Apache 2.4和SSL:AH02217:ssl_stapling_init_cert:无法检索颁发者证书

时间:2017-05-03 22:54:07

标签: apache ubuntu ssl self-signed

我一整天都在谷歌和这里搜索,对我没什么用。

我有一台带有 Apache 2.4 Ubuntu 16.04 服务器,有多个虚拟主机。我正在尝试为我的某个网站配置自签名SSL证书。我遵循这两个教程:

https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04

https://www.digitalocean.com/community/tutorials/how-to-set-up-multiple-ssl-certificates-on-one-ip-with-apache-on-ubuntu-12-04

但是要知道,如果我尝试进入我的网站,它就不可见了。在Firefox中,给我一个这样的错误:

Secure Connection Failed

The connection to the server was reset while the page was loading.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

如果我在运行/var/log/apache2/error.log之后拖尾service apache2 restart,我会发现此错误:

[ssl:error] [pid 14916] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=user@emial.com,CN=example.com,OU=Example,O=Example,L=Test,ST=Test,C=MX / issuer: emailAddress=user@emial.com,CN=example.com,OU=Example,O=Test,L=Test,ST=Test,C=MX / serial: 9AD648D7C9AD4A03 / notbefore: May  3 22:28:46 2017 GMT / notafter: May  3 22:28:46 2018 GMT]
[ssl:error] [pid 14916] AH02604: Unable to configure certificate example.com:443:0 for stapling

我不明白出了什么问题。我的虚拟主机看起来像这样:

<VirtualHost *:80>
    DocumentRoot /var/inetpub/example.com

    ServerName example.com
    ServerAdmin user@email.com

    ErrorLog "${APACHE_LOG_DIR}/example-error.log"
    CustomLog "${APACHE_LOG_DIR}/example-access.log" common

</VirtualHost>

<IfModule mod_ssl.c>
        <VirtualHost *:443>

        ServerAdmin user@email.com
        ServerName example.com
        DocumentRoot /var/inetpub/example.com

        SSLEngine on

        SSLCertificateFile /etc/apache2/ssl/example.com/apache-selfsigned.crt
        SSLCertificateKeyFile /etc/apache2/ssl/dexample.com/apache-selfsigned.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
             SSLOptions +StdEnvVars
        </FilesMatch>

        <Directory /usr/lib/cgi-bin>
             SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch "MSIE [2-6]" \
                      nokeepalive ssl-unclean-shutdown \
                      downgrade-1.0 force-response-1.0

        </VirtualHost>

</IfModule>

<Directory /var/inetpub/example.com>
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /etc/apache2/.htpasswd
        Require valid-user
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        Allow from all
#       Require all granted
</Directory>

文件/etc/apache2/ssl/example.com/apache-selfsigned.crt/etc/apache2/ssl/dexample.com/apache-selfsigned.key存在。我不明白是什么问题......我应该检查什么?

感谢。

编辑1:

在虚拟主机中,我添加了这一行:

SSLUseStapling off

错误不再出现在error.log中,但我仍然无法在浏览器中使用https进入该网站。如果这有帮助,我不会,但如果直接在服务器中,我使用 enlinks 

elinks https://www.example.com

这会正确加载我的网站。但如果我尝试进入我的电脑浏览器,我看不到它。没有https的网址可以正常工作。

1 个答案:

答案 0 :(得分:0)

按照上面的建议关闭 SSLUseStapling 不起作用,至少在我的情况下。 web服务器apache2突然宕机了。

我必须在 000-ispconfig.vhost 中注释掉这些行,它适用于 http

#SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt #SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key

相关问题
最新问题