我在使用 SSL 证书时遇到了问题。
我使用的是 Let's Encrypt 证书,一切都很好。我正在尝试切换到由 DigiCert 颁发的证书,但似乎无法使其再次工作。 httpd 将不会启动。
希望您能提供任何反馈、意见、问题等来为我指明正确的方向。
#systemctl 重新启动 httpd.service
Job for httpd.service failed because the control process exited with error code.
See "systemctl status httpd.service" and "journalctl -xeu httpd.service" for details.
$journalctl -xeu httpd.service
Jun 14 16:30:01 www systemd[1]: Starting The Apache HTTP Server...
░░ Subject: A start job for unit httpd.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit httpd.service has begun execution.
░░
░░ The job identifier is 35150873.
Jun 14 16:30:01 www systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ An ExecStart= process belonging to unit httpd.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 1.
Jun 14 16:30:01 www systemd[1]: httpd.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit httpd.service has entered the 'failed' state with result 'exit-code'.
Jun 14 16:30:01 www systemd[1]: Failed to start The Apache HTTP Server.
░░ Subject: A start job for unit httpd.service has failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit httpd.service has finished with a failure.
░░
░░ The job identifier is 35150873 and the job result is failed.
$systemctl 状态 httpd.service
× httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/httpd.service.d
└─php-fpm.conf
Active: failed (Result: exit-code) since Wed 2023-06-14 16:10:08 EDT; 6s ago
Duration: 23h 48min 30.301s
Docs: man:httpd.service(8)
Process: 3216240 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 3216240 (code=exited, status=1/FAILURE)
Status: "Reading configuration..."
CPU: 39ms
Jun 14 16:10:08 www systemd[1]: Starting The Apache HTTP Server...
Jun 14 16:10:08 www systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Jun 14 16:10:08 www systemd[1]: httpd.service: Failed with result 'exit-code'.
Jun 14 16:10:08 www systemd[1]: Failed to start The Apache HTTP Server.
ssl.conf 的内容如下:
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
SSLCryptoDevice builtin
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLHonorCipherOrder on
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ServerName www:443
mydomain.conf 的内容如下:
ServerAdmin [email protected]
ServerName www.mydomain.com
ServerAlias mydomain.com
DocumentRoot /var/www/html/mydomain.com
<Directory "/var/www/html/mydomain.com">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog "logs/error_log_mydomain.com"
CustomLog "logs/access_log_mydomain.com" combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =prod.mydomain.com [OR]
RewriteCond %{SERVER_NAME} =mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerName www.mydomain.com
ServerAlias mydomain.com
DocumentRoot /var/www/html/mydomain.com
<Directory "/var/www/html/mydomain.com">
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/prod.mydomain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/prod.mydomain.com.key
SSLCACertificateFile /etc/pki/tls/certs/DigiCertCA.crt
</VirtualHost>
$http -t
Syntax OK
$cat /var/log/httpd/error_log
[Wed Jun 14 12:36:20.378579 2023] [core:notice] [pid 3210863:tid 3210863] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Wed Jun 14 12:36:20.379481 2023] [suexec:notice] [pid 3210863:tid 3210863] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Jun 14 12:36:20.381647 2023] [ssl:emerg] [pid 3210863:tid 3210863] AH02311: Fatal error initialising mod_ssl, exiting. See /etc/httpd/logs/ssl_error_log for more information
AH00016: Configuration Failed
#cat /var/log/httpd/ssl_error_log
[Wed Jun 14 16:30:01.562719 2023] [core:notice] [pid 3216760:tid 3216760] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Wed Jun 14 16:30:01.563467 2023] [suexec:notice] [pid 3216760:tid 3216760] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Jun 14 16:30:01.565223 2023] [ssl:emerg] [pid 3216760:tid 3216760] AH02572: Failed to configure at least one certificate and key for www:443
[Wed Jun 14 16:30:01.565244 2023] [ssl:emerg] [pid 3216760:tid 3216760] SSL Library Error: error:0A0000B1:SSL routines::no certificate assigned
[Wed Jun 14 16:30:01.565249 2023] [ssl:emerg] [pid 3216760:tid 3216760] AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed