我正在尝试在 RedHat 服务器 AWS 上使用 SSL 运行 PHP 和 Apache。设置部署后,重新启动 apache 失败。
httpd.service 的作业失败,因为控制进程以错误代码退出。有关详细信息,请参阅“systemctl status httpd.service”和“journalctl -xe”。
systemctl status httpd.service 给出:
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2017-04-20 15:21:17 EDT; 3min 25s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 11017 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 11015 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 11015 (code=exited, status=1/FAILURE)
Apr 20 15:21:17 ip-172-16-255-255.internal systemd[1]: Starting The Apache HTTP Server...
Apr 20 15:21:17 ip-172-16-255-255.internal systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Apr 20 15:21:17 ip-172-16-255-255.internal kill[11017]: kill: cannot find process ""
Apr 20 15:21:17 ip-172-16-255-255.internal systemd[1]: httpd.service: control process exited, code=exited status=1
Apr 20 15:21:17 ip-172-16-255-255.internal systemd[1]: Failed to start The Apache HTTP Server.
Apr 20 15:21:17 ip-172-16-255-255.internal systemd[1]: Unit httpd.service entered failed state.
Apr 20 15:21:17 ip-172-16-255-255.internal systemd[1]: httpd.service failed.
我的日志有:
var/log/httpd/error.log:
[2017 年 4 月 20 日星期四 14:25:07.649234] [suexec:notice] [pid 10823] AH01232:已启用 suEXEC 机制(包装器:/usr/sbin/suexec)
[2017 年 4 月 20 日星期四 14:25:07.665400] [ssl:emerg] [pid 10823] AH02311:初始化 mod_ssl 时发生致命错误,正在退出。有关更多信息,请参阅 /var/log/httpd/dev.example.com/error2.log
在特定部署的错误日志中我得到:
[2017 年 4 月 20 日星期四 14:24:30.258985] [ssl:emerg] [pid 10795] AH01895:无法配置客户端身份验证的验证位置
[2017 年 4 月 20 日星期四 14:25:07.665388] [ssl:emerg] [pid 10823] AH01895:无法配置客户端身份验证的验证位置
我正在尝试的配置是:
#NameVirtualHost new.example.com:80
<VirtualHost new.example.com:80>
ServerAdmin [email protected]
DocumentRoot /var/www/html/dev.example.com
ServerName new.example.com
DirectoryIndex index.html
DirectoryIndex index.php
LogLevel notice
ErrorLog /var/log/httpd/dev.example.com/error2.log
LogFormat "%{%Y-%m-%d %H:%M:%S}t %a %u %A %p %m %U %q %>s \"%{User-agent}i\"" w3c_extended
CustomLog /var/log/httpd/dev.example.com/access.log w3c_extended
</VirtualHost>
#NameVirtualHost new.example.com:443
<VirtualHost new.example.com:443>
ServerAdmin [email protected]
DocumentRoot /var/www/html/dev.example.com
ServerName new.example.com
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLProtocol all
SSLCertificateFile /usr/local/ssl/crt/example_2015.cert
SSLCertificateKeyFile /usr/local/ssl/private/ssl_2015.key
SSLCACertificateFile /usr/local/ssl/crt/example_2015_intermediate.pem
DirectoryIndex index.html
DirectoryIndex index.php
LogLevel notice
ErrorLog /var/log/httpd/dev.example.com/error2.log
LogFormat "%{%Y-%m-%d %H:%M:%S}t %a %u %A %p %m %U %q %>s \"%{User-agent}i\"" w3c_extended
CustomLog /var/log/httpd/dev.example.com/access.log w3c_extended
</VirtualHost>
我点击了这个链接:
https://forums.cpanel.net/threads/httpd-fails-to-restart-after-install-ssl-certificate.55823/
这使得我可以运行 Apache 和 PHP,但却不允许 SSL 运行,所以我认为这与证书有关。
我忘记了我所在的线程,但我还将密钥的 md5 与证书进行了比较,发现两者都匹配。
openssl x509 -noout -modulus -in ../crt/example_2015.cert | openssl md5
openssl rsa -noout -modulus -in ssl_2015.key | openssl md5
我不确定这里还要包含什么,所以如果我遗漏了什么,请告诉我。
Apache2ctl -S 提供:
VirtualHost configuration:
255.255.255.255:80 new.example.com (/etc/httpd/conf.d/new.example.conf:2)
255.255.255.255:443 new.example.com (/etc/httpd/conf.d/new.example.conf:15)
*:443 ip-172-16-255-255.internal (/etc/httpd/conf.d/ssl.conf:56)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48