start job for unit apache2.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit apache2.service has begun execution.
░░
░░ The job identifier is 42264.
mar 20 15:15:14 Programing-PC apachectl[570974]: AH00526: Syntax error on line 24 of /etc/apache2/sites-enabled/default-ssl.>
mar 20 15:15:14 Programing-PC apachectl[570974]: Invalid command 'SSLEngine', perhaps misspelled or defined by a module not >
mar 20 15:15:14 Programing-PC systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit apache2.service has exited.

░░
░░ The process' exit code is 'exited' and its exit status is 1.
mar 20 15:15:14 Programing-PC systemd[1]: apache2.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit apache2.service has entered the 'failed' state with result 'exit-code'.
mar 20 15:15:14 Programing-PC systemd[1]: Failed to start apache2.service - The Apache HTTP Server.
░░ Subject: A start job for unit apache2.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit apache2.service has finished with a failure.
░░
░░ The job identifier is 42264 and the job result is failed.
lines 964-994/994 (END)

Code: Select all

Volumul in unitatea z nu are eticheta.
Numarul de serie al volumului este 240b-6525

Directory of z:\etc\apache2\sites-available

20.03.2024     15:31  <DIR>         .
20.03.2024     15:15  <DIR>         ..
20.09.2023     14:03         6,337  .default-ssl.conf
20.09.2023     14:03        16,384  .default-ssl.conf.swp
19.10.2023     12:52         1,286  000-default.conf
19.10.2023     12:56         4,573  default-ssl.conf
17.02.2023     15:12           656  openqa.conf.template
17.02.2023     15:12         2,658  openqa-common.inc
17.02.2023     15:12           807  openqa-ssl.conf.template
20.03.2024     15:32            88  sites-available.txt
       8 files                   32,789 bytes
       2 directories    177,706,688,512 bytes free
A workaround was on github.com were they added a check to the conf file alike in .htacces as in .default-ssl.conf for this dir:

Code: Select all

<IfModule mod_ssl.c>
	<VirtualHost _default_:443>
	#
	</VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Note that if I add # SSLEngine apache2 is working with htttp and no https ...
We could try:

Code: Select all

<IfModule mod_ssl.c>
SSLEngine On
</IfModule>
When was broken I followed the steps from https://std.rocks/gnulinux_tftp.html
I used the IP 192.168.0.4 instead 192.168.1.10 and worked.
In sites-enabled we have default-ssl.conf and 000-default.conf ...
After commenting so the lines I get:
root@Programing-PC:~# journalctl -xeu apache2.service
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit apache2.service has begun execution.
░░
░░ The job identifier is 44535.
mar 20 17:50:12 Programing-PC apachectl[686785]: (98)Address already in use: AH00072: make_sock: could not bind to address [>
mar 20 17:50:12 Programing-PC apachectl[686785]: (98)Address already in use: AH00072: make_sock: could not bind to address 0>
mar 20 17:50:12 Programing-PC apachectl[686785]: no listening sockets available, shutting down
mar 20 17:50:12 Programing-PC apachectl[686785]: AH00015: Unable to open logs
mar 20 17:50:12 Programing-PC systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ An ExecStart= process belonging to unit apache2.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
mar 20 17:50:12 Programing-PC systemd[1]: apache2.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ The unit apache2.service has entered the 'failed' state with result 'exit-code'.
mar 20 17:50:12 Programing-PC systemd[1]: Failed to start apache2.service - The Apache HTTP Server.
░░ Subject: A start job for unit apache2.service has failed
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit apache2.service has finished with a failure.
░░
░░ The job identifier is 44535 and the job result is failed.

root@Programing-PC:~#
Do to others what You wish that other's do to You.
Top
User avatar
lewulff
Posts: 107
Joined: 2008-12-07 16:55
Location: Tagaytay Philippines
LinkedIN: www.linkedin.com/in/
Has thanked: 3 times
Been thanked: 13 times
Contact:
Contact lewulff

Re: Syntax error on line 24 of /etc/apache2/sites-enabled/default-ssl

#2 Post by lewulff »

Can you post your entire default-ssl file contents?

