在 Fedora 20 上,我尝试安装 ssl,但出现了问题,现在当我尝试重新启动 apache 时会出现错误。
我该怎么做才能获取有关该错误的更多信息并解决它?
[root@localhost certs]# service httpd restart
Redirecting to /bin/systemctl restart httpd.service
Job for httpd.service failed. See 'systemctl status httpd.service' and 'journalctl -xn' for details.
[root@localhost certs]# journalctl -xn
-- Logs begin at Mon 2014-03-10 18:44:01 CET, end at Fri 2014-07-04 13:39:14 CEST. --
Jul 04 13:39:08 localhost.localdomain dbus-daemon[790]: dbus[790]: avc: received policyload notice (seqno=2)
Jul 04 13:39:08 localhost.localdomain dbus[1895]: avc: received policyload notice (seqno=2)
Jul 04 13:39:08 localhost.localdomain dbus[1926]: avc: received policyload notice (seqno=2)
Jul 04 13:39:08 localhost.localdomain dbus[790]: avc: received policyload notice (seqno=2)
Jul 04 13:39:08 localhost.localdomain dbus-daemon[790]: dbus[790]: [system] Reloaded configuration
Jul 04 13:39:08 localhost.localdomain dbus[790]: [system] Reloaded configuration
Jul 04 13:39:14 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
Jul 04 13:39:14 localhost.localdomain systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jul 04 13:39:14 localhost.localdomain systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Jul 04 13:39:14 localhost.localdomain systemd[1]: Unit httpd.service entered failed state.
[root@localhost certs]#
编辑 这是 apache 的错误日志:
[Fri Jul 04 14:04:06.972601 2014] [core:notice] [pid 10189] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Fri Jul 04 14:04:06.974558 2014] [suexec:notice] [pid 10189] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Jul 04 14:04:06.975276 2014] [ssl:warn] [pid 10189] AH01909: sisley-mage.local.frpreprod:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jul 04 14:04:06.975643 2014] [ssl:emerg] [pid 10189] AH02311: Fatal error initialising mod_ssl, exiting. See /var/www/html/error.log for more information
AH00016: Configuration Failed
答案1
AH01909:sisley-mage.local.frpreprod:443:0 服务器证书不包含与服务器名称匹配的 ID
这是你需要解决的问题,ServerName指令需要与证书中的指令相同
openssl x509 -in server.crt -noout -subject
如果您给了它正确的证书路径,它会告诉您证书的 CN 是什么,并且 ServerName 应该设置为该值。