Zustand:http://192.168.1.107/Undhttp://192.168.1.107/owncloud(mit/ohne https) nicht aktiv nach Neukonfiguration der Einstellungen mit selbstsignierten SSL-Zertifikaten für HTTPS, wie beschrieben vonFadenwo ich alle Schritte befolgt habe, bis der Neustart fehlschlug apache2
.
Support: Neustart von Apache2 fehlgeschlagen
Ich tue
# http://www.slsmk.com/enabling-https-access-to-owncloud/
masi@raspberrypi:~ $ sudo vim /etc/apache2/conf-available/owncloud-ssl.conf
masi@raspberrypi:~ $ a2enconf owncloud-ssl.conf
Conf owncloud-ssl already enabled
masi@raspberrypi:~ $ sudo service apache2 restart
Job for apache2.service failed. See 'systemctl status apache2.service' and 'journalctl -xn' for details.
masi@raspberrypi:~ $ sudo systemctl status apache2.service
● apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2)
Active: failed (Result: exit-code) since Wed 2016-06-22 21:34:31 UTC; 28min ago
Process: 14965 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
Process: 7474 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS)
Process: 17524 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE)
Jun 22 21:34:31 raspberrypi apache2[17524]: Starting web server: apache2 failed!
Jun 22 21:34:31 raspberrypi apache2[17524]: The apache2 configtest failed. ... (warning).
Jun 22 21:34:31 raspberrypi apache2[17524]: Output of config test was:
Jun 22 21:34:31 raspberrypi apache2[17524]: AH00526: Syntax error on line 9 of /etc/apache2/conf-enabl...onf:
Jun 22 21:34:31 raspberrypi apache2[17524]: SSLCertificateFile: file '/etc/ssl/certs/my-public-cert.pe...mpty
Jun 22 21:34:31 raspberrypi apache2[17524]: Action 'configtest' failed.
Jun 22 21:34:31 raspberrypi apache2[17524]: The Apache error log may have more information.
Jun 22 21:34:31 raspberrypi systemd[1]: apache2.service: control process exited, code=exited status=1
Jun 22 21:34:31 raspberrypi systemd[1]: Failed to start LSB: Apache2 web server.
Jun 22 21:34:31 raspberrypi systemd[1]: Unit apache2.service entered failed state.
Hint: Some lines were ellipsized, use -l to show in full.
masi@raspberrypi:~ $ sudo journalctl -xn
-- Logs begin at Tue 2016-05-31 16:20:51 UTC, end at Wed 2016-06-22 22:06:09 UTC. --
Jun 22 21:41:03 raspberrypi sudo[17644]: pam_unix(sudo:session): session opened for user root by masi(uid=0)
Jun 22 21:41:51 raspberrypi sudo[17644]: pam_unix(sudo:session): session closed for user root
Jun 22 22:01:17 raspberrypi sudo[17801]: masi : TTY=pts/0 ; PWD=/home/masi ; USER=root ; COMMAND=/bin/journal
Jun 22 22:01:17 raspberrypi sudo[17801]: pam_unix(sudo:session): session opened for user root by masi(uid=0)
Jun 22 22:02:36 raspberrypi sudo[17801]: pam_unix(sudo:session): session closed for user root
Jun 22 22:02:38 raspberrypi sudo[17812]: masi : TTY=pts/0 ; PWD=/home/masi ; USER=root ; COMMAND=/bin/systemc
Jun 22 22:02:38 raspberrypi sudo[17812]: pam_unix(sudo:session): session opened for user root by masi(uid=0)
Jun 22 22:02:38 raspberrypi sudo[17812]: pam_unix(sudo:session): session closed for user root
Jun 22 22:06:08 raspberrypi sudo[17829]: masi : TTY=pts/0 ; PWD=/home/masi ; USER=root ; COMMAND=/bin/journal
Jun 22 22:06:09 raspberrypi sudo[17829]: pam_unix(sudo:session): session opened for user root by masi(uid=0)
Einstellungen
Meine wichtigen Konfigurationsdateien
/etc/apache2/sites-enabled/
sind000-default.conf
und000-default-ssl.conf
wo beide SSL-Konfigurationen haben;/etc/apache2/sites-enabled/000-default.conf
am Ende vervollständigen# 000-default.conf SSLEngine on SSLCertificateFile /usr/local/share/ca-certificates/apache.crt SSLCertificateKeyFile /etc/ssl/private/apache.key
Die andere Datei ist nur ein Symlink zur anderen Datei durch
ls -la /etc/apache2/sites-enabled/
total 8 drwxr-xr-x 2 root root 4096 Jun 22 15:32 . drwxr-xr-x 8 root root 4096 Jun 22 21:41 .. lrwxrwxrwx 1 root root 45 May 31 19:35 000-default.conf -> /etc/apache2/sites-available/000-default.conf lrwxrwxrwx 1 root root 35 May 31 11:50 000-default-ssl.conf -> ../sites-available/000-default.conf
/etc/apache2/envvars
ist gesund und munter (Faden)# https://askubuntu.com/a/718551/25388 export APACHE_RUN_USER=www-data export APACHE_RUN_GROUP=www-data
Schlüssel gemacht wie
# http://www.slsmk.com/enabling-https-access-to-owncloud/ sudo apt-get install ca-certificates sudo mkdir /etc/ssl sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /etc/ssl/private/apache.key \ -out /usr/local/share/ca-certificates/apache.crt # http://stackoverflow.com/questions/5244129/use-rsa-private-key-to-generate-public-key sudo -i openssl rsa -in /etc/ssl/private/apache.key -pubout \ > /etc/ssl/certs/my-pubkey.perm
Eigentümer/Gruppe von
/etc/ssl/
sudo ls -la /etc/ssl/ | grep certs drwxr-xr-x 2 root root 24576 Jun 22 13:13 certs sudo ls -la /etc/ssl/ | grep private drwx--x---- 2 root ssl-cert 4096 Jun 22 13:11 private
Ich tue
masi@raspberrypi:~ $ sudo systemctl -l
...
