在之前的文章《Apache开启SSL并实现一个IP配置多个HTTPS站点的方法》中,余斗讲了如何在Apache中开启SSL并且配置多个站点的SSL的方法,在实践的过程中,难免会有一些问题,今天就搜集一些可能会碰到的问题,并给出解决方法:
在部分阿里云国内服务器上使用get_headers('https://www.example.com/',1);这样的语句报错:
Warning: get_headers(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 在 eval() (行 6 在/mnt/gb/www/drupal.chahaoba.com/modules/php/php.module(80) : eval()'d code).
Warning: get_headers(): Failed to enable crypto 在 eval() (行 6 在/mnt/gb/www/drupal.chahaoba.com/modules/php/php.module(80) : eval()'d code).
Warning: get_headers(https://www.baidu.com/node/4): failed to open stream: operation failed 在 eval() (行 6 在/mnt/gb/www/drupal.chahaoba.com/modules/php/php.module(80) : eval()'d code).
用print_r(openssl_get_cert_locations());打印出来是这样的:
(
[default_cert_file] =>/usr/local/ssl/cert.pem
[default_cert_file_env] => SSL_CERT_FILE
[default_cert_dir] =>/usr/local/ssl/certs
[default_cert_dir_env] => SSL_CERT_DIR
[default_private_dir] =>/usr/local/ssl/private
[default_default_cert_area] =>/usr/local/ssl
[ini_cafile] =>
[ini_capath] =>
)
而不报错的国外服务器上打印出来是这样的:
(
[default_cert_file] =>/etc/pki/tls/cert.pem
[default_cert_file_env] => SSL_CERT_FILE
[default_cert_dir] =>/etc/pki/tls/certs
[default_cert_dir_env] => SSL_CERT_DIR
[default_private_dir] =>/etc/pki/tls/private
[default_default_cert_area] =>/etc/pki/tls
[ini_cafile] =>
[ini_capath] =>
)
原因可能是安装的Centos版本及php版本上有小的差别,修改/alidata/server/php5/etc/php.ini强制设置证书路径:
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
;curl.cainfo =
[openssl]
; The location of a Certificate Authority (CA) file on the local filesystem
; to use when verifying the identity of SSL/TLS peers. Most users should
; not specify a value for this directive as PHP will attempt to use the
; OS-managed cert stores in its absence. If specified, this value may still
; be overridden on a per-stream basis via the "cafile" SSL stream context
; option.
;openssl.cafile=
openssl.cafile="/etc/pki/tls/cert.pem"
; If openssl.cafile is not specified or if the CA file is not found, the
; directory pointed to by openssl.capath is searched for a suitable
; certificate. This value must be a correctly hashed certificate directory.
; Most users should not specify a value for this directive as PHP will
; attempt to use the OS-managed cert stores in its absence. If specified,
; this value may still be overridden on a per-stream basis via the "capath"
; SSL stream context option.
;openssl.capath=
openssl.capath="/etc/pki/tls/certs"
重启apache后解决。Drupal网站状态报告中的“HTTP 请求状态 失败”也一并解决。
如果Apache在启动过程中报错,windows下可到 计算机管理->系统工具->事件查看器->windows 日志->应用程序 进行查看,根据日志进行对应的修改。
常见问题:
1、The Apache service named reported the following error:
>>> SSLSessionCache: Invalid argument: size has to be >= 8192 bytes
在64位windows下安装32位Apache时,如果httpd-ssl.conf里的SSLSessionCache目录有空格,会出此问题,修改为一个无空格目录。
2、(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
(1)端口被占用,找到对应的进行并结束。
(2)Linux下查看,无进程占用443端口,确认/etc/httpd/conf.d下只有一个ssl.conf,无其他SSL配置、备份文件,如果有,apache会都载入,造成冲突。原因是http.conf中IncludeOptional conf.d/*.conf。
资源均来自第三方,谨慎下载,前往第三方网站下载
转载请注明原文链接:Apache配置一个IP多个HTTPS站点的的错误提示及解决方法
