Hello,
I have a rather wierd question about Apache Directives Configuration.
I am running Ubuntu Linux Server and my Apache Tree looks like this:
server [/etc/apache2] # tree
.
├── apache2.conf
├── apache2.conf.dpkg-old
├── apache2.conf.in
├── conf-available
│ ├── charset.conf
│ ├── _javascript_-common.conf
│ ├── localized-error-pages.conf
│ ├── other-vhosts-access-log.conf
│ ├── phpmyadmin.conf -> ../../phpmyadmin/apache.conf
│ ├── security.conf
│ └── serve-cgi-bin.conf
├── conf-enabled
│ ├── charset.conf -> ../conf-available/charset.conf
│ ├── client-dirs.conf
│ ├── _javascript_-common.conf -> ../conf-available/_javascript_-common.conf
│ ├── localized-error-pages.conf -> ../conf-available/localized-error-pages.conf
│ ├── other-vhosts-access-log.conf -> ../conf-available/other-vhosts-access-log.conf
│ ├── phpmyadmin.conf -> ../conf-available/phpmyadmin.conf
│ ├── security.conf -> ../conf-available/security.conf
│ └── serve-cgi-bin.conf -> ../conf-available/serve-cgi-bin.conf
├── conf-local
│ ├── htdirs.conf
│ ├── htpasswd
│ ├── htpasswd4laszlo
│ └── htpasswd4project
├── envvars
├── magic
├── mods-available
│ ├── access_compat.load
│ ├── actions.conf
│ ├── actions.load
│ ├── alias.conf
│ ├── alias.load
│ ├── allowmethods.load
│ ├── asis.load
│ ├── auth_basic.load
│ ├── auth_digest.load
│ ├── auth_form.load
│ ├── authn_anon.load
│ ├── authn_core.load
│ ├── authn_dbd.load
│ ├── authn_dbm.load
│ ├── authn_file.load
│ ├── authn_socache.load
│ ├── authnz_fcgi.load
│ ├── authnz_ldap.load
│ ├── authz_core.load
│ ├── authz_dbd.load
│ ├── authz_dbm.load
│ ├── authz_groupfile.load
│ ├── authz_host.load
│ ├── authz_owner.load
│ ├── authz_user.load
│ ├── autoindex.conf
│ ├── autoindex.load
│ ├── buffer.load
│ ├── cache_disk.conf
│ ├── cache_disk.load
│ ├── cache.load
│ ├── cache_socache.load
│ ├── cgid.conf
│ ├── cgid.load
│ ├── cgi.load
│ ├── charset_lite.load
│ ├── data.load
│ ├── dav_fs.conf
│ ├── dav_fs.load
│ ├── dav.load
│ ├── dav_lock.load
│ ├── dbd.load
│ ├── deflate.conf
│ ├── deflate.load
│ ├── dialup.load
│ ├── dir.conf
│ ├── dir.load
│ ├── dump_io.load
│ ├── echo.load
│ ├── env.load
│ ├── expires.load
│ ├── ext_filter.load
│ ├── file_cache.load
│ ├── filter.load
│ ├── headers.load
│ ├── heartbeat.load
│ ├── heartmonitor.load
│ ├── ident.load
│ ├── include.load
│ ├── info.conf
│ ├── info.load
│ ├── lbmethod_bybusyness.load
│ ├── lbmethod_byrequests.load
│ ├── lbmethod_bytraffic.load
│ ├── lbmethod_heartbeat.load
│ ├── ldap.conf
│ ├── ldap.load
│ ├── log_debug.load
│ ├── log_forensic.load
│ ├── lua.load
│ ├── macro.load
│ ├── mime.conf
│ ├── mime.load
│ ├── mime_magic.conf
│ ├── mime_magic.load
│ ├── mpm_event.conf
│ ├── mpm_event.load
│ ├── mpm_prefork.conf
│ ├── mpm_prefork.load
│ ├── mpm_worker.conf
│ ├── mpm_worker.load
│ ├── negotiation.conf
│ ├── negotiation.load
│ ├── php5.6.conf
│ ├── php5.6.load
│ ├── php7.0.conf
│ ├── php7.0.load
│ ├── php7.1.conf
│ ├── php7.1.load
│ ├── php7.2.conf
│ ├── php7.2.load
│ ├── php7.3.conf
│ ├── php7.3.load
│ ├── php7.4.conf
│ ├── php7.4.load
│ ├── php8.0.conf
│ ├── php8.0.load
│ ├── proxy_ajp.load
│ ├── proxy_balancer.conf
│ ├── proxy_balancer.load
│ ├── proxy.conf
│ ├── proxy_connect.load
│ ├── proxy_express.load
│ ├── proxy_fcgi.load
│ ├── proxy_fdpass.load
│ ├── proxy_ftp.conf
│ ├── proxy_ftp.load
│ ├── proxy_html.conf
│ ├── proxy_html.load
│ ├── proxy_http.load
│ ├── proxy.load
│ ├── proxy_scgi.load
│ ├── proxy_wstunnel.load
│ ├── ratelimit.load
│ ├── reflector.load
│ ├── remoteip.load
│ ├── reqtimeout.conf
│ ├── reqtimeout.load
│ ├── request.load
│ ├── rewrite.load
│ ├── sed.load
│ ├── session_cookie.load
│ ├── session_crypto.load
│ ├── session_dbd.load
│ ├── session.load
│ ├── setenvif.conf
│ ├── setenvif.load
│ ├── slotmem_plain.load
│ ├── slotmem_shm.load
│ ├── socache_dbm.load
│ ├── socache_memcache.load
│ ├── socache_shmcb.load
│ ├── speling.load
│ ├── ssl.conf
│ ├── ssl.load
│ ├── status.conf
│ ├── status.load
│ ├── substitute.load
│ ├── suexec.load
│ ├── unique_id.load
│ ├── userdir.conf
│ ├── userdir.load
│ ├── usertrack.load
│ ├── vhost_alias.load
│ └── xml2enc.load
├── mods-enabled
│ ├── access_compat.load -> ../mods-available/access_compat.load
│ ├── alias.conf -> ../mods-available/alias.conf
│ ├── alias.load -> ../mods-available/alias.load
│ ├── auth_basic.load -> ../mods-available/auth_basic.load
│ ├── authn_core.load -> ../mods-available/authn_core.load
│ ├── authn_file.load -> ../mods-available/authn_file.load
│ ├── authz_core.load -> ../mods-available/authz_core.load
│ ├── authz_host.load -> ../mods-available/authz_host.load
│ ├── authz_user.load -> ../mods-available/authz_user.load
│ ├── autoindex.conf -> ../mods-available/autoindex.conf
│ ├── autoindex.load -> ../mods-available/autoindex.load
│ ├── deflate.conf -> ../mods-available/deflate.conf
│ ├── deflate.load -> ../mods-available/deflate.load
│ ├── dir.conf -> ../mods-available/dir.conf
│ ├── dir.load -> ../mods-available/dir.load
│ ├── env.load -> ../mods-available/env.load
│ ├── filter.load -> ../mods-available/filter.load
│ ├── headers.load -> ../mods-available/headers.load
│ ├── mime.conf -> ../mods-available/mime.conf
│ ├── mime.load -> ../mods-available/mime.load
│ ├── mpm_prefork.conf -> ../mods-available/mpm_prefork.conf
│ ├── mpm_prefork.load -> ../mods-available/mpm_prefork.load
│ ├── negotiation.conf -> ../mods-available/negotiation.conf
│ ├── negotiation.load -> ../mods-available/negotiation.load
│ ├── php5.6.conf -> ../mods-available/php5.6.conf
│ ├── php5.6.load -> ../mods-available/php5.6.load
│ ├── rewrite.load -> ../mods-available/rewrite.load
│ ├── setenvif.conf -> ../mods-available/setenvif.conf
│ ├── setenvif.load -> ../mods-available/setenvif.load
│ ├── socache_dbm.load -> ../mods-available/socache_dbm.load
│ ├── socache_memcache.load -> ../mods-available/socache_memcache.load
│ ├── socache_shmcb.load -> ../mods-available/socache_shmcb.load
│ ├── ssl.conf -> ../mods-available/ssl.conf
│ ├── ssl.load -> ../mods-available/ssl.load
│ ├── status.conf -> ../mods-available/status.conf
│ ├── status.load -> ../mods-available/status.load
│ ├── userdir.conf -> ../mods-available/userdir.conf
│ └── userdir.load -> ../mods-available/userdir.load
├── ports.conf
├── sites-available
│ ├── 000-default.conf
│ └── default-ssl.conf
└── sites-enabled
├── 000-default.conf -> ../sites-available/000-default.conf
└── default-ssl.conf -> ../sites-available/default-ssl.conf
7 directories, 212 files
Now, the problem is:
One of my config files is /etc/apache2/mods-enabled/userdir.conf
It has this contents:
[Begin File contents]
<IfModule mod_userdir.c>
UserDir public_html
UserDir disabled root
<Directory /home/adam/public_html>
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Require all granted
</Limit>
<LimitExcept GET POST OPTIONS>
Require all denied
</LimitExcept>
php_admin_value open_basedir /home/adam/public_html:/tmp
</Directory>
[End File contents]
The problem I noticed is that "</IfModule>" was absent from this file.
So the <IfModule> at the beginning of this file was not properly closed.
The mod_userdir module is always loaded and running. This is the intended setting.
Restating the webserver (and retaining this configuration) did not yield any problems.
However, requesting a certificate with Let's Encrypt's certbot revealed this issue because certbot performed an analysis on Apache's configuration files before renewing this certificate and found this problem.
After I properly closed the IfModule with "</IfModule>" and restarted the webserver certbot worked again.
Of course, Apache also worked.Now, my question is:
What could this have affected ? The lack of "</IfModule>" at the end of the "userdir" module.
(I am permanently using and loaded the UserDir Module because I needed. So the "IF" condition is a perfect TRUE, for my server.)
Could have impacted something else ?I don't know how many other modules or directives loads Apache into memory on startup...
Is it possible that everything it loaded after this file could be "under the influence" of <IfModule mod_userdir.c> because it was not properly closed ?
(In this case, perhaps Apache found another <IfModule> or <VirtualHost> along the way and nested it inside my unclosed <IfModule> ?)I am concerned about security risks, not loading of other configs properly or some other wierd combination that messes up my configs.... I have htaccess statements and security measures I put in place in my configs, as this server is used by tens of users.
Also, Apache should have reported this unclosed <IfModule> on restart. I don't know why it didn't.
I know Apache reads configuration files in a specific order based on a combination of directories, filenames, and inclusion rules, however I don't know how a missing IfModule closure tag can affect other things...
If someone can help me... if an Apache developer or someone that understands these things perfectly knows what can I expect from this situation, please advise...
Thank you.
-- Cu stima, Adam Mihai Gergely Informatician www.infosky.ro