I have been given a test server (CentOS 6.6), as part of a job interview-with breaks in the system and to fix them. One of them was getting httpd to work.
This was the initial error I faced whenever I attempted to start httpd
root@ip-10-138-115-106 html]# service httpd start
Starting httpd: Warning: DocumentRoot [/var/www/html/talent-test] does not exist
[FAILED]
I then set the selinux mode to permissive
[root@ip-10-138-115-106 html]# getenforce
Permissive
And now the new error simply shows httpd failed to start
[root@ip-10-138-115-106 html]# service httpd start
Starting httpd: [FAILED]
These are the Selinux logs, its no longer warning, but just notices
[root@ip-10-138-115-106 httpd]# tail -f error_log
[Tue Sep 19 13:27:05 2017] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Sep 19 13:27:05 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Sep 19 13:30:15 2017] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Sep 19 13:30:15 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Sep 19 13:42:49 2017] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Sep 19 13:42:49 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Sep 19 13:47:13 2017] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Sep 19 13:47:13 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Sep 19 13:53:22 2017] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Tue Sep 19 13:53:22 2017] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
However, the access_log has these same errors repeating
[root@ip-10-138-115-106 httpd]# more talent-test-error_log-20170919
[Tue Sep 19 06:10:40 2017] [error] Init: Private key not found
[Tue Sep 19 06:10:40 2017] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Sep 19 06:10:40 2017] [error] SSL Library Error: 218640442 error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Tue Sep 19 06:10:40 2017] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Sep 19 06:10:40 2017] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Tue Sep 19 06:10:40 2017] [error] SSL Library Error: 67710980 error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Tue Sep 19 06:10:40 2017] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Sep 19 06:10:40 2017] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
- I checked both the SSL certificate and private key files with notepad, and there are no gaps/space in between the lines at all.
[root@ip-10-138-115-106 conf]# cat /etc/pki/tls/certs/talent-test.crt
-----BEGIN CERTIFICATE-----
MIIDTzCCAjegAwIBAgIBADANBgkqhkiG9w0BAQUFADBCMQswCQYDVQQGEwJ
...
-----END CERTIFICATE-----
[root@ip-10-138-115-106 conf]# cat /etc/pki/tls/private/talent-test.key
-----BEGIN RSA PRIVATE KEY-----
HIIEpAIBAAKCAQEAxRupoHwZGT4smskhfQrpwejxfV1KCe9R/Llm7ks85otEI3n
...
-----END RSA PRIVATE KEY-----
This is the config file for the virtual host
[root@ip-10-138-115-106 conf.d]# more talent-test.conf
<VirtualHost *:443>
ServerAdmin XXX
DocumentRoot /var/www/html/talent-test
ServerName XXX
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/talent-test.crt
SSLCertificateKeyFile /etc/pki/tls/private/talent-test.key
ErrorLog logs/talent-test-error_log
CustomLog logs/talent-test-access_log common
</VirtualHost>
Honestly I don't know what to do now, is something wrong with the private key that I have failed to notice?