View Issue Details

IDProjectCategoryView StatusLast Update
0010847CentOS-7httpdpublic2019-06-01 17:32
Reporterdendory 
PriorityhighSeverityminorReproducibilityalways
Status closedResolutionwon't fix 
Product Version7.2.1511 
Target VersionFixed in Version 
Summary0010847: Apache can't bind to a socket after latest update
DescriptionI updated a CentOS 7 system (yum update) and after the update, httpd wouldn't start anymore. The main issue was this error:

[core:crit] [pid 25440] (22)Invalid argument: AH00069: make_sock: for address [::]:443, apr_socket_opt_set: (IPV6_V6ONLY)
(98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443

For some reason, this line in my httpd.conf didn't work anymore:

Listen 443

I had to replace it with:

Listen 0.0.0.0:443

I'm not sure of the root cause, but several packages including httpd and openssl got updated at once this week. Also, this only happened for 443, not for 80, unsure why. But the only thing that changed between working and non-working was a yum update.
Steps To Reproduce1. Take a CentOS system updated up to May 1st
2. Make sure you have multiple HTTP and HTTPS virtual hosts
3. Run 'yum update'
4. See if your web server is still able to start
TagsNo tags attached.
abrt_hash
URL

Activities

timbtbitc

timbtbitc

2016-05-14 00:23

reporter   ~0026546

Experienced same behavior here. Still have the problem, http wont start. Came immediately following yum update this morning.

Yum update - reboot - httpd wont start.

These are some of the updates installed
 httpd x86_64 2.4.6-40.el7.centos.1 updates 2.7 M
 httpd-tools x86_64 2.4.6-40.el7.centos.1 updates 82 k
 kernel-headers x86_64 3.10.0-327.18.2.el7 updates 3.2 M
 kernel-tools x86_64 3.10.0-327.18.2.el7 updates 2.4 M
 kernel-tools-libs x86_64 3.10.0-327.18.2.el7 updates 2.3 M
 kpartx x86_64 0.4.9-85.el7_2.4 updates 60 k
 libgudev1 x86_64 219-19.el7_2.9 updates 66 k
 mod_ssl x86_64 1:2.4.6-40.el7.centos.1 updates 103 k

Suggested fix above (Listen 0.0.0.0:443) in http.conf did not fix my problem. I do not have a listen statement for port 443 in httpd.conf - ut I tried it,

I have

Listen 443 https

at the top of my 00-ssl.conf file.

Changing the 00-ssl.conf listen to 0.0.0.0:443 didn't fix my issue either.
timbtbitc

timbtbitc

2016-05-14 00:41

reporter   ~0026547

FIXED - my bad - Suggested solution by original poster did work for me.

I had a 00-ssl.conf file and an old ssl.conf file left hanging round from the migration to C7 a little while ago.

These files were identical in content.

both had Listen 443 https

editing 00-ssl.conf to 0.0.0.0:443 had no effect due to the other entry in 00-ssl.conf.

To fix:
removed ssl.conf
edited 00-ssl.conf to 0.0.0.0:443
restarted httpd - all websites returned to service.

2 ssl configuration files - with identical contents..... some embarrassment here.
allella

allella

2017-10-02 05:58

reporter   ~0030274

I had the same errors and effectively the same fix.

Upgraded from Apache/2.4.25 (CentOS) to Apache/2.4.27 (CentOS) and something in the upgrade started failing on the same configuration. Version control confirmed nothing about the conf files changed during the upgrade

My customized conf/httpd.conf had
Listen 443

and then conf.d/ssl.conf had
Listen 443 https

As with the user above, it seems the existence of more than 1 "Listen 443" directive across loaded configuration files will now cause a hard failure.

My failure looked like below.

systemctl start httpd.service || systemctl status httpd.service

systemd[1]: Starting The Apache HTTP Server...
httpd[12138]: (98)Address already in use: AH00072: make_sock: could not bind to address [::]:443
systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
systemd[1]: Failed to start The Apache HTTP Server.
systemd[1]: Unit httpd.service entered failed state.
systemd[1]: httpd.service failed.

and /var/log/httpd/error.log contained
[core:crit] [pid 25440] (22)Invalid argument: AH00069: make_sock: for address [::]:443, apr_socket_opt_set: (IPV6_V6ONLY)

I'll also note another goofy systemd error I encountered as a result of debugging the root issue just in case folks take the same path I did.

I was trying to "restart" Apached with
systemctl reload httpd.service"
and didn't realize it wasn't running, so I got a systemd error
"Job for httpd.service invalid" which simply means the service isn't running and I tried to reload it, whereas a start or restart would be required.
Shannon

Shannon

2017-11-23 23:46

reporter   ~0030643

I was seeing the same error message. Adding a note in case others have the same, easy to fix solution.

My problem was the usage of the :443 port was in our own custom file,
   /etc/httpd/conf.d/my_app.conf

When I updated a new file
   /etc/httpd/conf.d/ssl.conf
was created.

When I started httpd it was trying to load both of these on the same port. I believe the older version I had used only one of these, or perhaps I'd moved ssl.conf out of the way before and never left myself a note!

Anyway hope my little note helps others with the same issue.
notesluke

notesluke

2019-06-01 12:34

reporter   ~0034570

Just registered to say THANKS to Shannon!
Man, you have saved me a lot of wasted time for searching and troubleshooting! Just had to remove the newly created ssl.conf automatically added after the upgrade.
TrevorH

TrevorH

2019-06-01 17:25

manager   ~0034575

Removing the file is the wrong thing to do. If it's missing and there is an update to the package that owns it, it will drop a new copy in there. If you cannot use the file as it is (after all, it does enable SSL for you which is the entire purpose of it) then modify it to comment lines you don't need. It's marked as a config file in the mod_ssl package spec and if the file is modifed but still exists then yum will not replace it.
TrevorH

TrevorH

2019-06-01 17:32

manager   ~0034576

In fact, I'm going to close this issue entirely as all respondents to it appear to be making the same mistake. If you install mod_ssl then it creates /etc/httpd/conf.d/sssl.conf and automatically enables ssl for you. You don't need to add Listen lines in any other files, it's done for you. If you don't want it done in ssl.conf then edit the file and comment it. Do not rm the file, it will only come back.

The /etc/httpd/conf.modules.d/00-ssl.conf file that's mentioned below should exist and should contain a LoadModule line to load mod_ssl. If its contents is the same as /etc/httpd/conf.d/ssl.conf then someone made a mistake and copied the wrong content in there. There should be no Listen line in that file at all.

allella: we don't ship apache httpd 2.4.26 or 27, ours is 2.4.6 so if you installed a non-2.4.6 version then it isn't from us and you should report bugs in it to its authors not here.

Issue History

Date Modified Username Field Change
2016-05-13 15:48 dendory New Issue
2016-05-14 00:23 timbtbitc Note Added: 0026546
2016-05-14 00:41 timbtbitc Note Added: 0026547
2017-10-02 05:58 allella Note Added: 0030274
2017-11-23 23:46 Shannon Note Added: 0030643
2019-06-01 12:34 notesluke Note Added: 0034570
2019-06-01 17:25 TrevorH Note Added: 0034575
2019-06-01 17:32 TrevorH Status new => closed
2019-06-01 17:32 TrevorH Resolution open => won't fix
2019-06-01 17:32 TrevorH Note Added: 0034576