Although Apache is an immensely powerful – and capable – web server, it’s not perfect. There isn’t a platform on earth that runs flawlessly all the time. With that in mind, you’re fairly likely to eventually run into a problem or two with your Apache installation. Whether those issues are minor road-blocks or website-crippling catastrophes is entirely up to you.
Knowing what to expect can make all the difference here. That’s why today, we’re going to go over some of the most common issues you’ll encounter with Apache – and how you can deal with each one. Armed with this knowledge, you should be perfectly capable of keeping things running smoothly.
Apache Won’t Start
This is by far the most frequently-encountered problem with Apache – for that reason, I’m splitting it into a few sub-headings. The array of factors that can prevent Apache from starting is an incredibly varied one; depending on the root cause it can either be incredibly simple or quite difficult to fix.
Thanks to the immense amount of customizability inherent in the platform, it’s actually pretty easy for someone to inadvertently mis-configure something. As such, your first step in the event that your server misbehaves should be to check the logs. There’s bound to be something there that’ll tell you what went wrong. The default location of your log file is as follows:
- Debian/Ubuntu: /var/log/apache2/error_log
- CentOS/Fedora: /var/log/httpd/error_log
- Windows: C:\Program Files\Apache Group\Apache2\logs\error.log
I’d strongly recommend leaving this as-is. That way, you’ll be able to find your error logs with relative ease if your server ever runs into trouble. If you don’t know where your logs are, you won’t be able to effectively troubleshoot.
Now, one of the more common problems that might prevent Apache from loading is a glitch in the application’s SSL certificates. You might see one of the following error messages (via Digicert):
- Unable to configure RSA server private key and/or certificate routines: X:509_check_private_key: key values mismatch.
- This means that the private key you’re loading in the VirtualHost section of your .conf file doesn’t match with the SSL certificate.
- Check if the two files match by running the following commands:
- openssl x509 -noout -modulus -in yourdomainname_com.crt | openssl md5
- openssl rsa -noout -modulus -in yourdomainname_com.key | openssl md5
- If they don’t match, either update your configuration file, re-issue your certificate or re-create your key.
- Invalid command ‘SSLEngine’
- This error is caused by the absence of mod_ssl or improper installation. Fixing it is quite simple. On CentOS/Fedora, simply run sudo yum install mod_ssl. On Debian/Ubuntu, use a2enmod ssl.
- SSL3_READ_BYTES:sslv3 alert handshake failure and/or SSL23_WRITE:ssl handshake failure
- Both of these errors are the result of a directive in your configuration file that requires mutual authentication – said directive is usually included entirely by mistake. In order to remove this directive, simply open your configuration file and change SSLVerifyClient or SSLVerifyClient optional_no_ca to SSLVerifyClient none. Restart Apache, and you should be fine.
- If the above doesn’t fix the error, seek out the line SSLVerifyDepth 1 and add # to the beginning of it to comment it out of your config file.
- SSLSessionCache: Invalid argument: size has to be >=8192 bytes
- This is a Windows-specific error which occurs when Apache is installed in a folder whose filename includes spaces or parentheses. To fix it, simply change the folder name and restart Apache.
Blocked Ports/Conflicting Software
Another issue that could potentially be stopping Apache from loading properly is that you’ve either failed to open the necessary ports, or you’ve another application running concurrently with your installation that’s blocking those ports. Apache’s default port is 80, and it also uses 443 for HTTPS/SSL. Both ports are commonly used by a wide array of other applications such as Skype. If another program is using one of the ports, Apache simply refuses to start – and doesn’t provide an error message, either.
In order to check if the port is in use on Linux (and to figure out which process is using said port) you can use netstat –an | grep ‘:80:’ or ‘:443:’ This will tell you which process you need to kill in order to allow Apache to run.
On Windows, you can use netstat –aon, and look for a process that’s using port 80 or port 443. Afterwards, use the tasklist command, and search for the process using its ID. End the process, and start up Apache. Of course, if it’s a system process (or a mission-critical one), you’re probably better off changing Apache’s default port.
In order to do this, open up Apache’s configuration file, find the line where the default port is listed, and change it to something else – a port that you know for a fact will be free.
Other Possible Issues
Although we’ve gone over the two most common reasons Apache might refuse to start, we haven’t quite covered everything. I’ve listed a few of them below, along with possible solutions:
- A bad line in Apache’s configuration. There’s really no way to fix this other than to look through your config file for an errant typo or a misplaced comment symbol.
- Missing, corrupted, or improperly-named files. Again, you’re going to need to do a bit of searching – or in the worst-case, recompile Apache.
- A full error log. Believe it or not, if your error log gets too long, it can actually cause Apache to hang. In order to solve the problem:
- Run cd /var/log/httpd | ls -lS | less. If you find a file that’s larger than two or three gigabytes, there’s your problem. Remove the logs and restart Apache.
Apache Isn’t Co-operating With SSL
Another problem you’re likely to run into with Apache is that your server may refuse to co-operate with SSL. This manifests in one of two ways: either you’ll receive an error that SSL has received a record exceeding the maximum permissible length, or you’ll simply be notified that there are untrusted/missing certificates. There are a few factors that can cause this to occur:
- Your configuration file’s VirtalHost section is pointing to the wrong SSL Intermediate Certificate File or is commented out (or missing). Simply making sure your SSLCertificateChain file is pointing to the correct certificate file should be enough to solves this problem.
- You’ve already configured a virtual host for the IP address/port you’re trying to install the SSL certificate to. To fix this, you’ll need to search out the offending file and run through the same process as above. You can do this by running a grep command (Linux) or fintstr /s /i (Windows).
- You’ve failed to properly configure SSL traffic. Make sure Apache’s set to listen on port 443, that you’ve got your IP address set up, that SSL is properly defined, and that Apache is configured to use SSL. Check your proxy, as well.
Htaccess isn’t working
Another fairly common stumbling point with Apache involves Htaccess – and its refusal to work. Most often, this is the result of user error – either a misspelled file name, improper/incorrect syntax, incorrect configuration of Apache (it may be configured to disable Htaccess by the AllowOverride setting); or multiple, conflicting Htaccess files.
Apache Isn’t Compiling
Last but certainly not least, Apache may run into compilation issues. Usually, this is either because your system is out of date, or because you’re running with a system environment that Apache does not recognize. Thankfully, the solution here is extremely simple: all you need to do is check to make sure your systems compatible with Apache, and ensure that everything is up to date.
- Enable verbose logs. This will help you better troubleshoot your server. Make sure you limit the size of your logs, though – otherwise, you may end up running into startup issues.
- Restart your server often. Like any system, if Apache runs too long, it might eventually start to chug.
- Always check, double check, and triple check your syntax while coding (and after). Use Apache’s built-in syntax tool to do so.