session-c25.scope
● apache2.service
avahi-daemon.service
...
ssh.service
● systemd-ask-password-console.service
● systemd-ask-password-wall.service
systemd-fsck-root.service
...
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
116 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
Ich tue
masi@raspberrypi:~ $ sudo systemctl -l status apache2
● apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2)
Active: failed (Result: exit-code) since Wed 2016-06-22 21:34:31 UTC; 22h ago
Jun 22 21:34:31 raspberrypi apache2[17524]: Starting web server: apache2 failed!
Jun 22 21:34:31 raspberrypi apache2[17524]: The apache2 configtest failed. ... (warning).
Jun 22 21:34:31 raspberrypi apache2[17524]: Output of config test was:
Jun 22 21:34:31 raspberrypi apache2[17524]: AH00526: Syntax error on line 9 of /etc/apache2/conf-enabled/owncloud-ssl.conf:
Jun 22 21:34:31 raspberrypi apache2[17524]: SSLCertificateFile: file '/etc/ssl/certs/my-public-cert.pem' does not exist or is empty
Jun 22 21:34:31 raspberrypi apache2[17524]: Action 'configtest' failed.
Jun 22 21:34:31 raspberrypi apache2[17524]: The Apache error log may have more information.
Jun 22 21:34:31 raspberrypi systemd[1]: apache2.service: control process exited, code=exited status=1
Jun 22 21:34:31 raspberrypi systemd[1]: Failed to start LSB: Apache2 web server.
Jun 22 21:34:31 raspberrypi systemd[1]: Unit apache2.service entered failed state.
Ich verstehe/var/log/apache2/error.log
[Fri Jun 24 06:37:41.960434 2016] [ssl:emerg] [pid 3605] AH02580: Init: Pass phrase incorrect for key localhost:80:0
[Fri Jun 24 06:37:41.960823 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 24 06:37:41.960922 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Fri Jun 24 06:37:41.961001 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 24 06:37:41.961085 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Fri Jun 24 06:37:41.961165 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Fri Jun 24 06:37:41.961242 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 24 06:37:41.961324 2016] [ssl:emerg] [pid 3605] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Fri Jun 24 06:37:41.961363 2016] [ssl:emerg] [pid 3605] AH02312: Fatal error initialising mod_ssl, exiting.
[Fri Jun 24 06:37:41.961393 2016] [ssl:emerg] [pid 3605] AH02564: Failed to configure encrypted (?) private key localhost:80:0, check /etc/ssl/private/apache.key
AH00016: Configuration Failed
[Fri Jun 24 06:38:08.445081 2016] [ssl:emerg] [pid 3666] AH02580: Init: Pass phrase incorrect for key localhost:80:0
[Fri Jun 24 06:38:08.445296 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 24 06:38:08.445346 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error
[Fri Jun 24 06:38:08.445386 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 24 06:38:08.445428 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA)
[Fri Jun 24 06:38:08.445470 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA lib
[Fri Jun 24 06:38:08.445508 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Fri Jun 24 06:38:08.445550 2016] [ssl:emerg] [pid 3666] SSL Library Error: error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
[Fri Jun 24 06:38:08.445570 2016] [ssl:emerg] [pid 3666] AH02312: Fatal error initialising mod_ssl, exiting.
