Apache-2.4

SSL 的問題:無法為拍打配置證書

  • December 15, 2020

我的區域網路上有一個自託管的 lubuntu 伺服器,它有一些對我的網路有用的服務(/var/www/html 中的 wordpress、owncloud 和燒瓶應用程序)。問題是幾天前我安裝了一個執行良好的自簽名 ssl 證書,但現在出現以下錯誤:

[Tue Nov 24 10:52:43.773996 2020] [mpm_prefork:notice] [pid 3684] AH00169: caught SIGTERM, shutting down
[Tue Nov 24 10:52:44.050510 2020] [ssl:warn] [pid 3787] AH01906: miservidor.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 24 10:52:44.051147 2020] [ssl:error] [pid 3787] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=example@example.com,CN=miservidor.com,OU=G5fighter IT,O=G5fighter Inc,L=Madrid,ST=Madrid,C=ES / issuer: emailAddress=example@example.com,CN=miservidor.com,OU=G5fighter IT,O=G5fighter Inc,L=Madrid,ST=Madrid,C=ES / serial: 54E9B9F567EDAB3274DD84A4A9ADE65D9A040B9F / notbefore: Nov 23 17:47:08 2020 GMT / notafter: Nov 23 17:47:08 2021 GMT]
[Tue Nov 24 10:52:44.051183 2020] [ssl:error] [pid 3787] AH02604: Unable to configure certificate miservidor.com:443:0 for stapling
[Tue Nov 24 10:52:44.156461 2020] [ssl:warn] [pid 3798] AH01906: miservidor.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 24 10:52:44.157050 2020] [ssl:error] [pid 3798] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=example@example.com,CN=miservidor.com,OU=G5fighter IT,O=G5fighter Inc,L=Madrid,ST=Madrid,C=ES / issuer: emailAddress=example@example.com,CN=miservidor.com,OU=G5fighter IT,O=G5fighter Inc,L=Madrid,ST=Madrid,C=ES / serial: 54E9B9F567EDAB3274DD84A4A9ADE65D9A040B9F / notbefore: Nov 23 17:47:08 2020 GMT / notafter: Nov 23 17:47:08 2021 GMT]
[Tue Nov 24 10:52:44.157086 2020] [ssl:error] [pid 3798] AH02604: Unable to configure certificate miservidor.com:443:0 for stapling
[Tue Nov 24 10:52:44.191002 2020] [mpm_prefork:notice] [pid 3798] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1g mod_wsgi/4.6.8 Python/2.7 configured -- resuming normal operations
[Tue Nov 24 10:52:44.191095 2020] [core:notice] [pid 3798] AH00094: Command line: '/usr/sbin/apache2'

這些是我的配置文件:

/etc/apache2/sites-available/000-default.conf

<VirtualHost *:80>
       ServerAdmin webmaster@localhost
       ServerName www.miservidor.com
       Redirect / https://miservidor.com/

       DocumentRoot /var/www/html

       ErrorLog ${APACHE_LOG_DIR}/error.log
       CustomLog ${APACHE_LOG_DIR}/access.log combined
       <Directory /var/www/html/>
           AllowOverride All
           Require all granted
       </Directory>
</VirtualHost>

/etc/apache2/sites-available/default-ssl.conf

<IfModule mod_ssl.c>
       <VirtualHost _default_:443>
               ServerName miservidor.com
               DocumentRoot /var/www/html
               ServerAlias www.miservidor.com
               ErrorLog ${APACHE_LOG_DIR}/error.log
               CustomLog ${APACHE_LOG_DIR}/access.log combined
               SSLEngine on
               SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
               SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
               <FilesMatch "\.(cgi|shtml|phtml|php)$">
                               SSLOptions +StdEnvVars
               </FilesMatch>
               <Directory /usr/lib/cgi-bin>
                               SSLOptions +StdEnvVars
               </Directory>
          <Directory /var/www>
               AllowOverride All
               Require all granted
          </Directory>

       </VirtualHost>
</IfModule>

我可以直接使用我的 IP 但不能使用域訪問我的伺服器而不會出現問題。有任何想法嗎?提前致謝。

$$ UPDATE $$ 將以下行添加到我的 default-ssl.conf 後:

SSLUseStapling off

它解決了這個錯誤:

[Tue Nov 24 17:06:00.072579 2020] [mpm_prefork:notice] [pid 8938] AH00169: caught SIGTERM, shutting down
[Tue Nov 24 17:06:00.334836 2020] [ssl:warn] [pid 9005] AH01906: miservidor.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 24 17:06:00.461929 2020] [ssl:warn] [pid 9019] AH01906: miservidor.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Nov 24 17:06:00.507795 2020] [mpm_prefork:notice] [pid 9019] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1g mod_wsgi/4.6.8 Python/2.7 configured -- resuming normal operations
[Tue Nov 24 17:06:00.516896 2020] [core:notice] [pid 9019] AH00094: Command line: '/usr/sbin/apache2'

看起來您啟用了 OCSP 裝訂。

檢查 apache 配置的其餘部分是否有該SSLUseStapling指令,如果啟用則禁用它。

引用自:https://serverfault.com/questions/1043702