Apache-2.4
SSL 的問題:無法為拍打配置證書
我的區域網路上有一個自託管的 lubuntu 伺服器,它有一些對我的網路有用的服務(/var/www/html 中的 wordpress、owncloud 和燒瓶應用程序)。問題是幾天前我安裝了一個執行良好的自簽名 ssl 證書,但現在出現以下錯誤:
[Tue Nov 24 10:52:43.773996 2020] [mpm_prefork:notice] [pid 3684] AH00169: caught SIGTERM, shutting down [Tue Nov 24 10:52:44.050510 2020] [ssl:warn] [pid 3787] AH01906: miservidor.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Nov 24 10:52:44.051147 2020] [ssl:error] [pid 3787] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=example@example.com,CN=miservidor.com,OU=G5fighter IT,O=G5fighter Inc,L=Madrid,ST=Madrid,C=ES / issuer: emailAddress=example@example.com,CN=miservidor.com,OU=G5fighter IT,O=G5fighter Inc,L=Madrid,ST=Madrid,C=ES / serial: 54E9B9F567EDAB3274DD84A4A9ADE65D9A040B9F / notbefore: Nov 23 17:47:08 2020 GMT / notafter: Nov 23 17:47:08 2021 GMT] [Tue Nov 24 10:52:44.051183 2020] [ssl:error] [pid 3787] AH02604: Unable to configure certificate miservidor.com:443:0 for stapling [Tue Nov 24 10:52:44.156461 2020] [ssl:warn] [pid 3798] AH01906: miservidor.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Nov 24 10:52:44.157050 2020] [ssl:error] [pid 3798] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=example@example.com,CN=miservidor.com,OU=G5fighter IT,O=G5fighter Inc,L=Madrid,ST=Madrid,C=ES / issuer: emailAddress=example@example.com,CN=miservidor.com,OU=G5fighter IT,O=G5fighter Inc,L=Madrid,ST=Madrid,C=ES / serial: 54E9B9F567EDAB3274DD84A4A9ADE65D9A040B9F / notbefore: Nov 23 17:47:08 2020 GMT / notafter: Nov 23 17:47:08 2021 GMT] [Tue Nov 24 10:52:44.157086 2020] [ssl:error] [pid 3798] AH02604: Unable to configure certificate miservidor.com:443:0 for stapling [Tue Nov 24 10:52:44.191002 2020] [mpm_prefork:notice] [pid 3798] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1g mod_wsgi/4.6.8 Python/2.7 configured -- resuming normal operations [Tue Nov 24 10:52:44.191095 2020] [core:notice] [pid 3798] AH00094: Command line: '/usr/sbin/apache2'這些是我的配置文件:
/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName www.miservidor.com Redirect / https://miservidor.com/ DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined <Directory /var/www/html/> AllowOverride All Require all granted </Directory> </VirtualHost>/etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerName miservidor.com DocumentRoot /var/www/html ServerAlias www.miservidor.com ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> <Directory /var/www> AllowOverride All Require all granted </Directory> </VirtualHost> </IfModule>我可以直接使用我的 IP 但不能使用域訪問我的伺服器而不會出現問題。有任何想法嗎?提前致謝。
$$ UPDATE $$ 將以下行添加到我的 default-ssl.conf 後:
SSLUseStapling off它解決了這個錯誤:
[Tue Nov 24 17:06:00.072579 2020] [mpm_prefork:notice] [pid 8938] AH00169: caught SIGTERM, shutting down [Tue Nov 24 17:06:00.334836 2020] [ssl:warn] [pid 9005] AH01906: miservidor.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Nov 24 17:06:00.461929 2020] [ssl:warn] [pid 9019] AH01906: miservidor.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Nov 24 17:06:00.507795 2020] [mpm_prefork:notice] [pid 9019] AH00163: Apache/2.4.41 (Ubuntu) OpenSSL/1.1.1g mod_wsgi/4.6.8 Python/2.7 configured -- resuming normal operations [Tue Nov 24 17:06:00.516896 2020] [core:notice] [pid 9019] AH00094: Command line: '/usr/sbin/apache2'
看起來您啟用了 OCSP 裝訂。
檢查 apache 配置的其餘部分是否有該
SSLUseStapling指令,如果啟用則禁用它。