我使用 RHEL6.5和 Apache 2.2.15。当我restart的时候httpd,我无法httpd再开始了。在 中显示以下内容/var/log/httpd/error_log:
[Fri Aug 01 18:31:48 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Aug 01 18:32:35 2014] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Fri Aug 01 18:32:35 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Aug 01 18:42:46 2014] [notice] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Fri Aug 01 18:42:46 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Aug 01 18:43:15 2014] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Fri Aug 01 18:43:15 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Aug 01 18:43:59 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Aug 01 18:44:12 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Aug 01 18:45:03 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
实际上我已经disabled重启SELinux了。
请问我该怎么办?
答案1
抱歉,我已经找到原因了。这完全是因为SSL CERT问题。并不是真的因为上面的原因notices。
这与上述消息无关。
因此请忽略它们。
我该怎么做,我启用了 Apache 详细日志,然后才是真正的举动。它通过显示启动 Apache 时加载 mod_ssl 模块时的失败来显示实际发生的情况。然后我意识到这是因为ssl.conf(或相应的虚拟主机文件)内部有 SSL 证书配置。
在那里我犯了两个错误。首先,我没有授予 CERT 相关文件 (.crt/ .key/ .csr) 的读取权限。之后,更糟糕的是,其中一个文件出现了错误。
答案2
Apache Error [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
一个美好的早晨,我发现我的 Apache (httpd) 服务已关闭并且无法启动:)
步骤1:检查httpd服务状态:
#/etc/init.d/httpd status
httpd 已死但 pid 文件存在
第 2 步:搜索 httpd 进程并终止它们
#ps -ef | grep httpd
# killall -9 httpd
步骤 3:删除 httpd 锁定文件(如果存在)
# rm -f /var/lock/subsys/httpd
第四步:重启Apache/httpd服务
# service httpd restart
Stop httpd [FAILED]
Start httpd [FAILED]
还需要进一步挖掘。
步骤5:检查httpd错误日志文件
# grep suexec /var/log/httpd/error_log
[Sun Sep 22 10:32:06 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Sep 22 10:33:51 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Sep 22 10:38:03 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Sep 22 10:45:53 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
步骤 6:检查 httpd nss 错误日志文件
#tail -300 /var/log/httpd/nss_error_log
[Sun Sep 22 04:03:27 2013] [error] Certificate not verified: 'Server-Cert'
[Sun Sep 22 04:03:27 2013] [error] SSL Library Error: -8181 Certificate has expired
[Sun Sep 22 04:03:27 2013] [error] Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
[Sun Sep 22 10:38:03 2013] [error] Certificate not verified: 'Server-Cert'
[Sun Sep 22 10:38:03 2013] [error] SSL Library Error: -8181 Certificate has expired
[Sun Sep 22 10:38:03 2013] [error] Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
[Sun Sep 22 10:45:53 2013] [error] Certificate not verified: 'Server-Cert'
[Sun Sep 22 10:45:53 2013] [error] SSL Library Error: -8181 Certificate has expired
[Sun Sep 22 10:45:53 2013] [error] Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
此问题的根本原因在于名为 nss 的模块中。mod_nss是一个替代方案mod_ssl;它可以做一些mod_ssl不做的事情,并且可以并行运行mod_ssl。欲了解更多信息,请浏览链接 [什么是 mod_nss ,关于设置 Mod_NSS ,更多详细信息 ]
步骤 7:从 httpd conf.d 目录中删除 nss.conf 文件
#cd /etc/httpd/conf.d
#mv nss.conf nss.conf.orig
#mv ssl.conf ssl.conf.orig
#/etc/init.d/httpd start
Start httpd [OK]
答案3
我通过在 CentOS 6 中重新安装 mod_sslyum erase mod_ssl并使用yum mod_ssl.那应该解决它。
答案4
这解决了我的问题。
yumpurge ()
{
if [[ $# -eq 0 ]]; then
echo "usage:
removes packages including config files
example:
$0 ['pkg1 pkg2 pkgn']
";
return 0;
fi;
for package in "$*";
do
echo "removing config files for $package";
for file in $(rpm -q --configfiles $package);
do
echo "removing $file";
echo "enter any key to confirm";
rm -i -f $file;
done;
rpm -e $package;
done
}
yumpurge mod_ssl httpd
yum install -y httpd mod_ssl