Saturday, June 15, 2013

Error starting Apache (httpd) - Configuration files not readable

Here is an interesting issue I ran into today while setting up a new VM. I had copied the Apache conf file and SSL/TLS certificate files onto my new server as root using wget. All of the file's ownerships and permissions looked right and I thought I was ready to go. Then I ran into these two misleading errors:

Could not open configuration file /etc/httpd/conf.d/ssl.conf: Permission denied

and

SSLCertificateFile: file '/etc/pki/tls/certs/mydomain.com.crt' does not exist or is empty

Contrary to what Apache reported, the ssl.conf file did have the correct permissions and the crt file did exist and had contents. So what gives? Our trusty SELinux friend is at it again, it seems. Because I had copied these files in from somewhere else, SELinux was detecting something off. It is an easy fix, though. Just run this command, specifing each of the files above:

restorecon -v /etc/httpd/conf.d/ssl.conf

and

restorecon -Rv /etc/pki/tls/certs/

That -R is for "recursive" and it means I want it to do the whole directory.

After fixing up the SELinux permissions for these files I brought in, everything started up just fine!