php 启用 ssl 模块并设置 ssl 证书后 Apache 2.4.9 失败
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/27807974/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Apache 2.4.9 fails after enabling ssl module and setting up ssl certificate
提问by Lipika
Apache throws the following errors after attempting to set up ssl certificates:
Apache 在尝试设置 ssl 证书后抛出以下错误:
[ssl:emerg] [pid 30907] AH02572: Failed to configure at least one certificate and key for localhost:443
[ssl:emerg] [pid 30907] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[ssl:emerg] [pid 30907] AH02312: Fatal error initialising mod_ssl, exiting.
I using MAC OS:Yosemite, PHP 5.5.20, Apache 2.4.9
我使用 MAC 操作系统:优胜美地、PHP 5.5.20、Apache 2.4.9
and have followed these steps to generate my ssl certificate from (http://www.akadia.com/services/ssh_test_certificate.html)
并按照这些步骤从(http://www.akadia.com/services/ssh_test_certificate.html)生成我的 ssl 证书
cd /etc/apache2/
sudo mkdir certs
cd certs
sudo openssl genrsa -des3 -out server.key 1024
sudo openssl req -new -key server.key -out server.csr
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:California
Locality Name (eg, city) [Newbury]:LA
Organization Name (eg, company) [My Company Ltd]:Company
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:dev.test.local
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
sudo cp server.key server.key.org
sudo openssl rsa -in server.key.org -out server.key
sudo openssl x509 -req -days 730 -in server.csr -signkey server.key -out server.crt
Next I have the following set up for my apache config files:
接下来,我为我的 apache 配置文件进行了以下设置:
etc/apache2/httpd.conf:
etc/apache2/httpd.conf:
LoadModule ssl_module libexec/apache2/mod_ssl.so
LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
Include /private/etc/apache2/extra/httpd-ssl.conf
etc/apache2/extra/httpd-ssl.conf:
etc/apache2/extra/httpd-ssl.conf:
Listen 443
SSLPassPhraseDialog builtin
<VirtualHost _default_:443>
SSLEngine on
Mutex sysvsem default # Added after seeing mutex issues for apache 2.4, http://stackoverflow.com/questions/13969272/apache-sslmutex-issue
etc/apache2/extra/httpd-vhosts.conf:
etc/apache2/extra/httpd-vhosts.conf:
<VirtualHost *:443>
ServerName dev.test.local
DocumentRoot "/Users/username/Sites/test/public"
<Directory "/Users/username/Sites/test/public">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
SSLEngine on
SSLCertificateFile /etc/apache2/certs/server.crt
SSLCertificateKeyFile /etc/apache2/certs/server.key
</VirtualHost>
After restarting and running apache config test it looks as though there are no issues:
重新启动并运行 apache config test 后,看起来好像没有问题:
sudo apachectl restart
sudo apachectl configtest
[Tue Jan 06 13:56:01.480270 2015] [so:warn] [pid 31636] AH01574: module php5_module is already loaded, skipping
Syntax OK
Help is greatly appreciated and I am happy to supply more information if needed.
非常感谢您的帮助,如果需要,我很乐意提供更多信息。
回答by Jeremy Zhu
I ran into the same problem. Now I resolved it.
我遇到了同样的问题。现在我解决了。
You included
你包括
/private/etc/apache2/extra/httpd-ssl.conf
in httpd.conf.
在 httpd.conf 中。
So you still need to set following keys in 'httpd-ssl.conf'
所以你仍然需要在'httpd-ssl.conf'中设置以下键
SSLCertificateFile "path to your crt"
SSLCertificateKeyFile "path to your key"
Hope it is helpful.
