Peter Green's picture
Peter Green - Tue, 2020/07/21 - 06:18

Hi,

Since the latest server reboot, the Apache2 service is failing to start, and it appears a python service is holding port 80.

I have been able to get around this so far by killing the python process and manually starting Apache2.

Further investigation indicates this may be part of the dehydrated/letsencrypt update process.

Any idea of rectification steps?

The 'get lets encrypt certificate' works in the confconsole as expected with no apparent errors.

Here are the relevant entries from the syslog:

Jul 21 10:49:20 develop2 systemd[1]: Starting The Apache HTTP Server...
Jul 21 10:49:20 develop2 systemd[1]: Starting Fail2Ban Service...
Jul 21 10:49:20 develop2 systemd[1]: Starting MariaDB 10.1.45 database server...
Jul 21 10:49:20 develop2 systemd[1]: Started Add Water.
Jul 21 10:49:20 develop2 systemd[1]: Starting OpenBSD Secure Shell server...
Jul 21 10:49:20 develop2 systemd[1]: Started Permit User Sessions.
Jul 21 10:49:20 develop2 systemd[1]: Started OpenBSD Secure Shell server.
Jul 21 10:49:20 develop2 vmware-tools[619]:    Checking acpi hot plug#033[71G done
Jul 21 10:49:20 develop2 python[757]: Bottle v0.12.13 server starting up (using WSGIRefServer())...
Jul 21 10:49:20 develop2 python[757]: Listening on http://0.0.0.0:80/
Jul 21 10:49:20 develop2 python[757]: Hit Ctrl-C to quit.
Jul 21 10:49:20 develop2 vmware-tools[619]: Starting VMware Tools services in the virtual machine:
Jul 21 10:49:20 develop2 fail2ban-client[755]: 2020-07-21 10:49:20,728 fail2ban.server         [788]: INFO    Starting Fail2ban v0.9.6
Jul 21 10:49:20 develop2 fail2ban-client[755]: 2020-07-21 10:49:20,729 fail2ban.server         [788]: INFO    Starting in daemon mode
Jul 21 10:49:20 develop2 apachectl[754]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:80
Jul 21 10:49:20 develop2 apachectl[754]: (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80
Jul 21 10:49:20 develop2 apachectl[754]: no listening sockets available, shutting down
Jul 21 10:49:20 develop2 apachectl[754]: AH00015: Unable to open logs
Jul 21 10:49:20 develop2 apachectl[754]: Action 'start' failed.
Jul 21 10:49:20 develop2 apachectl[754]: The Apache error log may have more information.
Jul 21 10:49:20 develop2 systemd[1]: apache2.service: Control process exited, code=exited status=1
Jul 21 10:49:20 develop2 systemd[1]: Failed to start The Apache HTTP Server.
Jul 21 10:49:20 develop2 systemd[1]: apache2.service: Unit entered failed state.
Jul 21 10:49:20 develop2 systemd[1]: apache2.service: Failed with result 'exit-code'.

Thanks

Peter

Forum: 
Support
Tags: 
apache
letsencrypt
Jeremy Davis's picture

Jeremy Davis - Tue, 2020/07/21 - 07:01

It was an oversight on our behalf when we released the updated v1.1.1 Confconsole update that addressed the Let's Encrypt update problems. As you note, the issue only occurs when you reboot.

FWIW we did release a v1.1.2 Confconsole update to address the issue but you don't actually need to install that if you don't want. All you need to do is apply the fix manually.

The fix is to simply disable the "add-water" service. That means that it can still be manually started by the Let's Encrypt auto cert update, but won't automatically start at boot. Disable it like this:

systemctl disable add-water

Note that applying the above fix is idempotent and won't have any negative effect on any server that has already had the fix applied and/or doesn't need it. New v16.x servers shouldn't be effected.

Peter Green's picture

Peter Green - Tue, 2020/07/21 - 07:16

I have tested this and it has fixed the problem, thanks for the quick response.

Peter

Add new comment