Raspberry-Pi

如何解決這個 apache2 重啟失敗的問題?

  • June 24, 2016

條件: http: //192.168.1.107/http://192.168.1.107/owncloud(帶/不帶 https)在使用 HTTPS 的自簽名 SSL 證書重新配置設置後不活動,如我遵循所有步驟的執行緒所述重啟失敗apache2

支持:apache2重啟失敗

我願意

# http://www.slsmk.com/enabling-https-access-to-owncloud/
masi@raspberrypi:~ $ sudo vim /etc/apache2/conf-available/owncloud-ssl.conf 

masi@raspberrypi:~ $ a2enconf owncloud-ssl.conf
Conf owncloud-ssl already enabled

masi@raspberrypi:~ $ sudo service apache2 restart
Job for apache2.service failed. See 'systemctl status apache2.service' and 'journalctl -xn' for details.

masi@raspberrypi:~ $ sudo systemctl status apache2.service
● apache2.service - LSB: Apache2 web server
  Loaded: loaded (/etc/init.d/apache2)
  Active: failed (Result: exit-code) since Wed 2016-06-22 21:34:31 UTC; 28min ago
 Process: 14965 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
 Process: 7474 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS)
 Process: 17524 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE)

Jun 22 21:34:31 raspberrypi apache2[17524]: Starting web server: apache2 failed!
Jun 22 21:34:31 raspberrypi apache2[17524]: The apache2 configtest failed. ... (warning).
Jun 22 21:34:31 raspberrypi apache2[17524]: Output of config test was:
Jun 22 21:34:31 raspberrypi apache2[17524]: AH00526: Syntax error on line 9 of /etc/apache2/conf-enabl...onf:
Jun 22 21:34:31 raspberrypi apache2[17524]: SSLCertificateFile: file '/etc/ssl/certs/my-public-cert.pe...mpty
Jun 22 21:34:31 raspberrypi apache2[17524]: Action 'configtest' failed.
Jun 22 21:34:31 raspberrypi apache2[17524]: The Apache error log may have more information.
Jun 22 21:34:31 raspberrypi systemd[1]: apache2.service: control process exited, code=exited status=1
Jun 22 21:34:31 raspberrypi systemd[1]: Failed to start LSB: Apache2 web server.
Jun 22 21:34:31 raspberrypi systemd[1]: Unit apache2.service entered failed state.
Hint: Some lines were ellipsized, use -l to show in full.

masi@raspberrypi:~ $ sudo journalctl -xn
-- Logs begin at Tue 2016-05-31 16:20:51 UTC, end at Wed 2016-06-22 22:06:09 UTC. --
Jun 22 21:41:03 raspberrypi sudo[17644]: pam_unix(sudo:session): session opened for user root by masi(uid=0)
Jun 22 21:41:51 raspberrypi sudo[17644]: pam_unix(sudo:session): session closed for user root
Jun 22 22:01:17 raspberrypi sudo[17801]: masi : TTY=pts/0 ; PWD=/home/masi ; USER=root ; COMMAND=/bin/journal
Jun 22 22:01:17 raspberrypi sudo[17801]: pam_unix(sudo:session): session opened for user root by masi(uid=0)
Jun 22 22:02:36 raspberrypi sudo[17801]: pam_unix(sudo:session): session closed for user root
Jun 22 22:02:38 raspberrypi sudo[17812]: masi : TTY=pts/0 ; PWD=/home/masi ; USER=root ; COMMAND=/bin/systemc
Jun 22 22:02:38 raspberrypi sudo[17812]: pam_unix(sudo:session): session opened for user root by masi(uid=0)
Jun 22 22:02:38 raspberrypi sudo[17812]: pam_unix(sudo:session): session closed for user root
Jun 22 22:06:08 raspberrypi sudo[17829]: masi : TTY=pts/0 ; PWD=/home/masi ; USER=root ; COMMAND=/bin/journal
Jun 22 22:06:09 raspberrypi sudo[17829]: pam_unix(sudo:session): session opened for user root by masi(uid=0)

