Apache2 fails 2 start after rebooting - after removing file manager and vsftp - AH00072: make_sock: could not bind to address my.domain.com:8443

Hello! I see that my apache2 server does not start after rebooting. I can then start it manually from the control panel and everything works fine.

But I would prefer to find the reason, why apache2 does not start on reboot. Your help is appreciated, I will give more information.

Just before this situation started I removed the FILE MANAGER via control panel and vsfpd via command line on ubuntu 24.

I also removed the rules concerning ports - 20, 21, 990 - all associated with the ftp server. I was trying to secure my machine …

The error.log shows this:

[Mon Apr 28 00:24:53.923933 2025] [ssl:warn] [pid 3284:tid 137180265801600] AH01909: 192.168.186.57:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 28 00:24:53.924075 2025] [suexec:notice] [pid 3284:tid 137180265801600] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Mon Apr 28 00:24:53.935354 2025] [ssl:warn] [pid 3285:tid 137180265801600] AH01909: 192.168.186.57:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 28 00:24:53.936448 2025] [mpm_event:notice] [pid 3285:tid 137180265801600] AH00489: Apache/2.4.58 (Ubuntu) mod_fcgid/2.3.9 OpenSSL/3.0.13 configured -- resuming normal operation
[Mon Apr 28 00:24:53.936469 2025] [core:notice] [pid 3285:tid 137180265801600] AH00094: Command line: '/usr/sbin/apache2'
[Mon Apr 28 00:27:17.464889 2025] [mpm_event:notice] [pid 3285:tid 137180265801600] AH00492: caught SIGWINCH, shutting down gracefully
[Mon Apr 28 00:29:12.495009 2025] [ssl:warn] [pid 3942:tid 137290412447616] AH01909: 192.168.186.57:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 28 00:29:12.495340 2025] [suexec:notice] [pid 3942:tid 137290412447616] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Mon Apr 28 00:29:12.506360 2025] [ssl:warn] [pid 3943:tid 137290412447616] AH01909: 192.168.186.57:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 28 00:29:12.507550 2025] [mpm_event:notice] [pid 3943:tid 137290412447616] AH00489: Apache/2.4.58 (Ubuntu) mod_fcgid/2.3.9 OpenSSL/3.0.13 configured -- resuming normal operation
[Mon Apr 28 00:29:12.507580 2025] [core:notice] [pid 3943:tid 137290412447616] AH00094: Command line: '/usr/sbin/apache2'

++++++++++++

28 Apr 2025 00:29:12 System Service restarted (Name: apache2).
28 Apr 2025 00:24:53 System Service restarted (Name: apache2).
28 Apr 2025 00:05:49 System Service restarted (Name: apache2).
27 Apr 2025 23:33:34 System System configuration value changed (Key: POLICY_USER_VIEW_SUSPENDED, Value: false).
27 Apr 2025 23:33:34 Plugins File Manager disabled.
27 Apr 2025 23:33:34 System System configuration value changed (Key: FILE_MANAGER, Value: false).
27 Apr 2025 23:14:35 System Service restarted (Name: apache2).
27 Apr 2025 23:01:24 Firewall Removed firewall rule (ID: 8).
27 Apr 2025 22:53:44 Firewall Removed IP from ban list (IP: 193.32.162.134, Service: RECIDIVE).
27 Apr 2025 22:53:42 System System restart initiated.
27 Apr 2025 22:47:45 Firewall Banned IP address 209.38.37.108.

++++++++++++

Would be happy to hear what I could do to get apache2 to start on reboot automatically again!

John

Hi @adler93

But that doesn’t show any error.

Check the logs to know what’s going on before you restart/start Apache2 manually. You can reboot and immediately after the reboot:

systemctl status apache2 --no-pager -l

And show the output.

Hi sahsanu,
thanks for kindly engaging with my topic. It seems that the apache2 may not be able to bind to a port, probably because nginx has occupied it. I did as you suggested.

systemctl status apache2 --no-pager -l

Ă— apache2.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Time; Xmin ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 1279 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
        CPU: 37ms

Time IP-adress systemd[1]: Starting apache2.service - The Apache HTTP Server...
Time IP-adress apachectl[1330]: (99)Cannot assign requested address: AH00072: make_sock: could not bind to address 192.168.186.57:8443
Time IP-adress apachectl[1330]: no listening sockets available, shutting down
Time IP-adress apachectl[1330]: AH00015: Unable to open logs
Time IP-adress systemd[1]: apache2.service: Control process exited, code=exited, status=1/FAILURE
Time IP-adress systemd[1]: apache2.service: Failed with result 'exit-code'.
Time IP-adress systemd[1]: Failed to start apache2.service - The Apache HTTP Server.

