The blogger today plans to configure a multi-certificate Apache so that multiple domain names can be accessed via https://***. According to the online tutorial, just add multiple < VirtualHost *:443> You can do that. But restarting HTTPD always prompts:
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
Journalctl-xe examines with the command:
systemd: Unit httpd.service entered failed state. systemd: httpd.service failed. polkitd: Registered Authentication Agent for unix-process:7076:2357584 (system bus name :1.219 [/usr/bin/pkttyagent -.....
It’s hard to see what’s wrong (at this point the blogger doesn’t know that HTTPD has an error_log, face-covering)
After a long time, I finally opened /var/log/ HTTPD /error_log
AH02312: Fatal error initialising mod_ssl, exiting. SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0 AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) Permission denied: AH02201: Init: Can't open server certificate file
When the blogger saw this error message, he immediately understood that it was SELinux!! A lot of potholes on the SELinux before. So the first thing that comes to mind is that the SSL certificate file, the private key file, is not in the right context. Turning SELinux off directly would certainly solve the problem. But this is just a once-and-for-all approach that will cause more problems.
Three files are required to configure SSL:
Let’s say they’re all under /usr/local/apache/conf/
Displays the current context of each file
chcon -u system_u -r object_r -t cert_t 1_root_bundle.crt chcon -u system_u -r object_r -t cert_t 2_domain.com.crt chcon -u system_u -r object_r -t cert_t 3_domain.com.key
The context configuration is not unique. If this setting doesn’t work, try something else.
- Failed to load SELinux policy. Freezing due to modification of SELinux by centos7
- ssl_ error_ Rx_ record_ too_ Long and Apache SSL solution
- Solution to failure of SSL configuration in synergy
- Apache failed to start due to SSL library certificate has expired
- Solutions to the failure of importing Python 3.7 SSL module
- FreeRDP installation configuration (error message: SSL_read: Failure in SSL library (protocol error?))
- Centos 7.2 failed to load SELinux policy freezing
- MQTT Host name verification failure (SSL) [How to Solve]
- error: RPC failed; curl 56 OpenSSL SSL_ read: SSL_ ERROR_ Syscall, errno 10054 solution
- Error starting day: SELinux is not supported with the overlay 2
- Solution to the failure of creating bitmap with multithreaded OpenGL
- Job for apache2.service failed apache2 cannot be started
- Using jgit to report errors: the solution of algorithm negotiation failure
- Solution to the problem of failure to elect leaders when offline service is reported in Nacos
- Solution to 800b0001 failure of Windows Update
- Solution to node sass installation failure
- Through sp_ Flash_ Solution to tool wire brush failure
- Solution to the failure of ROS noetic initialization (rosdep init)
- Solution to the failure of springboot integrated PageHelper
- Mac installation dart error curl: (35) libresssl SSL_ connect: SSL_ ERROR_ SYSCALL in connection to storage.googleapis.co