[Fri Jun 24 06:38:08.445586 2016] [ssl:emerg] [pid 3666] AH02564: Failed to configure encrypted (?) private key localhost:80:0, check /etc/ssl/private/apache.key
AH00016: Configuration Failed
[Fri Jun 24 06:38:21.111567 2016] [ssl:warn] [pid 3727] AH01906: localhost:80:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 24 06:38:21.111972 2016] [ssl:warn] [pid 3727] AH01909: localhost:80:0 server certificate does NOT include an ID which matches the server name
[Fri Jun 24 06:38:21.163516 2016] [ssl:warn] [pid 3727] AH01906: localhost:80:1 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 24 06:38:21.163631 2016] [ssl:warn] [pid 3727] AH01909: localhost:80:1 server certificate does NOT include an ID which matches the server name
[Fri Jun 24 06:38:21.168113 2016] [ssl:emerg] [pid 3727] AH02562: Failed to configure certificate 127.0.0.1:443:0 (with chain), check /etc/ssl/certs/my-pubkey.perm
[Fri Jun 24 06:38:21.168237 2016] [ssl:emerg] [pid 3727] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Fri Jun 24 06:38:21.168340 2016] [ssl:emerg] [pid 3727] SSL Library Error: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
AH00016: Configuration Failed
[Fri Jun 24 06:38:52.430593 2016] [ssl:warn] [pid 3797] AH01906: localhost:80:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 24 06:38:52.430987 2016] [ssl:warn] [pid 3797] AH01909: localhost:80:0 server certificate does NOT include an ID which matches the server name
[Fri Jun 24 06:38:52.482936 2016] [ssl:warn] [pid 3797] AH01906: localhost:80:1 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 24 06:38:52.483046 2016] [ssl:warn] [pid 3797] AH01909: localhost:80:1 server certificate does NOT include an ID which matches the server name
[Fri Jun 24 06:38:52.484628 2016] [ssl:emerg] [pid 3797] AH02562: Failed to configure certificate 127.0.0.1:443:0 (with chain), check /etc/ssl/certs/my-pubkey.perm
[Fri Jun 24 06:38:52.484737 2016] [ssl:emerg] [pid 3797] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: TRUSTED CERTIFICATE) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?
[Fri Jun 24 06:38:52.484838 2016] [ssl:emerg] [pid 3797] SSL Library Error: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
AH00016: Configuration Failed
Meine /etc/apache2/sites-enabled/000-default-ssl.conf
wo SSL-Schlüssel Dinge und andere Einstellungen, die die Komplikationen verursachen können
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ServerName localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIU
SSLCertificateFile /usr/local/share/ca-certificates/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key
SetEnvIf User-Agent .*MSIE.* nokeepalive ssl-unclean-shutdown
CustomLog /var/log/apache2/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
System: Raspbian Jessie
Speichersystem: ownCloud 8.2.5 auf Apache
Hardware: Raspberry Pi 3b
Antwort1
Der Kommentar von @garethTheRed löst das Problem: sudo systemctl -l status apache2
Er liefert klare Protokolle (siehe den Hauptteil der Frage) und löst den Fall durch die Korrektur von Pfaden zu privaten und öffentlichen Schlüsseln, /etc/apache2/conf-enabled/owncloud-ssl.conf
was jedoch möglicherweise ungeeignet ist, ownCloud
da noch immer kein Zugriff über http/https möglich ist.
<VirtualHost *:80>
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
<VirtualHost *:443>
ServerName 127.0.0.1
SSLEngine on
SSLCertificateFile /etc/ssl/certs/my-pubkey.perm
SSLCertificateKeyFile /etc/ssl/private/apache.key
DocumentRoot /var/www/owncloud
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
</IfModule>
</VirtualHost>
Ich starte Apache2 erneut und mache
masi@raspberrypi:~ $ sudo systemctl -l status apache2
● apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2)
Active: active (exited) since Thu 2016-06-23 19:58:00 UTC; 5s ago
Process: 1280 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)
Jun 23 19:58:00 raspberrypi apache2[1280]: Starting web server: apache2Action 'start' failed.
Jun 23 19:58:00 raspberrypi apache2[1280]: The Apache error log may have more information.
Jun 23 19:58:00 raspberrypi apache2[1280]: .
Jun 23 19:58:00 raspberrypi systemd[1]: Started LSB: Apache2 web server.
Ausgabe: http/https-Adressen funktionieren nicht. Erwartet: Sie sollten funktionieren. Auch etwas anderes ist falsch.
Test 1.
ping 192.168.1.107
funktioniert also etwas falsch in der Leitung des VerkehrsPING 192.168.1.107 (192.168.1.107) 56(84) bytes of data. 64 bytes from 192.168.1.107: icmp_seq=1 ttl=64 time=0.661 ms 64 bytes from 192.168.1.107: icmp_seq=2 ttl=64 time=0.653 ms ...
Nehmen Sie die entsprechenden Änderungen auch in /etc/apache2/sites-available/000-default-ssl.conf
etwa SSLCertificateFile
(Zertifikat hier, nicht öffentlicher Schlüssel) und SSLCertificateKeyFile
(privater Schlüssel) vor.
SSLCertificateFile /usr/local/share/ca-certificates/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key
Ich hatte versehentlich einen öffentlichen Schlüssel anstelle des Zertifikats in der Datei. Die vollständige Datei finden Sie im Text. Ausgabe: immer noch kein Zugriff über HTTP-URL. Erwartete Ausgabe: Zugriff über HTTP.