httpd 返回“SSLCertificateFile:文件‘/var/iwww/certs/msdfw/c.pem’不存在或为空”

tag-icon tag-icon apache-2.4 virtualhost https centos7 httpd
httpd 返回“SSLCertificateFile:文件‘/var/iwww/certs/msdfw/c.pem’不存在或为空”

最近,由于一些问题,我不得不重置我的服务器。现在,我一直在尝试重新设置它,但对我来说就是不起作用。我已经httpd成功安装,它可以与我的网站一起使用。但是当我尝试添加 SSL 证书时,CentOS 竟然敢骗我说它不存在。以下是journalctl -xe;的输出

Sep 26 17:00:11 localhost systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
Sep 26 17:00:11 localhost httpd[5579]: AH00526: Syntax error on line 15 of             
/etc/httpd/enabled/msdfw.conf:
Sep 26 17:00:11 localhost httpd[5579]: SSLCertificateFile: file     
'/var/iwww/certs/msdfw/c.pem' does not exist or is empty
Sep 26 17:00:11 localhost systemd[1]: httpd.service: main process exited,     
code=exited, status=1/FAILURE
Sep 26 17:00:11 localhost kill[5581]: kill: cannot find process ""
Sep 26 17:00:11 localhost systemd[1]: httpd.service: control process exited, 
code=exited status=1
Sep 26 17:00:11 localhost systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Sep 26 17:00:11 localhost systemd[1]: Unit httpd.service entered failed state.
Sep 26 17:00:11 localhost systemd[1]: httpd.service failed.

我检查了文件,它就在那里。我已经尝试将所有所有权授予用户apache,我将其授予组apache并将所有权限更改为 777。这些都不起作用(并恢复了权限)。我试过了lsof c.pem,但没有输出。这是 VirtualHost;

<VirtualHost *:80>
    ServerName www.example.com
    ServerAlias example.com
    RewriteEngine on
    RewriteRule ^/?(.*) https://example.com/$1 [R,L]
</VirtualHost>
<VirtualHost *:443>
    ServerName example.com
    DocumentRoot /var/www/msdfw
    ErrorLog /var/iwww/logs/e-msdfw
    CustomLog /var/iwww/logs/c-msdfw combined
    DirectoryIndex index.php
    SSLEngine on
    SSLCertificateFile /var/iwww/certs/msdfw/c.pem
    SSLCertificateKeyFile /var/iwww/certs/msdfw/p.key
    SSLCertificateChainFile /var/iwww/certs/msdfw/b.pem
    <Directory /var/www/msdfw/>
            Require all granted
    </Directory>
</VirtualHost>

我已经安装了,mod_ssl所以我认为不是这样。我sudo -u apache cat /var/iwww/certs/msdfw/c.pem检查了它是否可以读取,结果是可以的。OpenSSL 可以正确解析证书。所以,我不确定问题出在哪里。任何能帮忙的人,请伸出援手。谢谢!

附加信息:

  • 操作系统:CentOS Linux 版本 7.4.1708
  • 不确定这属于哪个类别,但它是最小的。

答案1

system_u看来我错了。这与标有或 的证书有关unconfined_u。它们必须贴上标签system_u才能被 读取httpd

了解如何更改标签这里

答案2

我知道这是一个老话题,但我的系统上也遇到过类似的问题。我使用 OL8 和 Apache 作为 Web 服务器。我所做的一切都不起作用。直到我运行了这个命令:

sudo chcon -R -t httpd_config_t letsencrypt/

我的问题是 SELinux 阻止了该请求。

经验是,任何需要由 Apache 运行的东西都必须进行httpd_config_t最低限度的设置。

答案3

所以...我算是解决了这个问题,但还没有完全解决。我尝试删除它,c.pem看看它是否仍然识别该目录,并给了我一些错误信息:

/var/iwww/certs/msdfw/: Is a directory

但并没有。还是同样的错误。所以我很愚蠢,输入了;

SSLCertificateFile whoami

是的,我不知道我在想什么。但它说没有文件/etc/httpd/whoami或为空。无论如何,我将其全部移至/etc/httpd/certs/msdfw/并重新配置了 VirtualHost。

而且它有效...

TL;DR:如果您收到此信息并且其他操作均无效,请将其移至/etc/httpd

相关内容