Our server was upgraded yesterday so it now has a more updated Ubuntu, Apache 2.4.10, PHP etc. After I put everything back, Apache started complaining about my configuration. Show The server hosts a site which is using wildcards for dynamic content for different customers and contains 3 wildcard certificates for different services for these customers. A part of the config with a wildcard looks like this: <VirtualHost *:80> ServerName *.dashboard.example.com ServerAlias *.dashboard.example.com RewriteEngine On RewriteCond %{HTTP_HOST} ^(.+)\.dashboard.example\.com$ RewriteRule ^/(.*)$ https://%1.dashboard.example.com/$1 [R=302,L] </VirtualHost> <VirtualHost *:443> ServerAdmin ServerName *.dashboard.example.com ServerAlias *.dashboard.example.com DocumentRoot /var/www/dashboard.example.com/web <Directory /> AllowOverride All Options -Indexes +MultiViews +FollowSymLinks Order Deny,Allow Allow from all </Directory> ErrorLog /var/log/apache2/dashboard.example.com-error.log CustomLog /var/log/apache2/dashboard.example.com-access.log combined SSLEngine on SSLCertificateFile /etc/ssl/certs/bundle_wc_dashboard_example_com.crt SSLCertificateKeyFile /etc/ssl/certs/wildcard_dashboard_example_com.key </VirtualHost>Note that I'm using a bundle as a certificate file. Using separate files for the intermediate and root files results in an even worse result when using SSL checks. The GeoTrust certificate is then not recognised. My SSL certificate supplier explaind as of Apache 2.4, the certificates should be bundles. So this does not work for me: SSLCertificateFile /etc/ssl/certs/wildcard_dashboard_example_com.crt SSLCertificateKeyFile /etc/ssl/certs/wildcard_dashboard_example_com.key SSLCertificateChainFile /etc/ssl/certs/GeoTrust_Global_CA.crt SSLCertificateChainFile /etc/ssl/certs/RapidSSL_SHA256_CA_G3.crtThe above however, did work on Apache 2.2. When I try to start apache it complains about the ServerName value: [FAIL] Reloading web server: apache2 failed! [warn] The apache2 configtest failed. Not doing anything. ... (warning). Output of config test was: AH00526: Syntax error on line 42 of /etc/apache2/sites-enabled/3-production.conf: Invalid ServerName "*.dashboard.example.com" use ServerAlias to set multiple server names. Action 'configtest' failed. The Apache error log may have more information.So it seems the asterisk is not allowed. If I remove the asterisk, apache starts, but an error appears in the domain's error log:
From other sources I found the following command, which should be used to determine the CommonName which should be used as ServerName:
Which returns:
My browser does show a green lock, but SSL checks complain I'm missing an intermediate/chain certificate file (see screenshot). The same problem occurs on the same server for 2 other wildcard domains and 1 normal subdomain which isn't a wildcard. Even there apache claims server certificate does NOT include an ID which matches the server name. The site is using wildcards for dynamic content for different customers and contains 3 wildcard certificates for different services for these customers. Any idea on how I can fix this? Anything else I can do to check what's wrong?  Update May 18 2016 I fixed this at the start of April. It appeared that the company who provided the SSL certificates gave us an old root certificate. They mailed me a zip containing both a bundled certificate and and separate certificate files. I tried installing these multiple times. Then I compared the contents of all the files manually with other sites that did work. I noticed a difference and re-downloaded the certificates manually from their site. The GeoTrust certificate was different. After installing it everything worked like a charm. My boss told me he would contact them about this, but unfortunately this never happened. Happy it's working now anyway. ◾ Sectigo PositiveSSL ▷ 22% 가격 할인 프로모션 진행중. 자세히보기 Apache 에 SSL 인증서 설정 후, 웹서버 재시작시 아래와 같은 에러가 발생한다면 가장 주요 원인은, SSL 설정에서 개인키/서버인증서 각 파일 타입 설정에 맞지 않은 잘못된 타입 파일을 지정하는 경우입니다. RSA certificate configured for xxxx.com:443 does NOT include an ID which matches the server name 원인 예) SSLCertificateKeyFile /인증서파일경로/개인키 ex. domain_xxxxx.key.pem 위와 같은 정상 설정에서, SSLCertificateKeyFile 에 서버인증서를 지정하거나 또는 SSLCertificateFile 에 루트/체인을 지정하는 등입니다. Apache 각 항목에 맞게 파일을 정확하게 지정해야 합니다. (에러 메시지 발생의 가장 흔한 원인) 위 설정값은 그대로 둔채, 실제 경로에 위치한 서버인증서 파일을 완전 삭제 했는데도, 동일한 오류 메시지가 계속 발생한다면, 위 설정은 서버에서 작동되지 않는 설정값입니다. (다른 경로의 설정이 작동하는 중) 어디에 있는 설정값이 실제로 계속 작동중인지 확인하는 방법은 따로 있지 않습니다. SSL 인증서가 설정되는 전체를 대상으로, 설정값을 하나씩 변경해 가면서 차이점 일일히 비교하여 찾아내야 합니다. 인증서 설정시 필요한 각 항목의 파일명 정보는, 발급 완료시 zip 파일내에 '발급내역서 PDF' 파일에 각 첨부 파일의 파일 타입 설명이 되어 있으므로, 설정 작업 전 필히 PDF 내용을 필히 확인해 주셔야 합니다. 참고) Apache SSL 인증서
설치/적용 가이드 Does not include an ID which matches the server name?This happen due to server name on certificate does not matches with the server name defined in the webserver configuration. To resolve this you can change the server name to localhost in your webserver configuration.
How do I fix attempting to start Apache?22 Answers. Find out the Apache version you are using, you can find this by looking in Services (Control panel, Admin Tools, Services) and finding Apache in my case it was listed as Apache2.4.. Close XAMPP.. Run cmd as admin.. execute 'sc delete "Apache2. ... . execute 'sc delete "mySQL"', again remove the '' when you type it.. How do I fix Apache shutdown unexpectedly?How to resolve the “XAMPP Error Apache Shutdown Unexpectedly” message (in 3 steps). Step 1: Launch the XAMPP Apache configuration settings. First, go ahead and launch the XAMPP dashboard. ... . Step 2: Change your default port settings in httpd. conf. ... . Step 3: Update your default port settings in http-ssl. conf.. Why Apache is not running in xampp?The most common cause for the XAMPP Apache server not starting issue is because the default port no 80 may already be in use by another program like Skype, Teamviewer etc. For example, in my previous blog post with the solution for XAMPP and Windows User Account Control warning message issue, Mr.
|
How do you fix www example com 443 0 server certificate does not include an ID which matches the server name?
zusammenhängende Posts
Urheberrechte © © 2024 paraquee Inc.
