The blogger today plans to configure a multi-certificate Apache so that multiple domain names can be accessed via https://***. According to the online tutorial, just add multiple < VirtualHost *:443> You can do that. But restarting HTTPD always prompts:
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
Journalctl-xe examines with the command:
systemd: Unit httpd.service entered failed state. systemd: httpd.service failed. polkitd: Registered Authentication Agent for unix-process:7076:2357584 (system bus name :1.219 [/usr/bin/pkttyagent -.....
It’s hard to see what’s wrong (at this point the blogger doesn’t know that HTTPD has an error_log, face-covering)
After a long time, I finally opened /var/log/ HTTPD /error_log
AH02312: Fatal error initialising mod_ssl, exiting. SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0 AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) Permission denied: AH02201: Init: Can't open server certificate file
When the blogger saw this error message, he immediately understood that it was SELinux!! A lot of potholes on the SELinux before. So the first thing that comes to mind is that the SSL certificate file, the private key file, is not in the right context. Turning SELinux off directly would certainly solve the problem. But this is just a once-and-for-all approach that will cause more problems.
Three files are required to configure SSL:
Let’s say they’re all under /usr/local/apache/conf/
Displays the current context of each file
chcon -u system_u -r object_r -t cert_t 1_root_bundle.crt chcon -u system_u -r object_r -t cert_t 2_domain.com.crt chcon -u system_u -r object_r -t cert_t 3_domain.com.key
The context configuration is not unique. If this setting doesn’t work, try something else.
- Apache failed to start due to SSL library certificate has expired
- mac Upgrade: httpd: apr_sockaddr_info_get() failed for bogon
- Job for apache2.service failed apache2 cannot be started
- Tencent Cloud server encountered “Active: failed (Result: start-limit)” error when starting lightdm
- OpenLDAP main: TLS init def ctx failed: -1
- Failed to start Remote desktop service (VNC)
- MySQL error: InnoDB: operating system error number 13 in a file operation
- Was import certificate — error prompt: java.security.cert .CertPathValidatorException: Certificate chaining error
- WSS connection server error
- Error starting day: SELinux is not supported with the overlay 2
- ZABBIX server startup error resolution
- K8s configure HTTPS with existing certificate
- Failed to enable APR appears when the cmder of ubutun system in win subsystem installs Apache_ TCP_ DEFER_ ACCEPT
- Failed to load SELinux policy. Freezing due to modification of SELinux by centos7
- Apache2 cannot be started and an error is reported for apache2.service failed because the control process exited with error code.
- Install apache2.4 on windows to solve the problem of the requested operation has failed
- Failed to talk to init day
- mysql configuration supports SSL connection
- Nginx start error: job for nginx.service failed because the control process exited with error code
- Git prompt error setting certificate verify locations