設置

  • 我的重要配置文件/etc/apache2/sites-enabled/000-default.conf並且000-default-ssl.conf兩者都有 SSL 配置;/etc/apache2/sites-enabled/000-default.conf最後完成
# 000-default.conf
SSLEngine on
SSLCertificateFile    /usr/local/share/ca-certificates/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key

另一個文件只是另一個文件的符號連結ls -la /etc/apache2/sites-enabled/

total 8
drwxr-xr-x 2 root root 4096 Jun 22 15:32 .
drwxr-xr-x 8 root root 4096 Jun 22 21:41 ..
lrwxrwxrwx 1 root root   45 May 31 19:35 000-default.conf -> /etc/apache2/sites-available/000-default.conf
lrwxrwxrwx 1 root root   35 May 31 11:50 000-default-ssl.conf -> ../sites-available/000-default.conf
  • /etc/apache2/envvars活蹦亂跳(執行緒
# https://askubuntu.com/a/718551/25388
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
  • 鑰匙像
# http://www.slsmk.com/enabling-https-access-to-owncloud/
sudo apt-get install ca-certificates
sudo mkdir /etc/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
   -keyout /etc/ssl/private/apache.key \
   -out /usr/local/share/ca-certificates/apache.crt

# http://stackoverflow.com/questions/5244129/use-rsa-private-key-to-generate-public-key
sudo -i
openssl rsa -in /etc/ssl/private/apache.key -pubout \    
   > /etc/ssl/certs/my-pubkey.perm
  • 所有者/組/etc/ssl/
sudo ls -la /etc/ssl/ | grep certs
drwxr-xr-x 2 root root 24576 Jun 22 13:13 certs

sudo ls -la /etc/ssl/ | grep private 
drwx--x---- 2 root ssl-cert 4096 Jun 22 13:11 private

我願意

masi@raspberrypi:~ $ sudo systemctl -l
 ... 
 session-c25.scope                                                           
● apache2.service                                                             
 avahi-daemon.service                                                        
 ...
 ssh.service                                                                 
● systemd-ask-password-console.service                                        
● systemd-ask-password-wall.service                                           
 systemd-fsck-root.service                                                   
 ...

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

116 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

我願意

masi@raspberrypi:~ $ sudo systemctl -l status apache2 
● apache2.service - LSB: Apache2 web server
  Loaded: loaded (/etc/init.d/apache2)
  Active: failed (Result: exit-code) since Wed 2016-06-22 21:34:31 UTC; 22h ago

Jun 22 21:34:31 raspberrypi apache2[17524]: Starting web server: apache2 failed!
Jun 22 21:34:31 raspberrypi apache2[17524]: The apache2 configtest failed. ... (warning).
Jun 22 21:34:31 raspberrypi apache2[17524]: Output of config test was:
Jun 22 21:34:31 raspberrypi apache2[17524]: AH00526: Syntax error on line 9 of /etc/apache2/conf-enabled/owncloud-ssl.conf:
Jun 22 21:34:31 raspberrypi apache2[17524]: SSLCertificateFile: file '/etc/ssl/certs/my-public-cert.pem' does not exist or is empty
Jun 22 21:34:31 raspberrypi apache2[17524]: Action 'configtest' failed.
Jun 22 21:34:31 raspberrypi apache2[17524]: The Apache error log may have more information.
Jun 22 21:34:31 raspberrypi systemd[1]: apache2.service: control process exited, code=exited status=1
Jun 22 21:34:31 raspberrypi systemd[1]: Failed to start LSB: Apache2 web server.
Jun 22 21:34:31 raspberrypi systemd[1]: Unit apache2.service entered failed state.

