Debian:Systemd 无法启动 apache 进程

Debian:Systemd 无法启动 apache 进程

当我尝试运行 Apache2 reload 时,出现以下错误。我做错了什么?

/etc/apache2# journalctl -xn
-- Logs begin at So 2016-08-07 18:21:40 CEST, end at Do 2016-08-18 12:33:31 CEST. --
Aug 18 12:28:58 nma apache2[23097]: Reloading web server: apache2 failed!
Aug 18 12:28:58 nma apache2[23097]: Apache2 is not running ... (warning).
Aug 18 12:28:58 nma systemd[1]: apache2.service: control process exited, code=exited status=1
Aug 18 12:28:58 nma systemd[1]: Reload failed for LSB: Apache2 web server.
-- Subject: Unit apache2.service has finished reloading its configuration
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit apache2.service has finished reloading its configuration
-- 
-- The result is failed.
Aug 18 12:30:10 nma postfix/smtpd[23117]: connect from unknown[IPADDRESS]
Aug 18 12:30:11 nma postfix/smtpd[23117]: lost connection after AUTH from unknown[IPADDRESS]
Aug 18 12:30:11 nma postfix/smtpd[23117]: disconnect from unknown[IPADDRESS]
Aug 18 12:33:31 nma postfix/anvil[23119]: statistics: max connection rate 1/60s for (smtp:IPADDRESS) at Aug 18 12:30:10
Aug 18 12:33:31 nma postfix/anvil[23119]: statistics: max connection count 1 for (smtp:IPADDRESS) at Aug 18 12:30:10
Aug 18 12:33:31 nma postfix/anvil[23119]: statistics: max cache size 1 at Aug 18 12:30:10

我正在运行 Debian X64 系统。

更新

systemctl status apache2
● apache2.service - LSB: Apache2 web server
   Loaded: loaded (/etc/init.d/apache2)
   Active: active (exited) since Do 2016-08-18 13:03:44 CEST; 4s ago
  Process: 25676 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
  Process: 25685 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)

Aug 18 13:03:44 nma apache2[25685]: Starting web server: apache2Action 'start' failed.
Aug 18 13:03:44 nma apache2[25685]: The Apache error log may have more information.
Aug 18 13:03:44 nma apache2[25685]: .
Aug 18 13:03:44 nma systemd[1]: Started LSB: Apache2 web server.
root@nma:/etc/apache2# ps -ef | grep apache2
root     25704 25545  0 13:04 pts/2    00:00:00 grep apache2

发现错误

因此,在 /var/log/error.log 中发现了这个

[Thu Aug 18 13:29:12.594218 2016] [ssl:emerg] [pid 26344:tid 140530931640192] AH02561: Failed to configure certificate domain.de:443:0, check /etc/letsencrypt/live/domain/cert.crt
[Thu Aug 18 13:29:12.594333 2016] [ssl:emerg] [pid 26344:tid 140530931640192] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Thu Aug 18 13:29:12.594365 2016] [ssl:emerg] [pid 26344:tid 140530931640192] SSL Library Error: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
AH00016: Configuration Failed

当我仅使用 Tomcat 时,相同的设置也可以运行,为什么对于 Apache 会失败?

证书.pem:

-----BEGIN CERTIFICATE-----
//Some random data
-----END CERTIFICATE-----

SSL 配置:

<VirtualHost *:443>
ServerName www.domain
ServerAlias domain
ProxyRequests off
ProxyPreserveHost On
<Proxy https://www.domain.de:8443/>
Order deny,allow
Allow from all
</Proxy>
 ProxyReceiveBufferSize 4096
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/domain-0005/cert.crt
SSLCertificateKeyFile /etc/letsencrypt/live/domain-0005/private1.key
SSLCertificateChainFile /etc/letsencrypt/live/domain-0005/chain.pem

#ErrorDocument 503 /maintenance.html
# ErrorDocument 404 /maintenance.html
# ErrorDocument 500 /maintenance.html

#ProxyPass /maintenance.html !
ProxyPass / https://localhost:8443/
ProxyPassReverse / https://localhost:8443/

<Location / >
Order allow,deny
Allow from all
</Location>
</VirtualHost>

用于转换 letsencrypt 证书的 SCript:

// Convert key to aes192 and set new password, important foor letsencrypt as the keys generated have no password.
openssl rsa -aes192 -in yourprivatekeywithoutpassword.pem -out newprivatekeywithpassword.pem

// Convert pem to crt. 
openssl x509 -outform der -in your-cert.pem -out your-cert.crt

// pem to key
openssl rsa -outform der -in private.pem -out private.key

openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -CAfile chain.pem -caname root -out fullchain_and_key.p12 -name tomcat

keytool -importkeystore -deststorepass PASS -destkeypass PASS -destkeystore MyDSKeyStore.jks -srckeystore fullchain_and_key.p12 -srcstoretype pkcs12 -srcstorepass PASS -alias tomcat

keytool -import -trustcacerts -alias root -file chain.pem -keystore MyDSKeyStore.jks

相关内容