Apache 2.4.6 Ubuntu 13.10
我正在尝试找出如何配置上述 Apache 以使用通配符 SSL 证书。到目前为止,我还没有找到任何方法。我要么收到 Apache 无法启动的错误,要么收到来自浏览器的 SSL 错误。
自从升级到 2.4.6 以来,除非我删除 ssl 配置指令,否则我无法启动 apache。
/etc/apache2/sites-enabled/default-ssl.conf
<VirtualHost _default_:443>
DocumentRoot /var/www/wiki
ErrorLog /var/log/apache2/wiki.ssl-error.log
SSLEngine On
SSLCertificateFile /etc/ssl/certs/40B75eaaadb70.crt
SSLCertificateKeyFile /etc/ssl/private/xxx.com.key
#SSLCACertificateFile /etc/ssl/certs/gd_bundle-g2-g1.crt
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/wiki
ServerName wiki.xxx.com
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/assets/itdb
ServerName assets.xxx.com
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/support19
ServerName support.xxx.com
</VirtualHost>`
/etc/apache2/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
error.log 中的错误
[Wed Jun 18 22:34:44.561219 2014] [ssl:emerg] [pid 2268] AH02312: Fatal error initialising mod_ssl, exiting.
[Wed Jun 18 22:37:17.092027 2014] [mpm_itk:notice] [pid 2321] AH00163: Apache/2.4.6 (Ubuntu) PHP/5.5.3-1ubuntu2.3 OpenSSL/1.0.1e configured -- resuming normal operations
[Wed Jun 18 22:37:17.092162 2014] [core:notice] [pid 2321] AH00094: Command line: '/usr/sbin/apache2'
[Wed Jun 18 22:40:05.230425 2014] [mpm_itk:notice] [pid 2321] AH00169: caught SIGTERM, shutting down
[Wed Jun 18 22:41:55.732150 2014] [ssl:emerg] [pid 2477] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
[Wed Jun 18 22:41:55.732264 2014] [ssl:emerg] [pid 2477] AH02312: Fatal error initialising mod_ssl, exiting.
[Wed Jun 18 22:49:57.213468 2014] [ssl:emerg] [pid 2520] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
[Wed Jun 18 22:49:57.213576 2014] [ssl:emerg] [pid 2520] AH02312: Fatal error initialising mod_ssl, exiting.
[Wed Jun 18 22:53:43.883013 2014] [mpm_itk:notice] [pid 2568] AH00163: Apache/2.4.6 (Ubuntu) PHP/5.5.3-1ubuntu2.3 OpenSSL/1.0.1e configured -- resuming normal operations
[Wed Jun 18 22:53:43.883126 2014] [core:notice] [pid 2568] AH00094: Command line: '/usr/sbin/apache2'
我将 default-ssl.conf 文件更改如下:
<VirtualHost *:443>
DocumentRoot /var/www/wiki
ErrorLog /var/log/apache2/wiki.ssl-error.log
SSLEngine On
SSLCertificateFile /etc/ssl/certs/40B75eaaadb70.crt
SSLCertificateKeyFile /etc/ssl/private/xxx.com.key
ServerName wiki.xxx.com
</VirtualHost>
<VirtualHost assets.xxx.com:443>
DocumentRoot /var/www/assets
ServerName assets.xxx.com
SSLEngine On
SSLCertificateFile /etc/ssl/certs/40B75eaaadb70.crt
SSLCertificateKeyFile /etc/ssl/private/xxx.com.key
</VirtualHost>
使用上述配置文件,SSL 将起作用,但它似乎忽略了第二个虚拟主机。如果我使用主机支持或资产,它只会显示支持网站。我还尝试替换 *:443 和默认:443 和 support.xxx.com 一起使用,但当我这样做时,浏览器中又出现了 SSL 错误。因此,我唯一能让 SSL 正常工作的方法就是只允许显示一个网站。再次,我使用了通配符证书。
答案1
实际上,为了避免为所有主机配置 SSL 位,您可以编辑mods-enabled/ssl.conf文件。您在此处所做的任何更改都应适用于您启用 SSL 的所有网站,只要您指定SSLEngine 开启对于所有网站
答案2
错误表明 Apache 正在为某些虚拟主机寻找 SSL 证书配置,但没有找到。
您确实配置了三个虚拟主机,但缺少 SSL 指令。请尝试添加它们。