certbot -d website.com 抛出 apache2ctl configtest 错误

tag-icon tag-icon apache-2.4 lets-encrypt certbot
certbot -d website.com 抛出 apache2ctl configtest 错误

我编写了几个脚本,以便在我的 Digital Ocean Debian 机器上轻松设置网站。保护网站的脚本基本上只是创建文件sites-availble、运行 certbot 命令,然后提示您重新启动 Apache。它之前运行得非常完美。

脚本中导致问题的命令:

sudo cerbot -d mywebsite.com

使用该--apache标志,它会引发相同的错误。

我得到的错误

Error while running apache2ctl configtest.
Action 'configtest' failed.
The Apache error log may have more information.
AH00526: Syntax error on line 19 of
/etc/apache2/sites-enabled/mywebsite.ca.conf:
SSLCertificateFile: file
'/etc/letsencrypt/live/www.mywebsite.ca/fullchain.pem' does
not exist or is empty

参考文件

<IfModule mod_ssl.c>
    <VirtualHost *:80>
        ServerName mywebsite.ca
        DocumentRoot /var/www/html/mywebsite.ca
        Redirect permanent / https://mywebsite.ca
    </VirtualHost>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/html/mywebsite.ca
        ServerName mywebsite.ca
        ServerAlias www.mywebsite.ca

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/www.mywebsite.ca/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/www.mywebsite.ca/privkey.pem
    #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
            SSLOptions +StdEnvVars
    </Directory>
    #   "force-response-1.0" for this.
    BrowserMatch "MSIE [2-6]" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

</VirtualHost>

第 19 行是SSLCertificateFile /etc/letsencrypt/live/www.mywebsite.ca/fullchain.pem

我的 apache2 错误日志中的一些内容

AH00112: Warning: DocumentRoot [/var/lib/letsencrypt/tls_sni_01_page/] does not exist

[Thu Aug 03 12:13:00.265826 2017] [ssl:warn] [pid 12795] AH01906: 9113409597ce29a2adba7e6df41d732f.81d7a00618deb2e454817e363526c145.acme.invalid:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

另一个域有一个完全相同(域名除外)的站点启用文件,并且运行良好。

我尝试了 certbot 命令的几个变体,但效果不佳,我担心尝试太多东西,因为这个服务器上还有其他实时站点。

是什么原因导致了此错误?有什么建议可以解决此错误?

相关内容