我懂了/var/log/apache2/error.log

[Fri Jun 24 06:37:41.960434 2016] [ssl:emerg] [pid 3605] AH02580: Init: Pass phrase incorrect for key localhost:80:0
[Fri Jun 24 06:37:41.960823 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 24 06:37:41.960922 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Fri Jun 24 06:37:41.961001 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 24 06:37:41.961085 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Fri Jun 24 06:37:41.961165 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Fri Jun 24 06:37:41.961242 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 24 06:37:41.961324 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Fri Jun 24 06:37:41.961363 2016] [ssl:emerg] [pid 3605] AH02312: Fatal error initialising mod_ssl, exiting.
[Fri Jun 24 06:37:41.961393 2016] [ssl:emerg] [pid 3605] AH02564: Failed to configure encrypted (?) private key localhost:80:0, check /etc/ssl/private/apache.key
AH00016: Configuration Failed
[Fri Jun 24 06:38:08.445081 2016] [ssl:emerg] [pid 3666] AH02580: Init: Pass phrase incorrect for key localhost:80:0
[Fri Jun 24 06:38:08.445296 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 24 06:38:08.445346 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Fri Jun 24 06:38:08.445386 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 24 06:38:08.445428 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Fri Jun 24 06:38:08.445470 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Fri Jun 24 06:38:08.445508 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 24 06:38:08.445550 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Fri Jun 24 06:38:08.445570 2016] [ssl:emerg] [pid 3666] AH02312: Fatal error initialising mod_ssl, exiting.
[Fri Jun 24 06:38:08.445586 2016] [ssl:emerg] [pid 3666] AH02564: Failed to configure encrypted (?) private key localhost:80:0, check /etc/ssl/private/apache.key
AH00016: Configuration Failed
[Fri Jun 24 06:38:21.111567 2016] [ssl:warn] [pid 3727] AH01906: localhost:80:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 24 06:38:21.111972 2016] [ssl:warn] [pid 3727] AH01909: localhost:80:0 server certificate does NOT include an ID which matches the server name
[Fri Jun 24 06:38:21.163516 2016] [ssl:warn] [pid 3727] AH01906: localhost:80:1 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 24 06:38:21.163631 2016] [ssl:warn] [pid 3727] AH01909: localhost:80:1 server certificate does NOT include an ID which matches the server name
[Fri Jun 24 06:38:21.168113 2016] [ssl:emerg] [pid 3727] AH02562: Failed to configure certificate 127.0.0.1:443:0 (with chain), check /etc/ssl/certs/my-pubkey.perm
[Fri Jun 24 06:38:21.168237 2016] [ssl:emerg] [pid 3727] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Fri Jun 24 06:38:21.168340 2016] [ssl:emerg] [pid 3727] SSL Library Error: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
AH00016: Configuration Failed
[Fri Jun 24 06:38:52.430593 2016] [ssl:warn] [pid 3797] AH01906: localhost:80:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 24 06:38:52.430987 2016] [ssl:warn] [pid 3797] AH01909: localhost:80:0 server certificate does NOT include an ID which matches the server name
[Fri Jun 24 06:38:52.482936 2016] [ssl:warn] [pid 3797] AH01906: localhost:80:1 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 24 06:38:52.483046 2016] [ssl:warn] [pid 3797] AH01909: localhost:80:1 server certificate does NOT include an ID which matches the server name
[Fri Jun 24 06:38:52.484628 2016] [ssl:emerg] [pid 3797] AH02562: Failed to configure certificate 127.0.0.1:443:0 (with chain), check /etc/ssl/certs/my-pubkey.perm
[Fri Jun 24 06:38:52.484737 2016] [ssl:emerg] [pid 3797] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Fri Jun 24 06:38:52.484838 2016] [ssl:emerg] [pid 3797] SSL Library Error: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
AH00016: Configuration Failed

