Bug#1125111: apache2: Apache2 won't start, error "Read-only file system: AH10082: Can't change owner of /etc/apache2/md/challenges"
Package: apache2
Version: 2.4.66-2+b1
Severity: grave
Justification: renders package unusable
* What led up to the situation?
I updated to 2.4.65-4 in Testing.
* What was the outcome of this action?
The server won't start and the following error is logged
[:error] ... (30)Read-only file system: AH10082: Can't change owner of
/etc/apache2/md/challenges
[md:error] ... (30)Read-only file system: AH10047: setup challenges directory
AH00016: Configuration Failed
The cause? This, from NEWS.Debian.gz
ProtectSystem is set to full by default;
this mounts various system paths like /usr, /boot and
/etc as read-only, enhancing overall system integrity.
/etc/ is mounted read-only but apache module mod_md (included in package
apache2) seems to need to write to /etc/apache2/md/challenges/). Maybe I should
mention that I use Let's Encrypt certificates
By the way, according to https://httpd.apache.org/docs/2.4/mod/mod_md.html
"This module requires mod_watchdog to be loaded as well"
I haven't been able to find mod_watchdog in the Testing repository. Is that
information obsolete?
I'm filing this against apache2 because mod_md is included in that package.
-- System Information:
Debian Release: forky/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.17.13+deb14-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apache2 depends on:
ii apache2-bin 2.4.66-2+b1
ii apache2-data 2.4.66-2
ii apache2-utils 2.4.66-2+b1
ii init-system-helpers 1.69
ii media-types 14.0.0
ii perl 5.40.1-7
ii procps 2:4.0.4-9
Versions of packages apache2 recommends:
ii ssl-cert 1.1.3
Versions of packages apache2 suggests:
pn apache2-doc <none>
pn apache2-suexec-pristine | apache2-suexec-custom <none>
ii chromium [www-browser] 143.0.7499.169-1
ii firefox-esr [www-browser] 140.5.0esr-1
ii google-chrome-stable [www-browser] 143.0.7499.192-1
ii lynx [www-browser] 2.9.2-2
pn ufw <none>
ii w3m [www-browser] 0.5.3+git20230121-2.3
Versions of packages apache2-bin depends on:
ii libapr1t64 1.7.6-3
ii libaprutil1-dbd-sqlite3 1.6.3-4
ii libaprutil1-ldap 1.6.3-4
ii libaprutil1t64 1.6.3-4
ii libbrotli1 1.1.0-2+b9
ii libc6 2.42-6
ii libcrypt1 1:4.5.1-1
ii libcurl4t64 8.18.0~rc3-1
ii libjansson4 2.14-2+b4
ii libldap2 2.6.10+dfsg-1
ii liblua5.4-0 5.4.8-1
ii libnghttp2-14 1.64.0-1.1+b1
ii libpcre2-8-0 10.46-1
ii libssl3t64 3.5.4-1
ii libsystemd0 259-1
ii libxml2-16 2.15.1+dfsg-2+b1
ii perl 5.40.1-7
ii zlib1g 1:1.3.dfsg+really1.3.1-1+b2
Versions of packages apache2-bin suggests:
pn apache2-doc <none>
pn apache2-suexec-pristine | apache2-suexec-custom <none>
ii chromium [www-browser] 143.0.7499.169-1
ii firefox-esr [www-browser] 140.5.0esr-1
ii google-chrome-stable [www-browser] 143.0.7499.192-1
ii lynx [www-browser] 2.9.2-2
ii w3m [www-browser] 0.5.3+git20230121-2.3
Versions of packages apache2 is related to:
ii apache2 2.4.66-2+b1
ii apache2-bin 2.4.66-2+b1
-- Configuration Files:
/etc/apache2/apache2.conf changed [not included]
/etc/apache2/conf-available/security.conf changed [not included]
/etc/apache2/conf-available/serve-cgi-bin.conf [file not found]
/etc/apache2/sites-available/000-default.conf changed [not included]
-- no debconf information
Reply to: