Apache SSL 錯誤:重新協商握手失敗:客戶端不接受?

tag-icon tag-icon debian apache-http-server ssl certificate
Apache SSL 錯誤:重新協商握手失敗:客戶端不接受?

我透過客戶端憑證保護我的 WordPress 管理。我在三月從 Wheezy 升級到 Jessie 後遇到了麻煩,但已經解決了解決了一切都運作良好,直到我的 LetsEncrypt 憑證過期。

我運行了一個 LetsEncrypt 客戶端,它也修改了 apache 設定檔。客戶端憑證保護路徑因 SSL 錯誤而停止運作。不幸的是我沒有以前配置的備份。

我花了幾個小時但沒有成功。這個答案可能解釋了這個錯誤,但我無法將其應用到我的場景中。

ssl_engine_kernel.c(1908): [client 213.220.230.83:50427] AH02043: SSL virtual host for servername found
ssl_engine_kernel.c(1841): [client 213.220.230.83:50427] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
ssl_engine_kernel.c(1841): [client 213.220.230.83:50428] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
ssl_engine_kernel.c(243): [client 213.220.230.83:50427] AH02034: Initial (No.1) HTTPS request received for child 2 (server www.literak.cz:443)
ssl_engine_kernel.c(591): [client 213.220.230.83:50427] AH02255: Changed client verification type will force renegotiation
[client 213.220.230.83:50427] AH02221: Requesting connection re-negotiation
ssl_engine_kernel.c(791): [client 213.220.230.83:50427] AH02260: Performing full renegotiation: complete handshake protocol (client does support secure renegotiation)
[client 213.220.230.83:50427] AH02226: Awaiting re-negotiation handshake
ssl_engine_kernel.c(1908): [client 213.220.230.83:50427] AH02043: SSL virtual host for servername found
[client 213.220.230.83:50427] AH02261: Re-negotiation handshake failed: Not accepted by client!?

配置:

<IfModule mod_ssl.c>
NameVirtualHost 77.93.226.222:80
<VirtualHost 77.93.226.222:443>

  DocumentRoot /var/www-data/wordpress
  <Directory /var/www-data/wordpress>
          Options Indexes FollowSymLinks MultiViews
          AllowOverride All
          Order allow,deny
          allow from all
  </Directory>

  SSLCACertificateFile    /etc/apache2/ssl/leos.pem
    <Location /wp-admin>
      SSLVerifyClient require
      SSLVerifyDepth  1
    </Location>

  CustomLog ${APACHE_LOG_DIR}/access.log combined
  SSLCertificateFile /etc/letsencrypt/live//fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/privkey.pem
  Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

答案1

好吧,這很奇怪。我找到了這個話題,有人在未匯入憑證時遇到了問題。我查了一下,我的情況也是。該憑證從我的 Chrome 中消失了。

相關內容