當我使用自定義證書為 ssl 設置 Apache Web 伺服器時，它沒有啟動

我在 RHEL 7 實例上設置了 Apache 網路伺服器

yum install mod_ssl openssl
openssl genrsa -out ca.key 2048 
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr

在 httpd.conf 文件和 ssl.conf 文件中，我將指向 443 的虛擬主機更改為使用以下 SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key

httpd 重新啟動沒有錯誤

當我用自定義證書替換它們時，出現以下錯誤

httpd.service - The Apache HTTP Server
  Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
  Active: failed (Result: exit-code) since Sun 2020-03-08 19:36:43 UTC; 12s ago
    Docs: man:httpd(8)
          man:apachectl(8)
 Process: 6763 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
 Process: 6761 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 6761 (code=exited, status=1/FAILURE)

Mar 08 19:36:43 hostname systemd[1]: Starting The Apache HTTP Server...
Mar 08 19:36:43 hostname httpd[6761]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/httpd.conf:13
Mar 08 19:36:43 hostname systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Mar 08 19:36:43 hostname kill[6763]: kill: cannot find process ""
Mar 08 19:36:43 hostname systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 08 19:36:43 hostname systemd[1]: Failed to start The Apache HTTP Server.
Mar 08 19:36:43 hostname systemd[1]: Unit httpd.service entered failed state.
Mar 08 19:36:43 hostname systemd[1]: httpd.service failed.
===============================================
=================================
-- Unit httpd.service has begun starting up.
Mar 08 19:19:39 hostname polkitd[616]: Registered Authentication Agent for unix-process:6681:1188860 (system bus name :1.51 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 08 19:19:39 hostname systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
Mar 08 19:19:39 hostname httpd[6687]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/httpd.conf:13
Mar 08 19:19:39 hostname audispd[583]: node=hostname type=AVC msg=audit(1583695179.383:732): avc:  denied  { read } for  pid=6687 comm="httpd" name="hostname.cer" dev="nvme0n1p2" ino=539462 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0
Mar 08 19:19:39 hostname audispd[583]: node=hostname type=SYSCALL msg=audit(1583695179.383:732): arch=c000003e syscall=2 success=no exit=-13 a0=7ffd30429940 a1=80000 a2=0 a3=7ffd30428b60 items=0 ppid=1 pid=6687 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
Mar 08 19:19:39 hostname audispd[583]: node=hostname type=PROCTITLE msg=audit(1583695179.383:732): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
Mar 08 19:19:39 hostname systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Mar 08 19:19:39 hostname kill[6689]: kill: cannot find process ""
Mar 08 19:19:39 hostname systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 08 19:19:39 hostname systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Mar 08 19:19:39 hostname systemd[1]: Unit httpd.service entered failed state.
Mar 08 19:19:39 hostname systemd[1]: httpd.service failed.
Mar 08 19:19:39 hostname audispd[583]: node=hostname type=SERVICE_START msg=audit(1583695179.413:733): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=httpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Mar 08 19:19:39 hostname polkitd[616]: Unregistered Authentication Agent for unix-process:6681:1188860 (system bus name :1.51, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 08 19:31:55 hostname adclient[1767]: INFO  AUDIT_TRAIL|Centrify Suite|Trusted Path|1.0|2700|Trusted path granted|5|user=hostname$@domain.COM pid=1767 utc=1583695915114 centrifyEventID=23700 DASessID=N/A DAInst=N/A status=GRANTED server=ldap/ADDomain.com@domain.COM
lines 1869-1900/1900 (END)

由於它們的專有性質，我無法分享證書詳細資訊，請讓我知道還要尋找什麼？謝謝內特

必須將證書文件的所有權更改為 ec2-user:root 以獲取訪問證書文件的程序。這解決了這個問題。非常感謝 Roaima。

引用自：https://unix.stackexchange.com/questions/571851