J Henselmans

Q: Apache does not work after server 5.0.3 upgrade

I am having trouble getting basic services to work after the upgrade to Server 5.0.3 (what's new after a Server upgrade...).

 

This time it is Apache that does not want to work. The SSL server for the local server (the one that does the login for the users, the profilemanager etc) does not show up.

 

Reason seems to be that the proxy server that connects to the 'real' server has somehow lost its certifcates, as we can see in the settings in

/Library/Server/Web/Config/Proxy/apache_serviceproxy.conf.

 

Under

 

<VirtualHost *:443> and <VirtualHost *:8443>

 

I find:

 

  SSLCertificateFile "PATH_PLACEHOLDER.cert.pem"

   SSLCertificateKeyFile "PATH_PLACEHOLDER.key.pem"

   SSLCertificateChainFile "PATH_PLACEHOLDER.chain.pem"

 

Does anyone know how to replace these things with sensible values?

 

Kind regards,

Johan Henselmans

Server, OS X Server

Posted on Sep 17, 2015 2:11 AM

Close

Q: Apache does not work after server 5.0.3 upgrade

  • All replies
  • Helpful answers

Page 1 of 3 last Next
  • by J Henselmans,Helpful

    J Henselmans J Henselmans Sep 17, 2015 4:04 AM in response to J Henselmans
    Level 1 (30 points)
    Sep 17, 2015 4:04 AM in response to J Henselmans

    For those who encounter the same problem:

    In /etc/certificates you will find a certificate threesome or foursome that are created the moment the new server app started:

    In my case these were

    /etc/certificates/whatawasteoftime.timerot.nl.31351B0BF653C1EE074C25066C9AF367AB 3456A2.cert.pem

    /etc/certificates/whatawasteoftime.timerot.nl.31351B0BF653C1EE074C25066C9AF367AB3456A2.key.pem

    /etc/certificates/whatawasteoftime.timerot.nl.31351B0BF653C1EE074C25066C9AF367AB3456A2.chain.pem

    /etc/certificates/whatawasteoftime.timerot.nl.31351B0BF653C1EE074C25066C9AF367AB3456A2.concat.pem


    Everywhere in /Library/Server/Web/Config/Proxy/apache_serviceproxy.conf where you find

       SSLCertificateFile "PATH_PLACEHOLDER.cert.pem"

       SSLCertificateKeyFile "PATH_PLACEHOLDER.key.pem"

       SSLCertificateChainFile "PATH_PLACEHOLDER.chain.pem"


    Replace these with the cerificate threesome that you will find in /etc/cerficates.

    In my case that ended up with


        SSLCertificateFile "/etc/certificates/whatawasteoftime.timerot.nl.31351B0BF653C1EE074C25066C9AF367AB3456A2.cert.pem"

        SSLCertificateKeyFile "/etc/certificates/whatawasteoftime.timerot.nl.31351B0BF653C1EE074C25066C9AF367AB3456A2.key.pem"

        SSLCertificateChainFile "/etc/certificates/whatawasteoftime.timerot.nl.31351B0BF653C1EE074C25066C9AF367AB3456A2.chain.pem"


    Then, after a reboot everything was well again. ProfileManager came up, the websites that were on the machine were reachable, as well as all the other services.


    I found out what the culprit was after installing the new Server app on a pristine machine. Of course everything worked there as it should. 


    Another few hours well spent in debugging Apples quality control!

    Thank you Apple, for such a cheap server solution!


    Kind Regards,

    Johan Henselmans

  • by pudeyan,

    pudeyan pudeyan Sep 17, 2015 5:30 AM in response to J Henselmans
    Level 1 (0 points)
    Sep 17, 2015 5:30 AM in response to J Henselmans

    Thank you a lot! I replaces placeholders in all virtual hosts and it worked for me.  It's actually enough to turn Off and On switch on Websites pane in Server App instead of rebooting machine.

  • by mjwybrow,

    mjwybrow mjwybrow Sep 17, 2015 6:49 AM in response to J Henselmans
    Level 1 (0 points)
    Sep 17, 2015 6:49 AM in response to J Henselmans

    Thanks.  This fixed the issue for me too and saved a lot of time searching.  Much appreciated.

  • by KRIBkia,

    KRIBkia KRIBkia Sep 17, 2015 7:29 AM in response to J Henselmans
    Level 1 (2 points)
    Sep 17, 2015 7:29 AM in response to J Henselmans

    This didn't work for me. I have the right certs. in the proxy file.

     

    The issue I'm having is that the Web service is working fine, but I'm getting 'too many redirects' when trying to access an https site on the server. none https works just fine.

     

    For now I just redirected to a non secure site, but this is far from ideal, but it's a work around to make sure the sites are at least running.

