Ssl

Apache2 - SSL 不工作

  • October 10, 2017

我目前正在嘗試安裝 Comodo 通過 Namecheap 頒發的 SSL 證書。但是,我目前遇到問題。在錯誤日誌中,我有這個錯誤:

[Sun Apr 10 17:59:06.567045 2016] [mpm_prefork:notice] [pid 613] AH00169: caught SIGTERM, shutting down
[Sun Apr 10 17:59:07.662580 2016] [ssl:emerg] [pid 28664] AH02572: Failed to configure at least one certificate and key for my-domain.com:443
[Sun Apr 10 17:59:07.662679 2016] [ssl:emerg] [pid 28664] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Sun Apr 10 17:59:07.662690 2016] [ssl:emerg] [pid 28664] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed

我從 Namecheap 得到的文件如下:

  • 我的域_com.crt
  • 我的域_com.p7k
  • my-domain_com.ca-bundle

我生成了一個 server.key 文件和一個 server.csr 文件。

我的apache配置如下:

<IfModule mod_ssl.c>
 <VirtualHost *:443>
   ServerAdmin webmaster@localhost

   ServerName my-domain.com

   DocumentRoot /var/www/html

   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined
   SSLEngine on

   #   Server Certificate Chain:
   #   Point SSLCertificateChainFile at a file containing the
   #   concatenation of PEM encoded CA certificates which form the
   #   certificate chain for the server certificate. Alternatively
   #   the referenced file can be the same as SSLCertificateFile
   #   when the CA certificates are directly appended to the server
   #   certificate for convinience.
   SSLCertificateChainFile /etc/apache2/ssl.crt/minecraft-multiplayer_com.crt
   SSLCertificateKeyFile /etc/apache2/ssl.crt/server.key
   SSLCACertificateFile /etc/apache2/ssl.crt/minecraft-multiplayer_com.ca-bundle

   <FilesMatch "\.(cgi|shtml|phtml|php)$">
       SSLOptions +StdEnvVars
   </FilesMatch>
   <Directory /usr/lib/cgi-bin>
       SSLOptions +StdEnvVars
   </Directory>

   BrowserMatch "MSIE [2-6]" \
       nokeepalive ssl-unclean-shutdown \
       downgrade-1.0 force-response-1.0
   # MSIE 7 and newer should be able to use keepalive
   BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

 </VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

我已經在 apache 上設置了 SSL a2enmod ssl。我不太熟悉使用 apache 設置證書,因此感謝您提供的任何幫助。

您缺少伺服器證書,另一方面又複製了一些文件。我會使用下面的假設 minecraft-multiplayer_com.ca-bundle 包含從伺服器證書到根 CA 的證書鏈

SSLCertificateFile    /etc/apache2/ssl.crt/minecraft-multiplayer_com.crt
SSLCertificateKeyFile /etc/apache2/ssl.crt/server.key
SSLCertificateChainFile /etc/apache2/ssl.crt/minecraft-multiplayer_com.ca-bundle

只是在日誌中出現了同樣的錯誤,經過長時間的調試和驗證,這是SSLProtocol語句中的一個愚蠢錯誤。我不小心添加-SSLv2了沒有意義的內容,但日誌中的錯誤也是如此。刪除後一切正常。

引用自:https://serverfault.com/questions/769356

相關問答

Ssl

如何從 JKS 文件為 httpd apache 伺服器生成 .key 和 .crt 文件

  • November 8, 2021
檢視問答
Windows

找不到有效的根 CA 證書,該證書可能會顯示瀏覽器警告

  • October 6, 2021
檢視問答
Ssl

我應該關心“伺服器證書不包含與伺服器名稱匹配的 ID”嗎?

  • January 3, 2021
檢視問答
Ssl

讓我們加密 SSL 證書文件未找到錯誤,但仍然有效

  • December 9, 2020
檢視問答
Ssl

EC2 實例仍在提供舊的 LetsEncrypt SSL 證書

  • May 29, 2020
檢視問答
Ssl

無法從 apache 獲取客戶端證書鏈

  • September 19, 2019
檢視問答