ISPConfig LetsEncrypt和自签名证书已损坏配置

时间:2019-07-03 17:58:27

标签: ssl apache2 lets-encrypt certbot ispconfig

当时,我已经无法解决问题了……严重的是,我是如此愚蠢,检查了letencrypt ssl并同时创建了一个自签名证书。但是,我认为我已经打破了SSL配置。其他使用letencrypt的域,除了一个域/网站(即使是新创建的域)也是如此。我无法在下面打印的日志之外找到日志。

以下是Apache2的error.log

[Wed Jul 03 17:46:02.826733 2019] [ssl:warn] [pid 10839] AH01909: kronos.pixelcode.at:8080:0 server certificate does NOT include an ID which matches the server name
[Wed Jul 03 17:46:02.826780 2019] [ssl:error] [pid 10839] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=admin@alphaground.net,CN=alphaground.net,O=Alphaground,L=Telfs,ST=Austria,C=AT / issuer: emailAddress=admin@alphaground.net,CN=alphaground.net,O=Alphaground,L=Telfs,ST=Austria,C=AT / serial: 0A5E411BEFE1832A40230F6F9BC1B0E1F7078CF8 / notbefore: Jun 19 18:42:15 2019 GMT / notafter: Jun 16 18:42:15 2029 GMT]
[Wed Jul 03 17:46:02.826796 2019] [ssl:error] [pid 10839] AH02604: Unable to configure certificate kronos.pixelcode.at:8080:0 for stapling
[Wed Jul 03 17:46:02.826847 2019] [:error] [pid 10839] python_init: Python version mismatch, expected '2.7.6', found '2.7.16'.
[Wed Jul 03 17:46:02.826884 2019] [:error] [pid 10839] python_init: Python executable found '/usr/bin/python'.
[Wed Jul 03 17:46:02.826886 2019] [:error] [pid 10839] python_init: Python path being used '/usr/lib/python2.7:/usr/lib/python2.7/plat-x86_64-linux-gnu:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'.
[Wed Jul 03 17:46:02.826895 2019] [:notice] [pid 10839] mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads.
[Wed Jul 03 17:46:02.826898 2019] [:notice] [pid 10839] mod_python: using mutex_directory /tmp 
[Wed Jul 03 17:46:02.833564 2019] [mpm_prefork:notice] [pid 10839] AH00163: Apache/2.4.38 (Ubuntu) mod_fcgid/2.3.9 OpenSSL/1.1.1b mod_python/3.3.1 Python/2.7.16 configured -- resuming normal operations
[Wed Jul 03 17:46:02.833582 2019] [core:notice] [pid 10839] AH00094: Command line: '/usr/sbin/apache2'
[Wed Jul 03 17:50:02.673254 2019] [mpm_prefork:notice] [pid 10839] AH00169: caught SIGTERM, shutting down
[Wed Jul 03 17:50:02.783814 2019] [ssl:warn] [pid 11384] AH01906: kronos.pixelcode.at:8080:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jul 03 17:50:02.783845 2019] [ssl:warn] [pid 11384] AH01909: kronos.pixelcode.at:8080:0 server certificate does NOT include an ID which matches the server name
[Wed Jul 03 17:50:02.783917 2019] [ssl:error] [pid 11384] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=admin@alphaground.net,CN=alphaground.net,O=Alphaground,L=Telfs,ST=Austria,C=AT / issuer: emailAddress=admin@alphaground.net,CN=alphaground.net,O=Alphaground,L=Telfs,ST=Austria,C=AT / serial: 0A5E411BEFE1832A40230F6F9BC1B0E1F7078CF8 / notbefore: Jun 19 18:42:15 2019 GMT / notafter: Jun 16 18:42:15 2029 GMT]
[Wed Jul 03 17:50:02.783924 2019] [ssl:error] [pid 11384] AH02604: Unable to configure certificate kronos.pixelcode.at:8080:0 for stapling
[Wed Jul 03 17:50:02.783955 2019] [suexec:notice] [pid 11384] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Wed Jul 03 17:50:02.811836 2019] [ssl:warn] [pid 11390] AH01906: kronos.pixelcode.at:8080:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jul 03 17:50:02.811851 2019] [ssl:warn] [pid 11390] AH01909: kronos.pixelcode.at:8080:0 server certificate does NOT include an ID which matches the server name
[Wed Jul 03 17:50:02.811904 2019] [ssl:error] [pid 11390] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=admin@alphaground.net,CN=alphaground.net,O=Alphaground,L=Telfs,ST=Austria,C=AT / issuer: emailAddress=admin@alphaground.net,CN=alphaground.net,O=Alphaground,L=Telfs,ST=Austria,C=AT / serial: 0A5E411BEFE1832A40230F6F9BC1B0E1F7078CF8 / notbefore: Jun 19 18:42:15 2019 GMT / notafter: Jun 16 18:42:15 2029 GMT]
[Wed Jul 03 17:50:02.811909 2019] [ssl:error] [pid 11390] AH02604: Unable to configure certificate kronos.pixelcode.at:8080:0 for stapling
[Wed Jul 03 17:50:02.811980 2019] [:error] [pid 11390] python_init: Python version mismatch, expected '2.7.6', found '2.7.16'.
[Wed Jul 03 17:50:02.812037 2019] [:error] [pid 11390] python_init: Python executable found '/usr/bin/python'.
[Wed Jul 03 17:50:02.812046 2019] [:error] [pid 11390] python_init: Python path being used '/usr/lib/python2.7:/usr/lib/python2.7/plat-x86_64-linux-gnu:/usr/lib/python2.7/lib-tk:/usr/lib/python2.7/lib-old:/usr/lib/python2.7/lib-dynload'.
[Wed Jul 03 17:50:02.812095 2019] [:notice] [pid 11390] mod_python: Creating 8 session mutexes based on 150 max processes and 0 max threads.
[Wed Jul 03 17:50:02.812099 2019] [:notice] [pid 11390] mod_python: using mutex_directory /tmp 
[Wed Jul 03 17:50:02.819199 2019] [mpm_prefork:notice] [pid 11390] AH00163: Apache/2.4.38 (Ubuntu) mod_fcgid/2.3.9 OpenSSL/1.1.1b mod_python/3.3.1 Python/2.7.16 configured -- resuming normal operations
[Wed Jul 03 17:50:02.819215 2019] [core:notice] [pid 11390] AH00094: Command line: '/usr/sbin/apache2'

那是我的error.log想要我说的,但是它已经可以在其他域中使用了。我认为必须有一个配置,它试图获取或任何旧证书。 letsencrypt告诉我没有错误,并且ispconfig的server.sh也没有错误。

我在ispconfig中重新创建了网站/域,但是我仍然遇到相同的错误。其他域完全没有错误。我真的很确定,问题出在检查letencrypt和同时创建证书上。

我通读了.vhost中的配置,但ssl部分中没有任何内容...

1 个答案:

答案 0 :(得分:0)

问题解决了。如果卡住或出现相同错误,还请检查DNS中的IPv6设置。我翻了两个数字。所以IPv4是正确的,但IPv6不是,我对此也没有任何错误。

重新安装服务器后,我遇到了同样的问题,因此我无法通过DNS设置。瞧,AAAA IPv6正确并且证书生成完美。