Apache2 服务器应支持 SSL,但尚未为通配符 SSL 证书配置证书

tag-icon tag-icon ubuntu ssl ssl-certificate apache-2.4
Apache2 服务器应支持 SSL,但尚未为通配符 SSL 证书配置证书

我正在尝试在 Apache Web 服务器上配置 GoDaddy 通配符证书。我收到以下错误:

[Thu Jul 23 02:32:42.499991 2015] [mpm_event:notice] [pid 12293:tid 140626762094464] AH00491: caught SIGTERM, shutting down
[Thu Jul 23 02:32:43.553475 2015] [ssl:emerg] [pid 12529:tid 139774360311680] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] (/etc/apache2/sites-enabled/godaddy-ssl.conf:2)
[Thu Jul 23 02:32:43.553518 2015] [ssl:emerg] [pid 12529:tid 139774360311680] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
[Thu Jul 23 02:35:23.466577 2015] [mpm_event:notice] [pid 12707:tid 139928471259008] AH00489: Apache/2.4.7 (Ubuntu) OpenSSL/1.0.1f configured -- resuming normal operations
[Thu Jul 23 02:35:23.466637 2015] [core:notice] [pid 12707:tid 139928471259008] AH00094: Command line: '/usr/sbin/apache2'

我的 apache 服务器配置将 http 请求重定向到 https:

<VirtualHost *:80>

    ServerName saasm2m.com

   ServerAlias saasm2m.com *.saasm2m.com 
    ServerAdmin [email protected]
     RewriteEngine on
     ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

我的 SSL 证书配置是

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerAdmin saasm2m.com
        ServerName saasm2m.com
        ServerAlias *.saasm2m.com
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on

        SSLCACertificateFile /etc/apache2/ssl/saasm2m.chained.crt
        SSLCertificateKeyFile /etc/apache2/ssl/saasm2m.key
         ServerAdmin [email protected]
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/
        ProxyPreserveHost On

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

我已更改 ports.conf 以添加 Listen 443 http

Listen 80

NameVirtualHost *:80
<IfModule ssl_module>
        Listen  443 http
</IfModule>

<IfModule mod_gnutls.c>
        Listen  443
</IfModule>

更新:如果我使用此配置,它会引发错误:AH00491:捕获 SIGTERM,正在关闭

SSLCertificateFile /etc/apache2/ssl/6eba0aa5c1b8.crt
SSLCertificateKeyFile /etc/apache2/ssl/website_ssl.key
SSLCertificateChainFile /etc/apache2/ssl/gd_bundle-g2-g1.crt

我已使用 sudo a2enmod ssl 启用了 ssl 模块,并使用 sudo a2ensite filename 激活了服务器配置文件。有人能指出我该如何修复此错误吗?

谢谢

答案1

SSLCertificateFile除了配置文件之外,您还需要提供配置行SSLCertificateKeyFile

您已配置 CA 证书的两个选项之一。您可能都不需要。这可以使用应该是SSLCertificateFile

GoDaddy 提供了有关 i 的文档安装您的证书。 据此,gd_bundle-g2-g1.crt 需要配置该参数。该参数在 Apache 2.4.8 之前的版本中SSLCACertificatePath被调用。SSLCertificateChainFile

相关内容