我在为客户端设置安全连接以连接到 Debian 12 上的数据库服务器时似乎遇到了问题。每次我尝试启动 MariaDB 时,它都会因错误而崩溃Private key does not match the certificate public key。尽管尝试使用以下命令重新生成证书和密钥:“certbot certonly --key-type rsa --dns-cloudflare --dns-cloudflare-credentials /etc/cloudflare/credential.ini -d db1.mydomain.com”,但我仍然面临同样的问题。我已经验证了私钥的完整性,它似乎没有问题(RSA 密钥正常)。
此外,我将证书和密钥移至 /etc/mysql/certs,并将所有权授予具有 0700 权限的 MySQL 用户。下面,我附上了日志和配置文件以供参考。如能得到任何帮助,我将不胜感激。提前致谢!
完整日志:
Feb 11 23:32:17 myhost systemd[1]: Starting mariadb.service - MariaDB 10.11.6 database server...
Feb 11 23:32:17 myhost mariadbd[7080]: 2024-02-11 23:32:17 0 [Note] Starting MariaDB 10.11.6-MariaDB-0+deb12u1 source revision as process 7080
Feb 11 23:32:17 myhost mariadbd[7080]: 2024-02-11 23:32:17 0 [Note] InnoDB: Compressed tables use zlib 1.2.13
Feb 11 23:32:17 myhost mariadbd[7080]: 2024-02-11 23:32:17 0 [Note] InnoDB: Number of transaction pools: 1
Feb 11 23:32:17 myhost mariadbd[7080]: 2024-02-11 23:32:17 0 [Note] InnoDB: Using crc32 + pclmulqdq instructions
Feb 11 23:32:17 myhost mariadbd[7080]: 2024-02-11 23:32:17 0 [Note] InnoDB: Using liburing
Feb 11 23:32:17 myhost mariadbd[7080]: 2024-02-11 23:32:17 0 [Note] InnoDB: Initializing buffer pool, total size = 128.000MiB, chunk size = 2.000MiB
Feb 11 23:32:17 myhost mariadbd[7080]: 2024-02-11 23:32:17 0 [Note] InnoDB: Completed initialization of buffer pool
Feb 11 23:32:17 myhost mariadbd[7080]: 2024-02-11 23:32:17 0 [Note] InnoDB: File system buffers for log disabled (block size=512 bytes)
Feb 11 23:32:17 myhost mariadbd[7080]: 2024-02-11 23:32:17 0 [Note] InnoDB: End of log at LSN=7416428985935
Feb 11 23:32:19 myhost mariadbd[7080]: 2024-02-11 23:32:19 0 [Note] InnoDB: 128 rollback segments are active.
Feb 11 23:32:19 myhost mariadbd[7080]: 2024-02-11 23:32:19 0 [Note] InnoDB: Setting file './ibtmp1' size to 12.000MiB. Physically writing the file full; Please wait ...
Feb 11 23:32:19 myhost mariadbd[7080]: 2024-02-11 23:32:19 0 [Note] InnoDB: File './ibtmp1' size is now 12.000MiB.
Feb 11 23:32:19 myhost mariadbd[7080]: 2024-02-11 23:32:19 0 [Note] InnoDB: log sequence number 7416428985935; transaction id 492398711
Feb 11 23:32:19 myhost mariadbd[7080]: 2024-02-11 23:32:19 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
Feb 11 23:32:19 myhost mariadbd[7080]: 2024-02-11 23:32:19 0 [Note] Plugin 'FEEDBACK' is disabled.
Feb 11 23:32:19 myhost mariadbd[7080]: SSL error: Private key does not match the certificate public key
Feb 11 23:32:19 myhost mariadbd[7080]: 2024-02-11 23:32:19 0 [ERROR] Failed to setup SSL
Feb 11 23:32:19 myhost mariadbd[7080]: 2024-02-11 23:32:19 0 [ERROR] SSL error: Private key does not match the certificate public key
Feb 11 23:32:19 myhost mariadbd[7080]: 2024-02-11 23:32:19 0 [ERROR] Aborting
50-服务器.cnf
#
# These groups are read by MariaDB server.
# Use it for options that only the server (but not clients) should see
# this is read by the standalone daemon and embedded servers
[server]
# this is only for the mariadbd daemon
[mariadbd]
#
# * Basic Settings
#
user = mysql
pid-file = /run/mysqld/mysqld.pid
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
# Broken reverse DNS slows down connections considerably and name resolve is
# safe to skip if there are no "host by domain name" access grants
skip-name-resolve
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = *
#
# * Fine Tuning
#
key_buffer_size = 256M
max_allowed_packet = 5G
thread_stack = 256K
thread_cache_size = 1024
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam_recover_options = BACKUP,FORCE
max_connections = 500
table_cache = 4096
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
# Recommend only changing this at runtime for short testing periods if needed!
#general_log_file = /var/log/mysql/mysql.log
#general_log = 1
# Error logging goes via stdout/stderr, which on systemd systems goes to
# journald.
# Enable this if you want to have error logging into a separate file
#log_error = /var/log/mysql/error.log
# Enable the slow query log to see queries with especially long duration
#log_slow_query_file = /var/log/mysql/mariadb-slow.log
#log_slow_query_time = 10
#log_slow_verbosity = query_plan,explain
#log-queries-not-using-indexes
#log_slow_min_examined_row_limit = 1000
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replica, see README.Debian about other
# settings you may need to change.
#server-id = 1
#log_bin = /var/log/mysql/mysql-bin.log
expire_logs_days = 10
#max_binlog_size = 100M
#
# * SSL/TLS
#
# For documentation, please read
# https://mariadb.com/kb/en/securing-connections-for-client-and-server/
ssl-ca = /etc/mysql/certs/chain.pem
ssl-cert = /etc/mysql/certs/cert.pem
ssl-key = /etc/mysql/certs/privkey.pem
#require-secure-transport = on
#
# * Character sets
#
# MySQL/MariaDB default is Latin1, but in Debian we rather default to the full
# utf8 4-byte character set. See also client.cnf
character-set-server = utf8mb4
collation-server = utf8mb4_general_ci
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
# Most important is to give InnoDB 80 % of the system RAM for buffer use:
# https://mariadb.com/kb/en/innodb-system-variables/#innodb_buffer_pool_size
innodb_buffer_pool_size = 3G
# this is only for embedded server
[embedded]
# This group is only read by MariaDB servers, not by MySQL.
# If you use the same .cnf file for MySQL and MariaDB,
# you can put MariaDB-only options here
[mariadbd]
# This group is only read by MariaDB-11.2 servers.
# If you use the same .cnf file for MariaDB of different versions,
# use this group for options that older servers don't understand
[mariadb-11.2]