【发布时间】:2020-05-25 17:34:02
【问题描述】:
AH02579: Init: Private key not found
我有
- ubuntu
- 根
-
www-数据
用户
我的root和ubuntu可以访问密钥文件nano /etc/letsencrypt/live/server.x.com/fullchain.pem
当我这样做时
sudo service apache2 restart
我的网站给了 521 和 acpache 日志显示
AH02564: Failed to configure encrypted (?) private key$
AH00016: Configuration Failed
[Mon May 25 17:19:12.374354 2020] [ssl:error] [pid 4962:tid 140701433358208] AH02579: Init: Private key not found
我已经完成了
sudo chmod 700 /etc/letsencrypt/live/server.x.com/
sudo chmod 400 /etc/letsencrypt/live/server.x.com/fullchain.pem
但是apache还是找不到key
更新
嘿,我认为这可以帮助回答
我确实有 2 个 pem 文件
当我转到以前的私钥并执行
ubuntu@ip-172:/etc/letsencrypt/live/app.x.com$ openssl rsa -in privkey.pem -noout -check
RSA key ok
如果我使用它,那么服务器运行良好
但是当我添加我的其他子域并为其创建证书时
ubuntu@ip-172:/etc/letsencrypt/live/server.x.com$ openssl rsa -in privkey.pem -noout -check
Error opening Private Key privkey.pem
140659156387480:error:0200100D:system library:fopen:Permission denied:bss_file.c:398:fopen('privkey.pem','r')
140659156387480:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load Private Key
当我在 .conf 文件中加载它时,apache2 给出错误
ubuntu@ip-172:/etc/letsencrypt/live/server.x.com$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
运行此命令后
Generating a 4096 bit RSA private key
...........................................................................................................................................................................................................................................................................++
..........++
unable to write 'random state'
writing new private key to 'key.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:X
Locality Name (eg, city) []:Phillaur
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:server
Common Name (e.g. server FQDN or YOUR name) []:rajanlagah
Email Address []:rajanlagah@gmail.com
还有
ls
cert.pem key.pem
还有
ubuntu@ip-172:/etc/letsencrypt/live/server.x.com$ openssl rsa -in cert.pem
unable to load Private Key
140670293214872:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY
【问题讨论】:
-
密钥文件的权限可能存在一些问题。只是预感。
-
@Asdfg 完全正确,但我已授予权限。我如何检查是否有一些待处理?
-
Fyi,apache 支持通过 mod_md 原生加密,它为你省去了很多麻烦httpd.apache.org/docs/current/en/mod/mod_md.html
-
@on8tom 谢谢你下次做的时候一定会看的....