How to Fix “Invalid command ‘SSLEngine'” Error After Apache Reinstall on CentOS


4 views

When working with CentOS servers, many administrators face this peculiar situation: after reinstalling Apache, they encounter the "Invalid command 'SSLEngine'" error despite never intentionally configuring SSL. The error typically appears in files under /usr/local/psa/admin/conf/generated/ with messages like:

Syntax error on line 94 of /usr/local/psa/admin/conf/generated/13636697550.95452800_server.include:
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration

The root cause is simpler than you might think. During Apache reinstallation, the default configuration might not include the mod_ssl module, which provides SSL/TLS support. Many control panels (like Plesk in this case) generate configuration files assuming SSL capability exists.

Here's how to properly fix this:

# Install mod_ssl
yum install mod_ssl

# Verify the module is loaded
apachectl -M | grep ssl

# Restart Apache
systemctl restart httpd

If you're certain you don't need SSL, you can disable the SSL directives in the generated configuration files. Locate the problematic include files and comment out or remove any SSLEngine directives:

# Example of editing the include file
sed -i 's/^SSLEngine/#SSLEngine/' /usr/local/psa/admin/conf/generated/*_server.include

After applying the fix, always verify your configuration:

# Test Apache configuration
apachectl configtest

# Check for syntax errors
apachectl -t

# View loaded modules
apachectl -M

To avoid similar problems when reinstalling Apache, always include these packages:

yum install httpd mod_ssl

For Plesk servers specifically, you might need to run:

plesk repair web

When you encounter the "Invalid command 'SSLEngine'" error after reinstalling Apache on CentOS, it typically indicates a missing SSL module. The error occurs because:

  • The mod_ssl module isn't loaded in Apache's configuration
  • SSL directives appear in your configuration files despite the module being absent
  • The module was present before reinstallation but wasn't reinstalled properly

First verify if mod_ssl is installed:

httpd -M | grep ssl_module

If no output appears, you'll need to install the module. For CentOS 7:

yum install mod_ssl

For CentOS 8/RHEL 8:

dnf install mod_ssl

After reinstalling Apache, legacy configurations might remain. Check these locations:

/etc/httpd/conf.d/ssl.conf
/usr/local/psa/admin/conf/generated/*_server.include
/etc/httpd/conf/httpd.conf

Example of a proper SSL configuration block:

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /path/to/cert.pem
    SSLCertificateKeyFile /path/to/key.pem
    # Other directives...
</VirtualHost>

Ensure the module loads correctly by adding (if not present):

LoadModule ssl_module modules/mod_ssl.so

Then restart Apache:

systemctl restart httpd

Case 1: Plesk environments often generate configurations automatically. Run:

plesk repair web

Case 2: If using custom compilations, verify the module was included during build:

httpd -V | grep -i ssl

Case 3: For SELinux contexts (common in CentOS):

restorecon -Rv /etc/httpd/

Always maintain a backup of your configuration before modifications:

cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak

Consider using configuration management tools like Ansible for reliable reinstalls:

- name: Ensure Apache with SSL
  yum:
    name: [httpd, mod_ssl]
    state: present