Apache-2.4

httpd 返回“SSLCertificateFile:文件 ‘/var/iwww/certs/msdfw/c.pem’ 不存在或為空”

  • March 14, 2021

所以最近,由於一些問題和東西,我不得不重置我的伺服器。現在,我一直在嘗試重新設置它,但它不適合我。我已httpd成功安裝,它適用於我的網站。但是當我嘗試添加 SSL 證書時,CentOS 居然敢騙我說它不存在。這是journalctl -xe;的輸出

Sep 26 17:00:11 localhost systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
Sep 26 17:00:11 localhost httpd[5579]: AH00526: Syntax error on line 15 of             
/etc/httpd/enabled/msdfw.conf:
Sep 26 17:00:11 localhost httpd[5579]: SSLCertificateFile: file     
'/var/iwww/certs/msdfw/c.pem' does not exist or is empty
Sep 26 17:00:11 localhost systemd[1]: httpd.service: main process exited,     
code=exited, status=1/FAILURE
Sep 26 17:00:11 localhost kill[5581]: kill: cannot find process ""
Sep 26 17:00:11 localhost systemd[1]: httpd.service: control process exited, 
code=exited status=1
Sep 26 17:00:11 localhost systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Sep 26 17:00:11 localhost systemd[1]: Unit httpd.service entered failed state.
Sep 26 17:00:11 localhost systemd[1]: httpd.service failed.

我檢查了文件,它就在那裡。我已經嘗試將所有所有權授予 user apache,我已將其授予 groupapache並將所有權限更改為 777。它都不起作用(並恢復了權限)。我試過了lsof c.pem,但沒有輸出。這是虛擬主機;

<VirtualHost *:80>
   ServerName www.example.com
   ServerAlias example.com
   RewriteEngine on
   RewriteRule ^/?(.*) https://example.com/$1 [R,L]
</VirtualHost>
<VirtualHost *:443>
   ServerName example.com
   DocumentRoot /var/www/msdfw
   ErrorLog /var/iwww/logs/e-msdfw
   CustomLog /var/iwww/logs/c-msdfw combined
   DirectoryIndex index.php
   SSLEngine on
   SSLCertificateFile /var/iwww/certs/msdfw/c.pem
   SSLCertificateKeyFile /var/iwww/certs/msdfw/p.key
   SSLCertificateChainFile /var/iwww/certs/msdfw/b.pem
   <Directory /var/www/msdfw/>
           Require all granted
   </Directory>
</VirtualHost>

我已經安裝mod_ssl了,所以我不認為就是這樣。我已經sudo -u apache cat /var/iwww/certs/msdfw/c.pem檢查它是否可以讀取它,它可以。OpenSSL 可以正確解析證書。所以,我不確定問題是什麼。任何可以提供幫助的人,請伸出援助之手。謝謝!

附加資訊:

  • 作業系統:CentOS Linux 7.4.1708 版
  • 不確定這屬於哪個類別,但它是最小的。

看來我錯了。它與標有system_u或的證書有關unconfined_u。它們必須貼上標籤system_u才能被httpd.

在此處了解如何更改標籤。

我知道這是一個舊執行緒,但我的系統上有類似的問題。我將 OL8 與 Apache 一起用作 Web 伺服器。我所做的一切都行不通。直到我執行了這個命令:

sudo chcon -R -t httpd_config_t letsencrypt/

我的問題是 SELinux 阻止了請求。

需要學習的是,任何需要由 Apache 執行的東西都必須httpd_config_t設置為最低限度。

引用自:https://serverfault.com/questions/875660