我目前正在尝试安装 Comodo 通过 Namecheap 颁发的 SSL 证书。但是我目前遇到了问题。在错误日志中,我遇到了以下错误:
[Sun Apr 10 17:59:06.567045 2016] [mpm_prefork:notice] [pid 613] AH00169: caught SIGTERM, shutting down
[Sun Apr 10 17:59:07.662580 2016] [ssl:emerg] [pid 28664] AH02572: Failed to configure at least one certificate and key for my-domain.com:443
[Sun Apr 10 17:59:07.662679 2016] [ssl:emerg] [pid 28664] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Sun Apr 10 17:59:07.662690 2016] [ssl:emerg] [pid 28664] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed
我从Namecheap获得的文件如下:
- 我的域名_com.crt
- 我的域名_com.p7k
- 我的域名_com.ca-bundle
我生成了一个 server.key 文件以及一个 server.csr 文件。
我的apache配置如下:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName my-domain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
SSLCertificateChainFile /etc/apache2/ssl.crt/minecraft-multiplayer_com.crt
SSLCertificateKeyFile /etc/apache2/ssl.crt/server.key
SSLCACertificateFile /etc/apache2/ssl.crt/minecraft-multiplayer_com.ca-bundle
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
我已经在 apache 上设置了 SSL a2enmod ssl
。我不太熟悉如何使用 apache 设置证书,因此如果您能提供任何帮助,我将不胜感激。
答案1
您缺少服务器证书,另一方面又复制了一些文件。我将使用下面的文件,假设 minecraft-multiplayer_com.ca-bundle 包含从服务器证书到根 CA 的证书链
SSLCertificateFile /etc/apache2/ssl.crt/minecraft-multiplayer_com.crt
SSLCertificateKeyFile /etc/apache2/ssl.crt/server.key
SSLCertificateChainFile /etc/apache2/ssl.crt/minecraft-multiplayer_com.ca-bundle
答案2
刚刚在日志中出现了同样的错误,经过长时间的调试和验证,发现是SSLProtocol
语句上的一个愚蠢错误。我不小心添加了-SSLv2
一个没有意义的,但日志中的错误也是如此。删除它后一切正常。