Note the actual file is probably in /etc/apache2/sites-avalbile
Top
User avatar
orynider
Posts: 8
Joined: 2021-12-23 09:50
Location: Arad
LinkedIN: florin-bodin-91442b1
Contact:
Contact orynider

Re: Syntax error on line 24 of /etc/apache2/sites-enabled/default-ssl

#3 Post by orynider »

This is the original version that did made the error:

Code: Select all

<VirtualHost *:443>
	ServerAdmin webmaster@localhost

	DocumentRoot /var/www/html

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf

	#   SSL Engine Switch:
	#   Enable/Disable SSL for this virtual host.
	SSLEngine on

	#   A self-signed (snakeoil) certificate can be created by installing
	#   the ssl-cert package. See
	#   /usr/share/doc/apache2/README.Debian.gz for more info.
	#   If both key and certificate are stored in the same file, only the
	#   SSLCertificateFile directive is needed.
	SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
	SSLCertificateKeyFile   /etc/ssl/private/ssl-cert-snakeoil.key

	#   Server Certificate Chain:
	#   Point SSLCertificateChainFile at a file containing the
	#   concatenation of PEM encoded CA certificates which form the
	#   certificate chain for the server certificate. Alternatively
	#   the referenced file can be the same as SSLCertificateFile
	#   when the CA certificates are directly appended to the server
	#   certificate for convinience.
	#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

	#   Certificate Authority (CA):
	#   Set the CA certificate verification path where to find CA
	#   certificates for client authentication or alternatively one
	#   huge file containing all of them (file must be PEM encoded)
	#   Note: Inside SSLCACertificatePath you need hash symlinks
	#         to point to the certificate files. Use the provided
	#         Makefile to update the hash symlinks after changes.
	#SSLCACertificatePath /etc/ssl/certs/
	#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

	#   Certificate Revocation Lists (CRL):
	#   Set the CA revocation path where to find CA CRLs for client
	#   authentication or alternatively one huge file containing all
	#   of them (file must be PEM encoded)
	#   Note: Inside SSLCARevocationPath you need hash symlinks
	#         to point to the certificate files. Use the provided
	#         Makefile to update the hash symlinks after changes.
	#SSLCARevocationPath /etc/apache2/ssl.crl/
	#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

	#   Client Authentication (Type):
	#   Client certificate verification type and depth.  Types are
	#   none, optional, require and optional_no_ca.  Depth is a
	#   number which specifies how deeply to verify the certificate
	#   issuer chain before deciding the certificate is not valid.
	#SSLVerifyClient require
	#SSLVerifyDepth  10

	#   SSL Engine Options:
	#   Set various options for the SSL engine.
	#   o FakeBasicAuth:
	#    Translate the client X.509 into a Basic Authorisation.  This means that
	#    the standard Auth/DBMAuth methods can be used for access control.  The
	#    user name is the `one line' version of the client's X.509 certificate.
	#    Note that no password is obtained from the user. Every entry in the user
	#    file needs this password: `xxj31ZMTZzkVA'.
	#   o ExportCertData:
	#    This exports two additional environment variables: SSL_CLIENT_CERT and
	#    SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
	#    server (always existing) and the client (only existing when client
	#    authentication is used). This can be used to import the certificates
	#    into CGI scripts.
	#   o StdEnvVars:
	#    This exports the standard SSL/TLS related `SSL_*' environment variables.
	#    Per default this exportation is switched off for performance reasons,
	#    because the extraction step is an expensive operation and is usually
	#    useless for serving static content. So one usually enables the
	#    exportation for CGI and SSI requests only.
	#   o OptRenegotiate:
	#    This enables optimized SSL connection renegotiation handling when SSL
	#    directives are used in per-directory context.
	#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
	<FilesMatch "\.(?:cgi|shtml|phtml|php)$">
		SSLOptions +StdEnvVars
	</FilesMatch>
	<Directory /usr/lib/cgi-bin>
		SSLOptions +StdEnvVars
	</Directory>
</VirtualHost>
This is the version that I have now, and apache2 is working with http only:

