Question

我已按照以下链接在centos-7 apache中启用http / 2。 https://www.tunetheweb.com/performance/http2/

Apache版本： 2.4.27

我的openssl版本：

# openssl version
OpenSSL 1.1.0f  25 May 2017

我需要将https证书添加到该域以检查浏览器中的http / 2进程。

虽然我正在尝试使用let encrypt添加证书它报告为：

#sudo  certbot --apache
We were unable to find a vhost with a ServerName or Address of xxx.yyy.com.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)
-------------------------------------------------------------------------------
1: ssl.conf                       |                       | HTTPS | Enabled
-------------------------------------------------------------------------------
Press 1 [enter] to confirm the selection (press 'c' to cancel): 1
Error while running apachectl graceful.
Job for httpd.service invalid.
Cleaning up challenges
Error while running apachectl graceful.
Job for httpd.service invalid.
Encountered exception during recovery
Error while running apachectl graceful.
Job for httpd.service invalid.
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/certbot/error_handler.py", line 99, in _call_registered
    self.funcs[-1]()
  File "/usr/lib/python2.7/site-packages/certbot/auth_handler.py", line 284, in _cleanup_challenges
    self.auth.cleanup(achalls)
  File "/usr/lib/python2.7/site-packages/certbot_apache/configurator.py", line 1908, in cleanup
    self.restart()
  File "/usr/lib/python2.7/site-packages/certbot_apache/configurator.py", line 1797, in restart
    self._reload()
  File "/usr/lib/python2.7/site-packages/certbot_apache/configurator.py", line 1808, in _reload
    raise errors.MisconfigurationError(str(err))
MisconfigurationError: Error while running apachectl graceful.
Job for httpd.service invalid.
Error while running apachectl graceful.
Job for httpd.service invalid.

按照允许加密证书添加过程，

 #yum install certbot-apache

Installing:
 python2-certbot-apache                           noarch                           0.14.1-1.el7                                        epel                              144 k
Installing for dependencies:
 httpd                                            x86_64                           2.4.6-45.el7.centos.4                               updates                           2.7 M
 mod_ssl                                          x86_64                           1:2.4.6-45.el7.centos.4                             updates                           105 k

正在添加这些包。所以http-2.4.6和2.4.27都存在于服务器中。

Answer 1

我想我可以让你更近一步。试试这个：

certbot --authenticator standalone --installer apache --pre-hook "systemctl stop httpd" --post-hook "systemctl start httpd"

另外，在尝试上述操作之前检查apache的状态... systemctl status httpd。如果它已关闭且无法启动，请找到僵尸线程（ps -ef|grep httpd）并将其杀死。（或重新启动）。

如何添加让http / 2的centos 7加密证书？

1 个答案: