我对这个社区还很陌生,我希望我的问题提出在正确的地方。
我已经买了SSL 证书,其中包含四个文件,其名称如下:
AddTrustExternalCARoot.crtCOMODORSAAddTrustCA.crtCOMODORSADomainValidationSecureServerCA.crtmydomain_com
下列的本指南,我最终遇到了这个错误:
* Restarting web server apache2
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1.
Set the 'ServerName' directive globally to suppress this message
Action 'start' failed.
所以我的 apache2 服务甚至无法启动。
以下是我所做的/etc/apache2/sites-available/default-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin [email protected]
ServerName mydomain.com
ServerAlias www.mydomain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/mydomain_com.ca-bundle.crt
SSLCertificateKeyFile /etc/apache2/ssl/mydomain.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
在我进行这些更改并尝试重新启动我的 Apache 服务后,我收到上面显示的错误。这些是我所做的唯一更改。我没有改变任何其他东西。
以下是错误日志报告:
[Wed Jul 01 16:05:47.436945 2015] [mpm_prefork:notice] [pid 10568] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.9 OpenSSL/1.0.1f configured -- resuming normal operations
[Wed Jul 01 16:05:47.436988 2015] [core:notice] [pid 10568] AH00094: Command line: '/usr/sbin/apache2'
[Wed Jul 01 16:17:27.699364 2015] [mpm_prefork:notice] [pid 10568] AH00169: caught SIGTERM, shutting down
[Wed Jul 01 16:17:28.754414 2015] [ssl:warn] [pid 10729] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jul 01 16:17:28.754465 2015] [ssl:warn] [pid 10729] AH01909: RSA certificate configured for mydomain.com:443 does NOT include an ID which matches the server name
[Wed Jul 01 16:17:28.754485 2015] [ssl:emerg] [pid 10729] AH02238: Unable to configure RSA server private key
[Wed Jul 01 16:17:28.754510 2015] [ssl:emerg] [pid 10729] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Wed Jul 01 16:17:28.754514 2015] [ssl:emerg] [pid 10729] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
[Wed Jul 01 16:20:56.686346 2015] [ssl:warn] [pid 10920] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jul 01 16:20:56.686411 2015] [ssl:warn] [pid 10920] AH01909: RSA certificate configured for mydomain.com:443 does NOT include an ID which matches the server name
[Wed Jul 01 16:20:56.686425 2015] [ssl:emerg] [pid 10920] AH02238: Unable to configure RSA server private key
[Wed Jul 01 16:20:56.686441 2015] [ssl:emerg] [pid 10920] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Wed Jul 01 16:20:56.686446 2015] [ssl:emerg] [pid 10920] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
[Wed Jul 01 16:46:22.422767 2015] [ssl:warn] [pid 11024] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jul 01 16:46:22.422831 2015] [ssl:warn] [pid 11024] AH01909: RSA certificate configured for mydomain.com:443 does NOT include an ID which matches the server name
[Wed Jul 01 16:46:22.422844 2015] [ssl:emerg] [pid 11024] AH02238: Unable to configure RSA server private key
[Wed Jul 01 16:46:22.422858 2015] [ssl:emerg] [pid 11024] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Wed Jul 01 16:46:22.422862 2015] [ssl:emerg] [pid 11024] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
如果它很重要,我已经用 openssl 生成了我的密钥。
mydomain.com请注意,针对这个问题,我已经用 替换了我的真实域名和地址。
您能否逐步指导我如何在 Ubuntu 14.04 上使用 apache2 安装此证书?
答案1
您需要添加此行,其中 yourDomainName.ca-bundle 最好是您从 Comodo 获取的 .crt 文件:
SSLCertificateChainFile /etc/ssl/ssl.crt/yourDomainName.ca-bundle
进入 /etc/apache2/sites-available/default-ssl.conf