我今天为我的网站重新颁发了 SSL 证书,但现在 apache2 无法启动了。我得到的只是service apache2 start
以下内容:
[....] Starting web server: apache2[Sat Apr 12 13:52:51 2014] [warn] NameVirtualHost *:80 has no VirtualHosts
Action 'start' failed.
The Apache error log may have more information.
failed!
(由于 apache2 正在加载 VirtualHost *:80 站点,因此不应该出现该警告?)
此日志之前只有正常操作。第 2 行是原始重启,第 3 行是在没有加载 mod_ssl 的情况下启动,第 4 行是尝试再次使用 mod_ssl 重启。
chmod: changing permissions of `/home/servers/MTA/newserver/mods/deathmatch/resources/[maps]/maps/DM-OS-TheNicO-SML-II/meta.xml': Operation not permitted
[Sat Apr 12 13:31:38 2014] [notice] caught SIGTERM, shutting down
[Sat Apr 12 13:51:08 2014] [notice] Apache/2.2.22 (Debian) PHP/5.5.11-1~dotdeb.1 configured -- resuming normal operations
[Sat Apr 12 13:51:51 2014] [notice] caught SIGTERM, shutting down
当LogLevel debug
我尝试启动 Apache 时,出现以下几行:
[Sat Apr 12 14:36:13 2014] [info] Init: Seeding PRNG with 656 bytes of entropy
[Sat Apr 12 14:36:13 2014] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Sat Apr 12 14:36:13 2014] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Sat Apr 12 14:36:13 2014] [info] Init: Initializing (virtual) servers for SSL
我检查了SSLCertificateKeyFile
和是否SSLCertificateFile
匹配,并且密钥是用于证书的。我正在使用带有 OpenSSL 的 Debian Wheezy。
站点日志均显示以下信息:
[Sat Apr 12 17:04:22 2014] [info] Loading certificate & private key of SSL-aware server
[Sat Apr 12 17:04:22 2014] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required
[Sat Apr 12 17:04:22 2014] [info] Configuring server for SSL protocol
[Sat Apr 12 17:04:22 2014] [debug] ssl_engine_init.c(469): Creating new SSL context (protocols: SSLv3, TLSv1, TLSv1.1, TLSv1.2)
[Sat Apr 12 17:04:22 2014] [debug] ssl_engine_init.c(705): Configuring permitted SSL ciphers [HIGH:MEDIUM:!aNULL:!MD5]
[Sat Apr 12 17:04:22 2014] [debug] ssl_engine_init.c(789): Configuring server certificate chain (4 CA certificates)
[Sat Apr 12 17:04:22 2014] [debug] ssl_engine_init.c(420): Configuring TLS extension handling
[Sat Apr 12 17:04:22 2014] [debug] ssl_engine_init.c(836): Configuring RSA server certificate
[Sat Apr 12 17:04:22 2014] [debug] ssl_engine_init.c(875): Configuring RSA server private key
Apache2 肯定知道以下站点(apache2ctl -t -D DUMP_VHOSTS
):
[Sat Apr 12 17:21:02 2014] [warn] NameVirtualHost *:80 has no VirtualHosts
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:80 is a NameVirtualHost
default server twisted.twisted-gamers.net (/etc/apache2/sites-enabled/000-default:1)
port 80 namevhost twisted.twisted-gamers.net (/etc/apache2/sites-enabled/000-default:1)
port 80 namevhost dev.twisted-gamers.net (/etc/apache2/sites-enabled/dev.twisted-gamers.net:1)
port 80 namevhost editor.twisted-gamers.net (/etc/apache2/sites-enabled/editor.twisted-gamers.net:1)
port 80 namevhost forum.twisted-gamers.net (/etc/apache2/sites-enabled/forum.twisted-gamers.net:1)
port 80 namevhost i.3ventic.eu (/etc/apache2/sites-enabled/i.3ventic.eu:1)
port 80 namevhost minecraft.twisted-gamers.net (/etc/apache2/sites-enabled/minecraft.twisted-gamers.net:1)
port 80 namevhost nyans.twisted-gamers.net (/etc/apache2/sites-enabled/nyans.twisted-gamers.net:1)
port 80 namevhost www.twisted-gamers.net (/etc/apache2/sites-enabled/twisted-gamers.net:1)
port 80 namevhost www.wiki.twisted-gamers.net (/etc/apache2/sites-enabled/wiki.twisted-gamers.net:1)
*:443 is a NameVirtualHost
default server dev.twisted-gamers.net (/etc/apache2/sites-enabled/dev.twisted-gamers.net:22)
port 443 namevhost dev.twisted-gamers.net (/etc/apache2/sites-enabled/dev.twisted-gamers.net:22)
port 443 namevhost editor.twisted-gamers.net (/etc/apache2/sites-enabled/editor.twisted-gamers.net:21)
port 443 namevhost forum.twisted-gamers.net (/etc/apache2/sites-enabled/forum.twisted-gamers.net:21)
port 443 namevhost i.3ventic.eu (/etc/apache2/sites-enabled/i.3ventic.eu:16)
port 443 namevhost www.twisted-gamers.net (/etc/apache2/sites-enabled/twisted-gamers.net:21)
Syntax OK
我怎样才能让 apache2 再次使用 SSL 运行?
答案1
如果您已经配置了 VirtualHost,而 Apache 发出警告,指出没有配置 VirtualHosts,则问题出在您的 VirtualHosts 配置上,而不是您的 SSL 证书上。
我会检查您的 VirtualHosts 配置是否存在语法错误,这些错误可能是在您更新它以考虑您的新证书时发生的。
答案2
Apache2 悄然崩溃,因为我在更新新私钥路径时遗漏了一个虚拟主机。这导致不匹配错误,显然悄然导致 Apache 崩溃。
答案3
您是否同时升级了 Apache?对于较新版本的 Apache HTTPD,您的站点配置文件必须以.conf
(ie /etc/apache2/sites-available/my-site.conf
) 结尾,否则 HTTPD 在启动时会忽略它们。
否则,尝试apache2ctl -t -D DUMP_VHOSTS
一下它应该会告诉您 Apache 知道哪些虚拟主机。
答案4
我遇到了这个问题。我发现 ssl.conf 文件中的证书位置没有注释(默认情况下它在那里),我添加了自己的配置而没有注释默认配置。尝试查找较旧的证书位置并进行修改。