Home>

TLS version support has ended and we are in the process of migrating the server.
Migrate the SSL certificate, httpd.conf, etc. from the previous server to the new server,
When I ran systemctl restart httpd, I got an error.
I'm in trouble because I don't know what caused it.

Error message
[root @ ~] systemctl restart httpd
Job for httpd.service failed because the control process exited with error code.
See "systemctl status httpd.service" and "journalctl -xe" for details.
[root @ ~] systemctl status httpd.service
● httpd.service --The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service;enabled;vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/httpd.service.d
           └─php-fpm.conf
   Active: failed (Result: exit-code) since Fri 2020-11-27 11:44:53 JST;56s ago
     Docs: man: httpd.service (8)
  Process: 543304 ExecReload =/usr/sbin/httpd $OPTIONS -k graceful (code = exited, status = 0/SUC>Process: 556613 ExecStart =/usr/sbin/httpd $OPTIONS -DFOREGROUND (code = exited, status = 1/FAI>Main PID: 556613 (code = exited, status = 1/FAILURE)
   Status: "Reading configuration ..."
Nov 27 11:44:53 web06.xx.com systemd [1]: Starting The Apache HTTP Server ...
Nov 27 11:44:53 web06.xx.com systemd [1]: httpd.service: Main process exited, code = exi>Nov 27 11:44:53 web06.xx.com systemd [1]: httpd.service: Failed with result'exit-code>Nov 27 11:44:53 web06.xx.com systemd [1]: Failed to start The Apache HTTP Server.
[root @ ~] journalctl -xe
--Unit sysstat-collect.service has finished starting up.
-
--The start-up result is done.
Nov 27 11:44:34 web06.xx.com postfix/smtpd [556608]: connect from unknown [193.169.254.107]>Nov 27 11:44:35 web06.xx.com postfix/smtpd [556608]: lost connection after AUTH from unknown [193.169.254.107]>Nov 27 11:44:35 web06.xx.com postfix/smtpd [556608]: disconnect from unknown [193.169.2254.107] ehlo = 1 auth = 0/1 commands = 1/2>Nov 27 11:44:53 web06.xx.com systemd [1]: Starting The Apache HTTP Server ...
--Subject: Unit httpd.service has begun start-up
--Define-By: systemd
--Support: https://access.redhat.com/support
-
--Unit httpd.service has begun starting up.
Nov 27 11:44:53 web06.xx.com systemd [1]: httpd.service: Main process exited, code = exited, status = 1/FAILURE
Nov 27 11:44:53 web06.xx.com systemd [1]: httpd.service: Failed with result'exit-code'.
Nov 27 11:44:53 web06.xx.com systemd [1]: Failed to start The Apache HTTP Server.
--Subject: Unit httpd.service has failed
--Define-By: systemd
--Support: https://access.redhat.com/support
-
--Unit httpd.service has failed.
-
--The result is failed.
//error.log (log specified in httpd.conf)
AH01232: suEXEC mechanism enabled (wrapper:/usr/sbin/suexec)
//error.log (log specified in ssl.conf
 [ssl: emerg] [pid 556664] SSL Library Error: error: 140AD009: SSL routines: SSL_CTX_use_certificate_file: PEM lib
Corresponding source code
# httpd.conf
ServerRoot "/ etc/httpd"
PidFile run/httpd.pid
Timeout 30
KeepAlive On
#KeepAlive Off
MaxKeepAliveRequests 90
KeepAliveTimeout 2<IfModule prefork.c>StartServers 50
MinSpareServers 50
MaxSpareServers 50
ServerLimit 250
MaxClients 250
MaxRequestsPerChild 2000</IfModule>Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin [email protected]
ServerName localhost: 80
ExtendedStatus On
ServerTokens Prod
ServerSignature Off
UseCanonicalName Off
TraceEnable Off
FileETag None
DocumentRoot "/ var/www/html"<Directory />  Options FollowSymLinks
    AllowOverride None
    Order deny, allow
    Deny from all</Directory>DirectoryIndex index.php index.cgi index.shtml index.html
AccessFileName .htaccess<Files ~ "^ \ .ht">  Order allow, deny
    Deny from all</Files><Files ~ "^ wp-* \ .php">  Order allow, deny
    Deny from all</Files><Files ~ "^ xmlrpc \ .php">  Order allow, deny
    Deny from all</Files>TypesConfig /etc/mime.types
# DefaultType text/plain<IfModule mod_mime_magic.c>  MIMEMagicFile conf/magic</IfModule>HostnameLookups Off
ErrorLog /home/www/log/error.log
LogLevel warn
LogFormat "% h% l% u% t \"% r \ "%>s% b \"% {Referer} i \ "\"% {User-Agent} i \ "% v" combined
LogFormat "% h% l% u% t \"% r \ "%>s% b" common
LogFormat "% {Referer} i->% U" referer
LogFormat "% {User-agent} i" agent
SetEnvIfNoCase Request_URI "\. (Gif | jpg | jpeg | png | svg | swf | cur | ico | js | css | eot | ttf | woff | woff2) $" no_log
SetEnvIf Remote_Addr "^ 127.0.0.1" no_log
CustomLog /home/www/log/access.log combined
RedirectMatch gone ^/apple-touch-icon *
AddLanguage ca .ca
・
・
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
ForceLanguagePriority Prefer Fallback
AddDefaultCharset Off
AddType application/x-tar .tgz
AddEncoding x-compress .Z
AddEncoding x-gzip .gz .tgz
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddHandler cgi-script .cgi
AddHandler type-map var
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias ​​/ error/"/ var/www/error /"<IfModule mod_negotiation.c><IfModule mod_include.c><Directory "/ var/www/error">AllowOverride None
        Options IncludesNoExec
        AddOutputFilter Includes html
        AddHandler type-map var
        Order allow, deny
        Allow from all
        LanguagePriority en es de fr
        ForceLanguagePriority Prefer Fallback
  </Directory></IfModule></IfModule>BrowserMatch "Mozilla/2" nokeepalive
・
・<Location/server-status>  SetHandler server-status
    Order deny, allow
    Deny from all
    Allow from 127.0.0.1
    Allow from 211.XX.XX.XX</Location>
# XX.co.jp.conf
# TEMP
<DirectoryMatch "/home/www/xx.co.jp/www/data">    Header set Pragma no-cache</DirectoryMatch><VirtualHost xx.co.jp: 443>ServerName xx.co.jp
  RewriteEngine On
  RewriteCond% {HTTP_HOST} ^ www.xx.co.jp
#RewriteRule ^/(. *) $Https://xx.co.jp/$1 [R, NE, L]
  RewriteRule ^/(. *) $Http://xx.co.jp/$1 [R = 302,NE, L]
# TEMP
  RewriteCond% {REMOTE_ADDR}! ^ 127 \ .0 \ .0 \ .1 $
  RewriteCond% {HTTPS} on
  RewriteCond% {SERVER_PORT} 443
  RewriteRule ^/(. *) $Http://xx.co.jp/$1 [R = 302,NE, L]
  ServerAdmin info[email protected]
  DocumentRoot "/home/www/xx.co.jp/www/data"
  CustomLog "|/usr/sbin/rotatelogs /home/www/xx.co.jp/www/log/access_log.%Y%m%d 86400 540" combined env =! no_log
  ErrorLog "|/usr/sbin/rotatelogs /home/www/xx.co.jp/www/log/error_log.%Y%m%d 86400 540"
  LogLevel rewrite: trace1
  SSLEngine On
<pre><code data-language = "conf"># ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
#SSLSessionCache dc: UNIX:/var/cache/mod_ssl/distcache
SSLSessionCache shmcb:/var/cache/mod_ssl/scache (512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite RSA + xxx
SSLCertificateKeyFile /etc/httpd/conf/certs/wildcard.bb-f.net_2020.key.pem
SSLCertificateFile /etc/httpd/conf/certs/wildcard.bb-f.net_2020.crt
SSLCertificateChainFile /etc/httpd/conf/certs/FujiSSxxx.ca
Supplementary information (FW/tool version, etc.)

apache 2.4.37
cent os 8.2