     

    I have checked my .htaccess files and even stripped them down all the way to nothing, and still getting the same issue.

  • by natesimons,

    natesimons natesimons Sep 17, 2015 8:51 AM in response to J Henselmans
    Level 1 (0 points)
    Sep 17, 2015 8:51 AM in response to J Henselmans

    This didn't work for me. I found the exact spots and stuff in where it asked for it, but my profile manager still will not come up.  Seems like I have this issue everytime there is a Server update.

    Everything else seems to be working great....just all of my profiles are coming up (and my profile manager never starts).

  • by MacGuyDVD,

    MacGuyDVD MacGuyDVD Sep 17, 2015 10:29 AM in response to KRIBkia
    Level 1 (0 points)
    Sep 17, 2015 10:29 AM in response to KRIBkia

    Have you had any success? I am having this same issue with "too many redirects" but only with the https site.

  • by FL_MacTech,

    FL_MacTech FL_MacTech Sep 17, 2015 11:02 AM in response to MacGuyDVD
    Level 2 (230 points)
    Sep 17, 2015 11:02 AM in response to MacGuyDVD

    It appears after the upgrade ports 80 and 443 are not open in my situation. I tested disabling the the built in firewall with no success.

  • by wivaku,

    wivaku wivaku Sep 17, 2015 12:28 PM in response to J Henselmans
    Level 1 (4 points)
    Sep 17, 2015 12:28 PM in response to J Henselmans

    Thanks Johan! Such a bad quality. Again and again.

    In addition I had to disable an re-enable PHP, as the PHP apps were served as plain text.

  • by .kyle,

    .kyle .kyle Sep 17, 2015 12:29 PM in response to FL_MacTech
    Level 1 (0 points)
    Sep 17, 2015 12:29 PM in response to FL_MacTech

    It also appears that ports 80 and 443 are closed for me. I did replace the placeholder certs but still have the same issue.

  • by FL_MacTech,

    FL_MacTech FL_MacTech Sep 17, 2015 12:45 PM in response to .kyle
    Level 2 (230 points)
    Sep 17, 2015 12:45 PM in response to .kyle

    The way I got around this was to remove the /Library/Server, /var/servermangerd, and Server.app. I then replaced the Server.app with version 4.x and all of my web services returned. YMMV be careful.

  • by natesimons,

    natesimons natesimons Sep 17, 2015 12:59 PM in response to J Henselmans
    Level 1 (0 points)
    Sep 17, 2015 12:59 PM in response to J Henselmans

    Best solution I was given was to just go back to the previous version. No issues and I'm back up and running again.

  • by .kyle,

    .kyle .kyle Sep 17, 2015 1:08 PM in response to FL_MacTech
    Level 1 (0 points)
    Sep 17, 2015 1:08 PM in response to FL_MacTech

    Rolled back to 4.x and everything's working again. Not quite ready for prime-time yet it seems.

  • by Lopezzi,

    Lopezzi Lopezzi Sep 17, 2015 1:23 PM in response to J Henselmans
    Level 1 (5 points)
    Sep 17, 2015 1:23 PM in response to J Henselmans

    I'm having problems with Apache too after the upgrade.  For me, it appears httpd is listening on ports 34580 and 34543 instead of 80 and 443.  You can see what it's listening to by running:

     

    sudo lsof -P -n -iTCP -sTCP:LISTEN | grep httpd

     

    When I run this I get:

     

    httpd     6043            root    4u  IPv4 0x316f7d7762ffd843      0t0  TCP 127.0.0.1:34580 (LISTEN)

    httpd     6043            root    5u  IPv4 0x316f7d7763184f73      0t0  TCP 127.0.0.1:34543 (LISTEN)

    httpd     6047            _www    4u  IPv4 0x316f7d7762ffd843      0t0  TCP 127.0.0.1:34580 (LISTEN)

    httpd     6047            _www    5u  IPv4 0x316f7d7763184f73      0t0  TCP 127.0.0.1:34543 (LISTEN)

     

    My http.conf file shows apache should be listening on 80 but it's not for some reason.  If I go to localhost:34580 I get the correct page, but not on just localhost.  Anybody know where it's getting it's configuration from now?

  • by Lopezzi,

    Lopezzi Lopezzi Sep 17, 2015 1:49 PM in response to Lopezzi
    Level 1 (5 points)
    Sep 17, 2015 1:49 PM in response to Lopezzi

    Well, scratch that.  After running the cert commands up top, it seems to be working now.  When I run the command now, it shows a whole ton of IPv6 listening ports now, but everything is working now, so I guess I'm good?  Thanks Henselmans!

Page 1 of 3 last Next