I see that nginx is on the following ports.

$ sudo netstat -plan | grep nginx
tcp        0      0 127.0.0.1:8084          0.0.0.0:*               LISTEN      1671/nginx: master
tcp        0      0 192.168.186.57:80       0.0.0.0:*               LISTEN      1671/nginx: master
tcp        0      0 0.0.0.0:2083            0.0.0.0:*               LISTEN      1680/nginx: master
tcp        0      0 192.168.186.57:443      0.0.0.0:*               LISTEN      1671/nginx: master
tcp6       0      0 :::2083                 :::*                    LISTEN      1680/nginx: master

I want to add that I edited one thing in the apache2.conf right after Hestia Install. I added this line:

ServerName my.domain.name

This resolved [error AH00558]: Could not reliably determine the server’s fully qualified domain name error message. It worked fine so far.

And I tried this command from the hestia documentation “unable to bind”, but it did not help my issue of the conflict between nginx and apache 2:

sysctl -w net.ipv4.ip_nonlocal_bind=1

Hope this info can help to identify my next best step.

And I want to add, when I asked Google KI why apache2 wishes to connect to port 8443, this was the answer:

Apache 2 might use port 8443 as an alternative HTTPS port, often when the standard port 443 is unavailable or already in use. It's used for secure web communication, encrypting data exchanged between users and servers.

So Nginx is probably also on port 443 - but I imagine this is also the standard case after installation - and apache2 goes to port 8443 instead. So is this port even open? Because when I check if which service is on port 8443, the answer is none.

netstat -tulpn | grep :8443

Returns nothing.

Running: netstat -anp | grep 443
shows that nginx is listening on that port.

Not knowing how hestia organizes the interplay between apache2 and nginx, could it just be a timing issue?
Could I solve it be delaying the start of nginx service to give apache2 more time to start?

Any thoughts appreciated.

Hestia runs NGINX on port 80 / 443
Apache2 8443 / 8080 So that is correct

Is there any other service running on port 8443?

Apparently nothing claims port 8443

Returns nothing at all.

The problem is that Apache wants to bind the port to an address that isn’t yet available.

Try this:

systemctl edit apache2

And add this in the dedicated section:

[Unit]
After=network-online.target
Wants=network-online.target

In context:

### Editing /etc/systemd/system/apache2.service.d/override.conf
### Anything between here and the comment below will become the contents of the drop-in file

[Unit]
After=network-online.target
Wants=network-online.target

### Edits below this comment will be discarded

Save the file and execute this:

systemctl daemon-reload

Once done, reboot the server and check whether apache2 starts automatically.

2 Likes

@sahsanu
Thank you! :smile:

I feel happy because your suggestion worked. I rebooted twice after implementing your path to the solution and - tadda! - apache2 starts and I do not have to care of it starting manually every time - or reinstall hestia from scratch.

Reading about the commands you offered as a solution on an information page, I understand that it fixes the problem - but there is some cautionary note also. I do not worry too much about this, I am not operating a bank.

So - it is my understanding that apache2 now waits until network is “up” before trying to bind to port 8443. Solved.

Network connectivity has been established: network-online.target

network-online.target is a target that actively waits until the network is “up”, where the definition of “up” is defined by the network management software. Usually it indicates a configured, routable IP address of some kind. Its primary purpose is to actively delay activation of services until the network has been set up.

It is an active target, meaning that it may be pulled in by the services requiring the network to be up, but is not pulled in by the network management service itself. By default all remote mounts defined in /etc/fstab make use of this service, in order to make sure the network is up before attempts to connect to a network share are made. Note that normally, if no service requires it and if no remote mount point is configured, this target is not pulled into the boot, thus avoiding any delays during boot should the network not be available. It is strongly recommended not to make use of this target too liberally: for example network server software should generally not pull this in (since server software generally is happy to accept local connections even before any routable network interface is up). Its primary purpose is network client software that cannot operate without network.

For more details about those targets, see the systemd.special(7) man page.

1 Like

You’re welcome.

You shouldn’t be worried at all :slight_smile:

1 Like

:pray: :cowboy_hat_face:

Have a good day/night!

2 Likes