Code: Select all

<VirtualHost *:443>
	ServerAdmin webmaster@localhost

	DocumentRoot /var/www/html

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf

	#   SSL Engine Switch:
	#   Enable/Disable SSL for this virtual host.
	<IfModule mod_ssl.c>
	SSLEngine On
	</IfModule>

	#   A self-signed (snakeoil) certificate can be created by installing
	#   the ssl-cert package. See
	#   /usr/share/doc/apache2/README.Debian.gz for more info.
	#   If both key and certificate are stored in the same file, only the
	#   SSLCertificateFile directive is needed.
	<IfModule mod_ssl.c>
	SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
	SSLCertificateKeyFile   /etc/ssl/private/ssl-cert-snakeoil.key
	</IfModule>
	#   Server Certificate Chain:
	#   Point SSLCertificateChainFile at a file containing the
	#   concatenation of PEM encoded CA certificates which form the
	#   certificate chain for the server certificate. Alternatively
	#   the referenced file can be the same as SSLCertificateFile
	#   when the CA certificates are directly appended to the server
	#   certificate for convinience.
	#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

	#   Certificate Authority (CA):
	#   Set the CA certificate verification path where to find CA
	#   certificates for client authentication or alternatively one
	#   huge file containing all of them (file must be PEM encoded)
	#   Note: Inside SSLCACertificatePath you need hash symlinks
	#         to point to the certificate files. Use the provided
	#         Makefile to update the hash symlinks after changes.
	#SSLCACertificatePath /etc/ssl/certs/
	#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

	#   Certificate Revocation Lists (CRL):
	#   Set the CA revocation path where to find CA CRLs for client
	#   authentication or alternatively one huge file containing all
	#   of them (file must be PEM encoded)
	#   Note: Inside SSLCARevocationPath you need hash symlinks
	#         to point to the certificate files. Use the provided
	#         Makefile to update the hash symlinks after changes.
	#SSLCARevocationPath /etc/apache2/ssl.crl/
	#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

	#   Client Authentication (Type):
	#   Client certificate verification type and depth.  Types are
	#   none, optional, require and optional_no_ca.  Depth is a
	#   number which specifies how deeply to verify the certificate
	#   issuer chain before deciding the certificate is not valid.
	#SSLVerifyClient require
	#SSLVerifyDepth  10

	#   SSL Engine Options:
	#   Set various options for the SSL engine.
	#   o FakeBasicAuth:
	#    Translate the client X.509 into a Basic Authorisation.  This means that
	#    the standard Auth/DBMAuth methods can be used for access control.  The
	#    user name is the `one line' version of the client's X.509 certificate.
	#    Note that no password is obtained from the user. Every entry in the user
	#    file needs this password: `xxj31ZMTZzkVA'.
	#   o ExportCertData:
	#    This exports two additional environment variables: SSL_CLIENT_CERT and
	#    SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
	#    server (always existing) and the client (only existing when client
	#    authentication is used). This can be used to import the certificates
	#    into CGI scripts.
	#   o StdEnvVars:
	#    This exports the standard SSL/TLS related `SSL_*' environment variables.
	#    Per default this exportation is switched off for performance reasons,
	#    because the extraction step is an expensive operation and is usually
	#    useless for serving static content. So one usually enables the
	#    exportation for CGI and SSI requests only.
	#   o OptRenegotiate:
	#    This enables optimized SSL connection renegotiation handling when SSL
	#    directives are used in per-directory context.
	#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
	<FilesMatch "\.(?:cgi|shtml|phtml|php)$">
	<IfModule mod_ssl.c>
		SSLOptions +StdEnvVars
	</IfModule>
	</FilesMatch>
	<Directory /usr/lib/cgi-bin>
	<IfModule mod_ssl.c>
		SSLOptions +StdEnvVars
	</IfModule>
	</Directory>
</VirtualHost>
Do to others what You wish that other's do to You.
Top
Post Reply

Return to “System and Network configuration”