标签:
apache服务不能启动一般有二种可能:
1.
启动apache时出现
[root@centos apache2]# /usr/local/apache2/bin/apachectl start
httpd: Could not reliably determine the server‘s fully qualified domain name, using 121.10.40.155 for ServerName
现在提供该问题的解决方法
1)进入apache配置文件的目录:(视个人安装情况而不同)
[root@centos /]# cd /etc/httpd //我安装时配置文件所在的目录为/etc/httpd
2)编辑httpd.conf文件,搜索"#ServerName",添加ServerName localhost:80
[root@centos httpd]# ls
conf.d extra httpd.conf magic mime.types original
[root@centos httpd]# vi httpd.conf
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn‘t have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
更改为:
ServerName localhost:80
3)再重新启动apache 即可。
[root@centos httpd]# /usr/local/apache2/bin/apachectl restart
OK,启动成功啦!
2.如果上面的方法还是不能解决,还是提示faild,那么请看下面的方法
查看日志:
root账号下查看httpd的日志, 例如 /etc/httpd/logs/nss_error_log .
[Mon Jun 15 18:11:47 2015] [error] Unable to verify certificate ‘Server-Cert‘. A
dd "NSSEnforceValidCerts off" to nss.conf so the server can start until the prob
lem can be resolved.
[Mon Jun 15 18:13:23 2015] [error] Certificate not verified: ‘Server-Cert‘
[Mon Jun 15 18:13:23 2015] [error] SSL Library Error: -8181 Certificate has expi
red
根据提示,是证书过期导致。
问题分析
1> 上述日志中已经提示,可加入NSSEnforceValidCerts off 禁止校验证书的参数来避免该问题。经确认,这是可行的。
查看证书的有效时间
[root@erp ~]# certutil -d /etc/httpd/alias -L -n Server-Cert
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=Certificate Shack,O=example.com,C=US"
Validity:
Not Before: Wed Jun 08 17:51:54 2011
Not After : Mon Jun 08 17:51:54 2015
看来证书的有效时间是4年
这是在安装mod_nss 包时生成的:
# rpm -q mod_nss --scripts
postinstall scriptlet (using /bin/sh):
umask 077
if [ "$1" -eq 1 ] ; then
if [ ! -e /etc/httpd/alias/key3.db ]; then
/usr/sbin/gencert /etc/httpd/alias > /etc/httpd/alias/install.log 2>&1
echo ""
echo "mod_nss certificate database generated."
echo ""
fi
fi
2> 由于这台机器部署的时间很早,证书在2012年12月1日到期了。但之前没有重启HTTPD服务,没发现问题。而在最近重启机器时,故障才显现出来。
解决问题
既然原因已知道,解决就很简单了,方法也很多:
1. 如果不需要用到mod_nss 模块的,那直接把/etc/httpd/conf.d/nss.conf 文件改名或删掉(此方法最方便)
2. 不验证证书过期时间的,那就在nss.conf 中加入NSSEnforceValidCerts off 配置即可;
3. 最佳的方式,是重新生成新的证书。如下。此方法不建议
(生成新证书前,务必先删除旧证书数据库文件)
# cd /etc/httpd/alias
# rm -f *.db
# /usr/sbin/gencert /etc/httpd/alias > /etc/httpd/alias/install.log 2>&1
# certutil -d /etc/httpd/alias -L -n Server-Cert
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=Certificate Shack,O=example.com,C=US"
Validity:
Not Before: Thu Feb 07 07:02:53 2013
Not After : Tue Feb 07 07:02:53 2017
标签:
原文地址:http://www.cnblogs.com/javapkw/p/4579855.html