/etc/apache2/sites-enabled/000-default-ssl.conf在哪裡 SSL-key 的東西和其他設置,這可能會導致並發症

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ServerName localhost

       DocumentRoot /var/www
       <Directory />
               Options FollowSymLinks
               AllowOverride None
       </Directory>
       <Directory /var/www/>
               Options Indexes FollowSymLinks MultiViews
               AllowOverride All
               Order allow,deny
               allow from all
       </Directory>

ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined

SSLEngine on

SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIU
SSLCertificateFile /usr/local/share/ca-certificates/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key

SetEnvIf User-Agent .*MSIE.* nokeepalive ssl-unclean-shutdown
CustomLog /var/log/apache2/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>

</VirtualHost>
</IfModule>

系統:Raspbian Jessie

儲存系統:Apache 上的ownCloud 8.2.5

硬體:Raspberry Pi 3b

@garethTheRed 的評論解決了這個問題:sudo systemctl -l status apache2它提供了清晰的日誌(請參閱問題的正文),並通過將 PATH 更正為私鑰和公鑰來解決問題,/etc/apache2/conf-enabled/owncloud-ssl.conf但這可能不適合,ownCloud因為在 http/https 中仍然無法訪問

<VirtualHost *:80>
   RewriteEngine on
   ReWriteCond %{SERVER_PORT} !^443$
   RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
<VirtualHost *:443>
   ServerName 127.0.0.1
   SSLEngine on
   SSLCertificateFile /etc/ssl/certs/my-pubkey.perm
   SSLCertificateKeyFile /etc/ssl/private/apache.key
   DocumentRoot /var/www/owncloud

   <IfModule mod_headers.c>
       Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
   </IfModule>
</VirtualHost>

我再次重新啟動 apache2 並執行

masi@raspberrypi:~ $ sudo systemctl -l status apache2 
● apache2.service - LSB: Apache2 web server
  Loaded: loaded (/etc/init.d/apache2)
  Active: active (exited) since Thu 2016-06-23 19:58:00 UTC; 5s ago
 Process: 1280 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)

Jun 23 19:58:00 raspberrypi apache2[1280]: Starting web server: apache2Action 'start' failed.
Jun 23 19:58:00 raspberrypi apache2[1280]: The Apache error log may have more information.
Jun 23 19:58:00 raspberrypi apache2[1280]: .
Jun 23 19:58:00 raspberrypi systemd[1]: Started LSB: Apache2 web server.

輸出:http/https 地址不起作用。預期:他們應該工作。其他的也錯了。

  • 測試 1.ping 192.168.1.107在引導交通方面有問題
PING 192.168.1.107 (192.168.1.107) 56(84) bytes of data.
64 bytes from 192.168.1.107: icmp_seq=1 ttl=64 time=0.661 ms
64 bytes from 192.168.1.107: icmp_seq=2 ttl=64 time=0.653 ms
...

/etc/apache2/sites-available/000-default-ssl.confabout SSLCertificateFile(certificate here, not public key) 和SSLCertificateKeyFile(private key)中也進行適當的更改

SSLCertificateFile /usr/local/share/ca-certificates/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key

我偶然在文件中的證書位置有一個公鑰。請參閱正文以獲取完整文件。輸出:HTTP url 中仍然沒有訪問權限。預期輸出:HTTP 訪問。

引用自:https://unix.stackexchange.com/questions/291482

相關問答

Raspberry-Pi

Raspbian - 無法通過 Internet 訪問 Apache 伺服器

  • May 9, 2019
檢視問答
Ssh

apt 殺死終端

  • May 27, 2022
檢視問答
Apt

Apt / Apt-get / dpkg 不再記錄到 journald

  • May 26, 2022
檢視問答
Apache-Httpd

Apache SSL:伺服器證書不包含與伺服器名稱匹配的 ID

  • April 28, 2022
檢視問答
Linux

如何讓 wifi 在我的樹莓派上與 r8188eu 驅動程序一起工作?

  • April 19, 2022
檢視問答
Raspberry-Pi

代理 arp 需要混雜模式嗎?

  • March 17, 2022
檢視問答