好吧,我忘了更新我的 Let's Encrypt 伺服器證書,而且我只是無法啟動 Apache。這是 CentOS 給我的:
service httpd status
Redirecting to /bin/systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2019-03-23 18:55:50 PDT; 6s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 3216 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 32430 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
Process: 3213 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 3213 (code=exited, status=1/FAILURE)
Mar 23 18:55:50 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
Mar 23 18:55:50 localhost.localdomain httpd[3213]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name...message
Mar 23 18:55:50 localhost.localdomain systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Mar 23 18:55:50 localhost.localdomain kill[3216]: kill: cannot find process ""
Mar 23 18:55:50 localhost.localdomain systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 23 18:55:50 localhost.localdomain systemd[1]: Failed to start The Apache HTTP Server.
Mar 23 18:55:50 localhost.localdomain systemd[1]: Unit httpd.service entered failed state.
Mar 23 18:55:50 localhost.localdomain systemd[1]: httpd.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
所以對於我的一生,我不知道出了什麼問題。我無法啟動此操作...因此我也無法更新我的憑證。我是哈克德嗎?我想我不應該對我的幫助請求簡潔而愚蠢。以下是我的 Apache 日誌的相關和最新內容
/var/log/httpd/error_log:
[Sat Mar 23 16:27:43.414544 2019] [core:error] [pid 1330] AH00546: no record of generation 19 of exiting child 19951
[Sat Mar 23 16:27:43.533511 2019] [:error] [pid 19955] SSL Library Error: -8181 Certificate has expired
[Sat Mar 23 16:27:43.533542 2019] [:error] [pid 19955] Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
/var/log/httpd/ssl_error_log:
[Sat Mar 23 16:40:20.015874 2019] [ssl:warn] [pid 21695] AH01909: RSA certificate configured for localhost.localdomain:443 does NOT include an ID which matches the server name
[Sat Mar 23 16:40:54.682141 2019] [ssl:warn] [pid 21735] AH01909: RSA certificate configured for localhost.localdomain:443 does NOT include an ID which matches the server name
我想要的只是讓我的伺服器恢復并快速運行,突然我覺得我在 Logans Run 中,除了我之外其他人都贏了............
我知道已經是 2019 年了,我有我的選擇,但我仍在使用 Apache,因為我的發行版有它,而且它永遠都是這樣工作的。
我承認我很懶。有時我的生活很忙碌,有時客戶想要太多我累了,我忘記去參加派對、免費的研討會,甚至忘記洗狗。
答案1
我今年已經處理過這個問題,奇怪的是,這與您的 SSL 伺服器憑證或 Hackerd 無關。如果您閱讀提交的日誌,您實際上會找到 Apache 提供的有關該怎麼做的建議。如果新增此行:
NSSEnforceValidCerts off
到 /etc/httpd/conf.d/nss.conf 您將能夠再次啟動伺服器。別擔心,密碼團夥還沒有上傳漏洞來終止您的伺服器功能。關於出了什麼問題,這裡有一個很好的答案: https://serverfault.com/posts/578073/revisions
可能最好卸載 NSS,因為您可能根本不使用它。這只是您的 NSS 憑證變壞的糟糕時機,並且與您的 SSL 憑證變壞的時間重疊。 NSS 憑證與 SSL 憑證無關。