Seems a little broken

Problem Description

I just installed sympl on a Pi4 and it almost works - but not quite

Any Error Messages

apache2.serviceJob for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xeu apache2.service" for details.
 failed!

Environment

  • Sympl Version [12.0]:
  • Sympl Testing Version? [Yes/No] tried both!
  • Debian Version [Bullseye]:
  • Hardware Type? [Pi]
  • Hosted On? [local]

Basically, all goes well right up to the point when sympl-ssl installs the server certificate. After that, apache refuses to start.

░░ The unit apache2.service has entered the ‘failed’ state with result ‘exit-code’.
Nov 02 15:54:06 hostname-redacted.uk systemd[1]: Failed to start apache2.service - The Apache HTTP Server.
░░ Subject: A start job for unit apache2.service has failed
░░ Defined-By: systemd
░░ Support: Debian -- User Support
░░
░░ A start job for unit apache2.service has finished with a failure.
░░
░░ The job identifier is 6127 and the job result is failed.

How was the Pi OS installed? Using the stock ‘Lite’ 32/64 bit image?

Can you run sudo journalctl -u apache2 and post (or message me) the output?

It sounds like the config is invalid for some reason.

The output of dpkg -l 'sympl-*' would also be handy to confirm the state of the install.

All standard pi install using the pi imager windows app, 64 bit bookworm lite and (later) I tried a 32bit bullseye lite.

I tried the standard and testing sympl installs. All the same result: all good until there’s a ssl certificate, then apache won’t run.

I’ll try to get answers to your specific questions tomorrow, but it should be reproducible: it has happened five times out of five for me.

Nov 03 12:10:52 redacted.uk systemd[1]: Starting apache2.service - The Apache HTTP Server…
Nov 03 12:10:52 redacted.uk systemd[1]: Started apache2.service - The Apache HTTP Server.
Nov 03 12:11:02 redacted.uk systemd[1]: Reloading apache2.service - The Apache HTTP Server…
Nov 03 12:11:02 redacted.uk systemd[1]: Reloaded apache2.service - The Apache HTTP Server.
Nov 03 12:11:02 redacted.uk systemd[1]: Reloading apache2.service - The Apache HTTP Server…
Nov 03 12:11:03 redacted.uk systemd[1]: Reloaded apache2.service - The Apache HTTP Server.
Nov 03 12:11:06 redacted.uk systemd[1]: Reloading apache2.service - The Apache HTTP Server…
Nov 03 12:11:06 redacted.uk systemd[1]: Reloading apache2.service - The Apache HTTP Server…
Nov 03 12:11:06 redacted.uk systemd[1]: Reloaded apache2.service - The Apache HTTP Server.
Nov 03 12:11:12 redacted.uk systemd[1]: Reloading apache2.service - The Apache HTTP Server…
Nov 03 12:11:12 redacted.uk systemd[1]: Reloaded apache2.service - The Apache HTTP Server.
Nov 03 12:11:12 redacted.uk systemd[1]: Reloading apache2.service - The Apache HTTP Server…
Nov 03 12:11:12 redacted.uk systemd[1]: Reloaded apache2.service - The Apache HTTP Server.
Nov 03 12:13:10 redacted.uk systemd[1]: Reloading apache2.service - The Apache HTTP Server…
Nov 03 12:13:10 redacted.uk systemd[1]: Reloaded apache2.service - The Apache HTTP Server.

sudo sympl-ssl to install certificate…

Apache stops.

sudo journalctl -u apache2
Nov 03 12:33:21 redacted.uk systemd[1]: Reloading apache2.service - The Apache HTTP Server…
Nov 03 12:33:21 redacted.uk systemd[1]: Reloaded apache2.service - The Apache HTTP Server.
Nov 03 12:33:21 redacted.uk systemd[1]: apache2.service: Main process exited, code=exited, status=1/FA>
Nov 03 12:33:21 redacted.uk systemd[1]: apache2.service: Failed with result ‘exit-code’.
Nov 03 12:33:21 redacted.uk systemd[1]: apache2.service: Consumed 4.875s CPU time.

Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
++±================-=============-============-=========================================
ii sympl-backup 12.20230609.0 all Automatic backups for Sympl
ii sympl-core 12.20230612.0 all Sympl - Easy server management via SSH
ii sympl-cron 12.20231018.0 all Per-domain crontab support for Sympl
ii sympl-dns 12.20230609.0 all Automatic DNS record generation for Sympl
ii sympl-firewall 12.20231017.0 all Firewall generator for Sympl
ii sympl-ftp 12.20230612.0 all Virtual FTP hosting in Sympl
ii sympl-mail 12.20230612.0 all Virtual email hosting in Sympl
ii sympl-monit 12.20230609.0 all Service monitoring for Sympl
ii sympl-mysql 12.20230609.0 all MariaDB database for Sympl
ii sympl-phpmyadmin 12.20230609.0 all Web-based database access for Sympl
ii sympl-updater 12.20230609.0 all Automatic package updates for Sympl
ii sympl-web 12.20231023.0 all Tools to manage web hosting in Sympl
ii sympl-webmail 12.20230609.0 all Webmail access for mailboxes on Sympl

[later]

removing all the ssl stuff didn’t fix it

/var/log/apache2 $ tail error.log
[Fri Nov 03 12:38:05.786738 2023] [ssl:emerg] [pid 16928] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/zz-mass-hosting.error.log for more information
AH00016: Configuration Failed

tail /var/log/apache2/zz-mass-hosting.error.log
[Fri Nov 03 12:40:03.433632 2023] [ssl:emerg] [pid 17100] AH01958: SSLStapling: no stapling cache available
[Fri Nov 03 12:40:05.875695 2023] [ssl:emerg] [pid 17128] AH01958: SSLStapling: no stapling cache available
[Fri Nov 03 12:42:03.399349 2023] [ssl:emerg] [pid 17276] AH02572: Failed to configure at least one certificate and key for redacted.uk:443
[Fri Nov 03 12:42:03.399572 2023] [ssl:emerg] [pid 17276] SSL Library Error: error:0A0000B1:SSL routines::no certificate assigned
[Fri Nov 03 12:42:05.845335 2023] [ssl:emerg] [pid 17302] AH02572: Failed to configure at least one certificate and key for redacted.uk:443
[Fri Nov 03 12:42:05.845569 2023] [ssl:emerg] [pid 17302] SSL Library Error: error:0A0000B1:SSL routines::no certificate assigned
[Fri Nov 03 12:44:03.398214 2023] [ssl:emerg] [pid 17419] AH02572: Failed to configure at least one certificate and key for redacted.uk:443
[Fri Nov 03 12:44:03.398519 2023] [ssl:emerg] [pid 17419] SSL Library Error: error:0A0000B1:SSL routines::no certificate assigned
[Fri Nov 03 12:44:05.831702 2023] [ssl:emerg] [pid 17446] AH02572: Failed to configure at least one certificate and key for redacted.uk:443
[Fri Nov 03 12:44:05.831962 2023] [ssl:emerg] [pid 17446] SSL Library Error: error:0A0000B1:SSL routines::no certificate assigned

I’ve just managed to replicate this, working on diagnosing it and finding a fix now…

1 Like

I’m reasonably certain I’ve found the problem, and im working on pushing a new package out with a fix now.

In the mean time, after installing sympl normally, manually this to enable the missing part of the configuration:

sudo a2enconf sympl-web
sudo service apache2 stop
sudo service apache2 start

It’ll take a while for the potential fixes to come down the pipeline with new packages, and I will also need to re-replicate the issue to confirm before they’re pushed to stable, but this should deal with it for now.

I’ve fast-tracked the fix for this now, along with some other small fixes which were pending.

This bug will only have affected new installs, and meant that the relevant part of the config which sets up SSL Stapling wasn’t enabled properly, but old/upgraded installs would have been fine.

This wasn’t picked up because the testing didn’t automatically pick up a new LE cert and force applying it, because the VMs used for testing don’t persist, and we could quickly hit Let’s Encrypt rate limits.

I’ve added a task to improve this, and get a full test working normally with certificates from their staging environment.