将SSL添加到Apache服务器
[英]Adding SSL to Apache Server
问题描述
We got our SSL certificate today, I'm trying to add the SSL certificate to the domain so that we can access the website through https however I'm running into problems. 
我们今天获得了SSL证书,我正在尝试将SSL证书添加到域中,以便我们可以通过https访问该网站,但是我遇到了问题。
We have an apache server running on windows. 我们有一个在Windows上运行的apache服务器。
The configuration works perfectly for port 80 however when I add port 443 to the config everything stops working. 该配置对于端口80完美运行,但是当我将端口443添加到配置中时,一切都停止工作。
The error I get when starting apache is 我启动Apache时遇到的错误是
The requested operation has failed.
I have added the following line 我添加了以下行
Listen 443
below the line: 在下面的行:
Listen 80
I have added the following VirtualHost config 我添加了以下VirtualHost配置
<VirtualHost _default_:443>
DocumentRoot "c:/path/to/website"
ServerName example.com
ServerAlias example.com www.example.com
SSLEngine on
SSLCertificateFile "c:/path/to/cert/cert.crt"
SSLCertificateKeyFile "c:/path/to/cert/key.key"
SSLCACertificateFile "c:/path/to/cert/bundle.ca-bundle"
</VirtualHost>
However whenever I start the apache server after adding this, it doesn't start and I get an error. 但是,每当我添加完后启动apache服务器时,它就不会启动,并且会出现错误。
I have commented out pieces of code and have narrowed the issue down to the Listen 443 line. 我已经注释掉了部分代码,并将问题缩小到了Listen 443行。 Is there something I am not taking into consideration when adding this? 添加此内容时,我是否没有考虑?
These are the last 3 lines in the error.log 这些是error.log中的最后3行
[Thu Jun 08 18:15:31.909142 2017] [mpm_winnt:notice] [pid 66428:tid 712] AH00422: Parent: Received shutdown signal -- Shutting down the server.
[Thu Jun 08 18:15:47.209776 2017] [mpm_winnt:notice] [pid 67332:tid 620] AH00364: Child: All worker threads have exited.
[Thu Jun 08 18:15:48.067933 2017] [mpm_winnt:notice] [pid 66428:tid 712] AH00430: Parent: Child process exited successfully.
Edit 编辑
This is the response from running httpd.exe -e debug 这是运行httpd.exe -e debug的响应
(OS 10013)An attempt was made to access a socket in a way forbidden by its access permissions. : AH00072: make_sock: could not bind to address [::]:443
(OS 10013)An attempt was made to access a socket in a way forbidden by its access permissions. : AH00072: make_sock: could not bind to address 0.0.0.0:443
AH00451: no listening sockets available, shutting down
AH00015: Unable to open logs
1 个解决方案
解决方案1
1 已采纳 2017-06-08 18:53:42
I don't know how your httpd.conf file looks like, maybe you deleted/changed accidentaly some value. 我不知道您的httpd.conf文件是什么样子,也许您意外删除/更改了某些值。
The very first thing you need to do is to restore your httpd.conf file and start the service without the SSL configuration. 您需要做的第一件事是还原您的httpd.conf文件并在没有SSL配置的情况下启动服务。 Once it works you can proceed with this steps: 一旦工作,您可以继续执行以下步骤:
In a new file separate all your SSL settings, maybe a new file called httpd-ssl.conf is a good name. 在一个单独的所有SSL设置的新文件中,一个名为httpd-ssl.conf的新文件也许是个好名字。
After that, at the end of your main httpd.conf add this lines to include the new file: 之后,在主httpd.conf的末尾添加以下行以包括新文件:
# Secure (SSL/TLS) connections
Include conf/httpd-ssl.conf
This as good practice to avoid changing/deleting accidentally something in the main config and limitate the source of possible errors, you'll know any error will be related to the new file included. 这是避免在主配置中意外更改/删除某些内容并限制可能错误源的一种好习惯,您将知道任何错误都将与所包含的新文件有关。
Your new conf/httpd-ssl.conf should look something like this (standard setup): 您的新conf / httpd-ssl.conf应该看起来像这样(标准设置):
# HTTPS port
Listen 443
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "C:/your_httpd_path/htdocs"
ServerName www.example.com:443
ServerAdmin admin@example.com
ErrorLog "C:/your_httpd_path/logs/error.log"
TransferLog "C:/your_httpd_path/logs/access.log"
# SSL Engine Switch:
SSLEngine on
# Server Certificates:
SSLCertificateFile "c:/path/to/cert/cert.crt"
SSLCertificateKeyFile "c:/path/to/cert/key.key"
SSLCACertificateFile "c:/path/to/cert/bundle.ca-bundle"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "C:/your_httpd_path/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
CustomLog "C:/your_httpd_path/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Have you tried using httpd.exe -e debug? 您是否尝试过使用httpd.exe -e调试? maybe we can find something useful in this mode. 也许我们可以在这种模式下找到有用的东西。
UPDATE: Aha! 更新:啊哈! you got an error! 你有一个错误! It could be a duplicated line somewhere with 443. 它可能是与443某处重复的行。
Could you check your files in notepad++ and search all the coincidences that match "443"? 您可以在notepad ++中检查文件并搜索与“ 443”匹配的所有符合项吗? probably you already had 443 configured and you tried adding it again? 可能您已经配置了443,并尝试再次添加它? You only need to have one line with: 您只需要一行即可:
Listen 443
Or maybe already running in that port? 或者也许已经在该端口中运行? Check with: 检查:
netstat -na | findstr "443"
If you have something like: 如果您有类似的东西:
TCP [::]:443 [::]:0 LISTENING
Then something else is running on your 443 port. 然后,您的443端口上正在运行其他操作。 Anyway, you can change your httpd conf and set any other port like 4443 ie or kill the process which is taking 443 now. 无论如何,您可以更改您的httpd conf并设置其他任何端口(例如4443 ie),或者杀死现在占用443的进程。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.