Неверная команда 'SSLOpenSSLConfCmd', возможно, неправильно написана - после введения сертификатов letsencrypt
Я только что попытался начать работать с сертификатами letsencrypt на моем Apache.
- Добавлено в мой
/ usr / local / directadmin / conf /directadmin.confстрокаletsencrypt = 1 - Отредактировано в моей
/usr/local/directadmin/conf/directadmin.confстрокеenable_ssl_sni = 1 - Затем:
cd /usr/local/directadmin/custombuild
./build update
./ build letsencrypt
./ build rewrite_confs
И я получаю результат с ошибкой:
Checking to ensure /etc/httpd/conf/ssl.crt/server.ca is set.
Using 193.107.90.129 for your server IP
Installation of ModSecurity Rule Set has been finished.
Restarting apache.
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
I иметь:
CentOS Linux, выпуск 7.7.1908 (Core)
Версия сервера: Apache / 2.4.25 (Unix)
OpenSSL 1.0.2k-fips
systemctl status httpd.service говорит
● httpd.service - The Apache HTTP Server
Loaded: loaded (/etc/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2020-04-05 23:23:06 CEST; 2s ago
Process: 24927 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 24926 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 24926 (code=exited, status=1/FAILURE)
Apr 05 23:23:06 vps.kustransport.kylos.net.pl systemd[1]: Starting The Apache HTTP Server...
Apr 05 23:23:06 vps.kustransport.kylos.net.pl httpd[24926]: AH00526: Syntax error on line 243 of /etc/httpd/conf/extra/httpd-ssl.conf:
Apr 05 23:23:06 vps.kustransport.kylos.net.pl httpd[24926]: Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration
Apr 05 23:23:06 vps.kustransport.kylos.net.pl systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Apr 05 23:23:06 vps.kustransport.kylos.net.pl kill[24927]: kill: cannot find process ""
Apr 05 23:23:06 vps.kustransport.kylos.net.pl systemd[1]: httpd.service: control process exited, code=exited status=1
Apr 05 23:23:06 vps.kustransport.kylos.net.pl systemd[1]: Failed to start The Apache HTTP Server.
Apr 05 23:23:06 vps.kustransport.kylos.net.pl systemd[1]: Unit httpd.service entered failed state.
Apr 05 23:23:06 vps.kustransport.kylos.net.pl systemd[1]: httpd.service failed.
И journalctl -xe почти то же самое, но последние две строки:
-- Unit httpd.service has begun starting up.
Apr 05 23:24:06 vps.kustransport.kylos.net.pl httpd[25033]: AH00526: Syntax error on line 243 of /etc/httpd/conf/extra/httpd-ssl.conf:
Apr 05 23:24:06 vps.kustransport.kylos.net.pl httpd[25033]: Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration
Apr 05 23:24:06 vps.kustransport.kylos.net.pl systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Apr 05 23:24:06 vps.kustransport.kylos.net.pl kill[25034]: kill: cannot find process ""
Apr 05 23:24:06 vps.kustransport.kylos.net.pl systemd[1]: httpd.service: control process exited, code=exited status=1
Apr 05 23:24:06 vps.kustransport.kylos.net.pl systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
последние 2 строки:
Apr 05 23:24:09 vps.kustransport.kylos.net.pl kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:52:54:00:22:de:69:08:00 SRC=193.107.89.52 DST=255.255.255.255 LEN=68 TOS=0x00 PRE
Apr 05 23:24:13 vps.kustransport.kylos.net.pl kernel: Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=00:16:3c:af:2d:c5:00:d0:04:94:38:00:08:00 SRC=185.175.93.105 DST=193.107.90.129 LEN=40 TOS=0x00 PRE
«Плохо» строка в /etc/httpd/conf/extra/httpd-ssl.conf выглядит нормально и выглядит так:
SSLOpenSSLConfCmd DHParameters "/etc/httpd/conf/ssl.crt/dhparams.pem"
Я также обнаружил, что в / etc / httpd / conf / extra / httpd-ssl.conf У меня:
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/var/www/html"
ServerName www.example.com:443
ServerAdmin you@example.com
ErrorLog /var/log/httpd/error_log
TransferLog /var/log/httpd/access_log
И когда я устанавливаю ServerName для своего домена, он меняется на то, что указано выше, каждый раз, когда я делаю "./build update". Однако, когда я вручную меняю и перезапускаю, проблема остается той же.
Дополнительно tail / var / log / httpd / error_log :
[Mon Apr 06 00:55:02.001888 2020] [ssl:warn] [pid 25965:tid 139892334979200] AH01909: localhost:443:0 server certificate does NOT include an ID which matches the server name
[Mon Apr 06 00:55:02.002157 2020] [suexec:notice] [pid 25965:tid 139892334979200] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Apr 06 00:55:02.002177 2020] [core:emerg] [pid 25965:tid 139892334979200] (28)No space left on device: AH00023: Couldn't create the rewrite-map mutex
AH00016: Configuration Failed
Параметр, описанный в документации mod_ssl , кажется, поддерживается в вашей версии серверов httpd и версии ssl:
Description: Configure OpenSSL parameters through its SSL_CONF API
Syntax: SSLOpenSSLConfCmd command-name command-value
Context: server config, virtual host
Status: Extension
Module: mod_ssl
Compatibility: Available in httpd 2.4.8 and later, if using OpenSSL 1.0.2 or later
Убедитесь, что mod_ssl включен по ошибке:
a2enmod ssl
если при вводе предыдущей команды вы получаете сообщение об ошибке, установите модуль httpd ssl:
yum install mod_ssl