Ssl

名稱或服務未知:AH00547:無法解析主機名

  • September 10, 2016

連接到我的個人網站時,我收到SSL_ERROR_RX_RECORD_TOO_LONG來自 Mozilla Firefox 的錯誤消息:

Secure Connection Failed

An error occurred during a connection to www.fturco.net. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

我的網站託管在 VPS 伺服器上,但我試圖從家裡的個人電腦訪問它。

此錯誤消息僅在我重新啟動 VPS 伺服器後立即發生。啟動後,如果我重新啟動httpd.service問題就消失了。

這些是來自的相關消息/var/log/httpd/error_log

[Sat Sep 10 15:15:18.285512 2016] [core:error] [pid 228] (EAI 2)Name or service not known: AH00547: Could not resolve host name www.fturco.net -- ignoring!
[Sat Sep 10 15:15:18.289488 2016] [core:error] [pid 228] (EAI 2)Name or service not known: AH00547: Could not resolve host name tt-rss.fturco.net -- ignoring!
[Sat Sep 10 15:15:18.289571 2016] [core:error] [pid 228] (EAI 2)Name or service not known: AH00547: Could not resolve host name shaarli.fturco.net -- ignoring!
[Sat Sep 10 15:15:18.312224 2016] [mpm_prefork:notice] [pid 228] AH00163: Apache/2.4.23 (Unix) OpenSSL/1.0.2h PHP/7.0.10 configured -- resuming normal operations
[Sat Sep 10 15:15:18.312625 2016] [core:notice] [pid 228] AH00094: Command line: '/usr/bin/httpd -D FOREGROUND'

這是我的 Apache 配置(/etc/httpd/conf/httpd.conf):

LoadModule ssl_module modules/mod_ssl.so
LoadModule php7_module modules/libphp7.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule dir_module modules/mod_dir.so
LoadModule headers_module modules/mod_headers.so

ServerRoot "/etc/httpd"
Listen 443
ServerAdmin fturco@fastmail.fm
ServerName fturco.net
DocumentRoot "/srv/http"

<IfModule dir_module>
 DirectoryIndex index.html index.php
</IfModule>

<IfModule unixd_module>
 User http
 Group http
</IfModule>

<Directory "/">
 AllowOverride None
</Directory>

<Directory "/srv/http/">
 Require all granted
</Directory>

<Directory ~ "/srv/http/shaarli/(application|cache|data|pagecache|tmp)/">
 Require all denied
</Directory>

<Directory "/srv/http/tt-rss/cache/">
 Require all denied
</Directory>

ErrorLog "/var/log/httpd/error_log"
LogLevel warn

<IfModule log_config_module>
 TransferLog "/var/log/httpd/access_log"
</IfModule>

<IfModule mime_module>
 TypesConfig conf/mime.types
 AddType application/x-httpd-php .php
</IfModule>

SSLCertificateFile "/etc/letsencrypt/live/fturco.net/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/fturco.net/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/fturco.net/chain.pem"
SSLSessionCache "shmcb:/some/example/path/ssl_scache(512000)"

<VirtualHost www.fturco.net:443>
 ServerName www.fturco.net:443
 DocumentRoot "/srv/http/www"
 ErrorLog "/var/log/httpd/www/error_log"
 TransferLog "/var/log/httpd/www/access_log"
 SSLEngine on
</VirtualHost>

<VirtualHost tt-rss.fturco.net:443>
 ServerName tt-rss.fturco.net:443
 DocumentRoot "/srv/http/tt-rss"
 ErrorLog "/var/log/httpd/tt-rss/error_log"
 TransferLog "/var/log/httpd/tt-rss/access_log"
 SSLEngine on
</VirtualHost>

<VirtualHost shaarli.fturco.net:443>
 ServerName shaarli.fturco.net:443
 DocumentRoot "/srv/http/shaarli"
 ErrorLog "/var/log/httpd/shaarli/error_log"
 TransferLog "/var/log/httpd/shaarli/access_log"
 SSLEngine on
</VirtualHost>

<IfModule headers_module>
 Header always set Strict-Transport-Security "max-age=15768000"
</IfModule>

SSLProtocol All -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache "shmcb:/var/run/ocsp(128000)"

這是我的/etc/hosts文件:

127.0.0.1 localhost vps

命令hostname返回vps

我的 VPS 伺服器執行 Arch Linux 和apache-2.4.23-1.

我該如何解決這個問題?

似乎VirtualHost指令是錯誤的。正確的方法是:

<VirtualHost *:443>
 ServerName www.fturco.net
 DocumentRoot "/srv/http/www"
 ErrorLog "/var/log/httpd/www/error_log"
 TransferLog "/var/log/httpd/www/access_log"
 SSLEngine on
</VirtualHost>

唯一的區別在於前兩行。

感謝來自 Freenode 上#httpd 的使用者 BtbN。

引用自:https://serverfault.com/questions/802287