当我尝试运行 Apache2 reload 时,出现以下错误。我做错了什么?
/etc/apache2# journalctl -xn
-- Logs begin at So 2016-08-07 18:21:40 CEST, end at Do 2016-08-18 12:33:31 CEST. --
Aug 18 12:28:58 nma apache2[23097]: Reloading web server: apache2 failed!
Aug 18 12:28:58 nma apache2[23097]: Apache2 is not running ... (warning).
Aug 18 12:28:58 nma systemd[1]: apache2.service: control process exited, code=exited status=1
Aug 18 12:28:58 nma systemd[1]: Reload failed for LSB: Apache2 web server.
-- Subject: Unit apache2.service has finished reloading its configuration
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit apache2.service has finished reloading its configuration
--
-- The result is failed.
Aug 18 12:30:10 nma postfix/smtpd[23117]: connect from unknown[IPADDRESS]
Aug 18 12:30:11 nma postfix/smtpd[23117]: lost connection after AUTH from unknown[IPADDRESS]
Aug 18 12:30:11 nma postfix/smtpd[23117]: disconnect from unknown[IPADDRESS]
Aug 18 12:33:31 nma postfix/anvil[23119]: statistics: max connection rate 1/60s for (smtp:IPADDRESS) at Aug 18 12:30:10
Aug 18 12:33:31 nma postfix/anvil[23119]: statistics: max connection count 1 for (smtp:IPADDRESS) at Aug 18 12:30:10
Aug 18 12:33:31 nma postfix/anvil[23119]: statistics: max cache size 1 at Aug 18 12:30:10
我正在运行 Debian X64 系统。
更新
systemctl status apache2
● apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2)
Active: active (exited) since Do 2016-08-18 13:03:44 CEST; 4s ago
Process: 25676 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
Process: 25685 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)
Aug 18 13:03:44 nma apache2[25685]: Starting web server: apache2Action 'start' failed.
Aug 18 13:03:44 nma apache2[25685]: The Apache error log may have more information.
Aug 18 13:03:44 nma apache2[25685]: .
Aug 18 13:03:44 nma systemd[1]: Started LSB: Apache2 web server.
root@nma:/etc/apache2# ps -ef | grep apache2
root 25704 25545 0 13:04 pts/2 00:00:00 grep apache2
发现错误
因此,在 /var/log/error.log 中发现了这个
[Thu Aug 18 13:29:12.594218 2016] [ssl:emerg] [pid 26344:tid 140530931640192] AH02561: Failed to configure certificate domain.de:443:0, check /etc/letsencrypt/live/domain/cert.crt
[Thu Aug 18 13:29:12.594333 2016] [ssl:emerg] [pid 26344:tid 140530931640192] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Thu Aug 18 13:29:12.594365 2016] [ssl:emerg] [pid 26344:tid 140530931640192] SSL Library Error: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
AH00016: Configuration Failed
当我仅使用 Tomcat 时,相同的设置也可以运行,为什么对于 Apache 会失败?
证书.pem:
-----BEGIN CERTIFICATE-----
//Some random data
-----END CERTIFICATE-----
SSL 配置:
<VirtualHost *:443>
ServerName www.domain
ServerAlias domain
ProxyRequests off
ProxyPreserveHost On
<Proxy https://www.domain.de:8443/>
Order deny,allow
Allow from all
</Proxy>
ProxyReceiveBufferSize 4096
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/domain-0005/cert.crt
SSLCertificateKeyFile /etc/letsencrypt/live/domain-0005/private1.key
SSLCertificateChainFile /etc/letsencrypt/live/domain-0005/chain.pem
#ErrorDocument 503 /maintenance.html
# ErrorDocument 404 /maintenance.html
# ErrorDocument 500 /maintenance.html
#ProxyPass /maintenance.html !
ProxyPass / https://localhost:8443/
ProxyPassReverse / https://localhost:8443/
<Location / >
Order allow,deny
Allow from all
</Location>
</VirtualHost>
用于转换 letsencrypt 证书的 SCript:
// Convert key to aes192 and set new password, important foor letsencrypt as the keys generated have no password.
openssl rsa -aes192 -in yourprivatekeywithoutpassword.pem -out newprivatekeywithpassword.pem
// Convert pem to crt.
openssl x509 -outform der -in your-cert.pem -out your-cert.crt
// pem to key
openssl rsa -outform der -in private.pem -out private.key
openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -CAfile chain.pem -caname root -out fullchain_and_key.p12 -name tomcat
keytool -importkeystore -deststorepass PASS -destkeypass PASS -destkeystore MyDSKeyStore.jks -srckeystore fullchain_and_key.p12 -srcstoretype pkcs12 -srcstorepass PASS -alias tomcat
keytool -import -trustcacerts -alias root -file chain.pem -keystore MyDSKeyStore.jks