Apache 2.4 和 SSL:AH02217:ssl_stapling_init_cert:无法检索颁发者证书

问题描述 投票:0回答:1

我一整天都在谷歌和这里搜索,但没有任何效果。

我有一个 Ubuntu 16.04 服务器,带有 Apache 2.4 和多个虚拟主机。我正在尝试为我的网站之一配置自签名 SSL 证书。我遵循这两个教程:

https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04

https://www.digitalocean.com/community/tutorials/how-to-set-up-multiple-ssl-certificates-on-one-ip-with-apache-on-ubuntu-12-04

但是要知道,如果我尝试进入我的网站,它是不可见的。在 Firefox 中,向我抛出如下错误:

Secure Connection Failed

The connection to the server was reset while the page was loading.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

如果我在运行后尾随

/var/log/apache2/error.log
service apache2 restart
我发现这个错误:

[ssl:error] [pid 14916] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: [email protected],CN=example.com,OU=Example,O=Example,L=Test,ST=Test,C=MX / issuer: [email protected],CN=example.com,OU=Example,O=Test,L=Test,ST=Test,C=MX / serial: 9AD648D7C9AD4A03 / notbefore: May  3 22:28:46 2017 GMT / notafter: May  3 22:28:46 2018 GMT]
[ssl:error] [pid 14916] AH02604: Unable to configure certificate example.com:443:0 for stapling

我不明白出了什么问题。我的虚拟主机如下所示:

<VirtualHost *:80>
    DocumentRoot /var/inetpub/example.com

    ServerName example.com
    ServerAdmin [email protected]

    ErrorLog "${APACHE_LOG_DIR}/example-error.log"
    CustomLog "${APACHE_LOG_DIR}/example-access.log" common

</VirtualHost>

<IfModule mod_ssl.c>
        <VirtualHost *:443>

        ServerAdmin [email protected]
        ServerName example.com
        DocumentRoot /var/inetpub/example.com

        SSLEngine on

        SSLCertificateFile /etc/apache2/ssl/example.com/apache-selfsigned.crt
        SSLCertificateKeyFile /etc/apache2/ssl/dexample.com/apache-selfsigned.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
             SSLOptions +StdEnvVars
        </FilesMatch>

        <Directory /usr/lib/cgi-bin>
             SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch "MSIE [2-6]" \
                      nokeepalive ssl-unclean-shutdown \
                      downgrade-1.0 force-response-1.0

        </VirtualHost>

</IfModule>

<Directory /var/inetpub/example.com>
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
#       Require all granted
</Directory>

文件 

/etc/apache2/ssl/example.com/apache-selfsigned.crt
/etc/apache2/ssl/dexample.com/apache-selfsigned.key
存在。我不明白问题出在哪里...我应该检查什么?

谢谢。

编辑1:

在虚拟主机中我添加了这一行:

SSLUseStapling off

错误不再出现在 error.log 中,但我仍然无法在浏览器中使用 https 进入网站。我不知道这是否有帮助,但如果直接在服务器中我使用 enlinks:

elinks https://www.example.com

这会正确加载我的网站。但如果我尝试在计算机浏览器中输入,我就看不到它。不带 https 的 url 在两者中都可以正常工作。

apache ubuntu ssl self-signed
1个回答
0
投票

按照上面的建议关闭 SSLUseStapling 不起作用,至少对我来说是这样。 Web 服务器 apache2 突然宕机了。

我必须在 000-ispconfig.vhost 中注释掉这些行,它可以与 http 一起使用

#SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt #SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.