希望它有帮助。
回答by GJN
I encountered this just today after upgrading to MacOS High Sierra version 10.13.6. My virtual hosts with SSL were working fine before the upgrade. Then today, when I tried to start up my Apache web server, I got this error:
我今天在升级到 MacOS High Sierra 10.13.6 版后遇到了这个问题。在升级之前,我的带有 SSL 的虚拟主机运行良好。然后今天,当我尝试启动 Apache Web 服务器时,出现以下错误:
[Fri Jul 20 10:51:06.021778 2018] [ssl:emerg] [pid 2236] AH02572: Failed to configure at least one certificate and key for work.localweb.com:80
[Fri Jul 20 10:51:06.022024 2018] [ssl:emerg] [pid 2236] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Fri Jul 20 10:51:06.022037 2018] [ssl:emerg] [pid 2236] AH02312: Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Failed
Check my apache version and it is now 2.4.33. Apparently in this version you will need to put the SSLCertificateFile and SSLCertificateKeyFile entries in the virtual host itself. So, I copied the entries from extra/httpd-ssl.conf and put it in every SSL virtual host that I had configured.
检查我的 apache 版本,现在是 2.4.33。显然,在此版本中,您需要将 SSLCertificateFile 和 SSLCertificateKeyFile 条目放在虚拟主机本身中。因此,我从 extra/httpd-ssl.conf 复制了条目并将其放入我配置的每个 SSL 虚拟主机中。
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName work.localweb.com
SSLCertificateFile "/private/etc/apache2/server.crt"
SSLCertificateKeyFile "/private/etc/apache2/server.key"
......
</VirtualHost>
Then the start up works again.
然后启动再次工作。
回答by Coder
I had these same errors after updating to Apache 2.4.33. It seems that SSLCertificateFileand SSLCertificateKeyFilenow have to be inside the <VirtualHost>block, whereas previously they didn't.
更新到 Apache 2.4.33 后,我遇到了同样的错误。看来,SSLCertificateFile和SSLCertificateKeyFile现在是内部<VirtualHost>块,而以前他们没有。
回答by James Stewart
I ran into this problem after updating to Apache 2.4.33.
更新到 Apache 2.4.33 后我遇到了这个问题。
I had to <VirtualHost></VirtualHost>blocks in my httpd-vhosts.conf file. I removed this one:
我不得不<VirtualHost></VirtualHost>阻止我的 httpd-vhosts.conf 文件。我删除了这个:
<VirtualHost *:443>
ServerName "<your server name>"
DocumentRoot "<your path>"
</VirtualHost>
restarted apache and it worked.
重新启动 apache 并且它起作用了。
回答by Andrew
I also had the same problem. In my case I had also just included extra/httpd-ssl.conf as some of the others had mentioned. As said above, make sure you have entries in this file for
我也有同样的问题。就我而言,我也刚刚包含了其他人提到的 extra/httpd-ssl.conf 。如上所述,请确保您在此文件中有条目
SSLCertificateFile "/usr/local/etc/apache24/ssl.crt/mydomaincertificate.crt"
SSLCertificateFile "/usr/local/etc/apache24/ssl.crt/mydomaincertificate.crt"
SSLCertificateKeyFile "/usr/local/etc/apache24/ssl.key/myprivatekey.key"
SSLCertificateKeyFile "/usr/local/etc/apache24/ssl.key/myprivatekey.key"
Even though the same entries are in extra/httpd-vhosts.conf for my main domain. I also had to make sure that in httpd.conf the "ServerName" entry matched a name in the certificate.
即使我的主域在 extra/httpd-vhosts.conf 中也有相同的条目。我还必须确保在 httpd.conf 中的“ServerName”条目与证书中的名称匹配。
While this is off no use to the OP, it may be of use to someone like me searching on this error after setting up SSL
虽然这对 OP 没有用,但它可能对像我这样在设置 SSL 后搜索此错误的人有用
回答by ondelettes
In hope to help new visitors.
希望对新来的游客有所帮助。
I had the same error lines in log file.
我在日志文件中有相同的错误行。
My mistake was to include
我的错误是包括
SSLEngine on
outside a VirtualHostblock, in a .conffile, along with common values for SSLProtocol, SSLCipherSuite, SSLHonorCipherOrder...
在VirtualHost块外,在.conf文件中,以及SSLProtocol, SSLCipherSuite, SSLHonorCipherOrder... 的常用值
