Apache SSL 错误:重新协商握手失败:客户端不接受?

tag-icon tag-icon debian apache-http-server ssl certificate
Apache SSL 错误:重新协商握手失败:客户端不接受?

我使用客户端证书保护我的 WordPress 管理。我在 3 月从 Wheezy 升级到 Jessie 后遇到了问题,但现在已经解决了一切都运行顺利,直到我的 letsencrypt 证书过期。

我运行了一个 letsencrypt 客户端,它也修改了 apache 配置文件。客户端证书保护的路径因 SSL 错误而停止工作。不幸的是,我没有以前配置的备份。

我花了几个小时,但没有成功。这个答案可能解释了错误,但我无法将其应用于我的场景。

ssl_engine_kernel.c(1908): [client 213.220.230.83:50427] AH02043: SSL virtual host for servername found
ssl_engine_kernel.c(1841): [client 213.220.230.83:50427] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
ssl_engine_kernel.c(1841): [client 213.220.230.83:50428] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
ssl_engine_kernel.c(243): [client 213.220.230.83:50427] AH02034: Initial (No.1) HTTPS request received for child 2 (server www.literak.cz:443)
ssl_engine_kernel.c(591): [client 213.220.230.83:50427] AH02255: Changed client verification type will force renegotiation
[client 213.220.230.83:50427] AH02221: Requesting connection re-negotiation
ssl_engine_kernel.c(791): [client 213.220.230.83:50427] AH02260: Performing full renegotiation: complete handshake protocol (client does support secure renegotiation)
[client 213.220.230.83:50427] AH02226: Awaiting re-negotiation handshake
ssl_engine_kernel.c(1908): [client 213.220.230.83:50427] AH02043: SSL virtual host for servername found
[client 213.220.230.83:50427] AH02261: Re-negotiation handshake failed: Not accepted by client!?

配置:

<IfModule mod_ssl.c>
NameVirtualHost 77.93.226.222:80
<VirtualHost 77.93.226.222:443>

  DocumentRoot /var/www-data/wordpress
  <Directory /var/www-data/wordpress>
          Options Indexes FollowSymLinks MultiViews
          AllowOverride All
          Order allow,deny
          allow from all
  </Directory>

  SSLCACertificateFile    /etc/apache2/ssl/leos.pem
    <Location /wp-admin>
      SSLVerifyClient require
      SSLVerifyDepth  1
    </Location>

  CustomLog ${APACHE_LOG_DIR}/access.log combined
  SSLCertificateFile /etc/letsencrypt/live//fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/privkey.pem
  Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

答案1

好吧,这很奇怪。我发现了这个话题,有人在未导入证书时遇到了问题。我检查了一下,这也是我的情况。证书从我的 chrome 中消失了。

相关内容