Get error "[error] Illegal attempt to re-initialise SSL for server" in httpd error logs

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux (RHEL)

Issue

  • I see errors similar to below in my httpd error_log:
[error] Illegal attempt to re-initialise SSL for server (theoretically shouldn't happen!)
  • The server will not listen on port 443
  • I have confirmed that SElinux is disabled and that the firewall is not a factor.
  • Apache is not allowing traffic on port 443

Resolution

You need to make sure you are setting SSLEngine On inside of a VirtualHost. You should not set the SSLEngine directive in a global scope [0].

[0] https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslengine

Root Cause

The root cause of this issue occurs when you have SSLEngine On set in a global scope. When you set SSLEngine outside of a VirtualHost, it causes SSLEngine to be enabled by default on all VirtualHosts even if they aren't configured for SSL.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.